Skip to Main content Skip to Navigation
Conference papers

Log File Analysis with Context-Free Grammars

Abstract : Classical intrusion analysis of network log files uses statistical machine learning or regular expressions. Where statistically machine learning methods are not analytically exact, methods based on regular expressions do not reach up very far in Chomsky’s hierarchy of languages. This paper focuses on parsing traces of network traffic using context-free grammars. “Green grammars” are used to describe acceptable log files while “red grammars” are used to represent known intrusion patterns. This technique can complement or augment existing approaches by providing additional precision. Analytically, the technique is also more powerful than existing techniques that use regular expressions.
Document type :
Conference papers
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-01460602
Contributor : Hal Ifip <>
Submitted on : Tuesday, February 7, 2017 - 5:25:41 PM
Last modification on : Sunday, November 22, 2020 - 12:52:02 PM
Long-term archiving on: : Monday, May 8, 2017 - 2:58:10 PM

File

978-3-642-41148-9_10_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Gregory Bosman, Stefan Gruner. Log File Analysis with Context-Free Grammars. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.145-152, ⟨10.1007/978-3-642-41148-9_10⟩. ⟨hal-01460602⟩

Share

Metrics

Record views

222

Files downloads

520