Skip to Main content Skip to Navigation
Conference papers

Log File Analysis with Context-Free Grammars

Abstract : Classical intrusion analysis of network log files uses statistical machine learning or regular expressions. Where statistically machine learning methods are not analytically exact, methods based on regular expressions do not reach up very far in Chomsky’s hierarchy of languages. This paper focuses on parsing traces of network traffic using context-free grammars. “Green grammars” are used to describe acceptable log files while “red grammars” are used to represent known intrusion patterns. This technique can complement or augment existing approaches by providing additional precision. Analytically, the technique is also more powerful than existing techniques that use regular expressions.
Document type :
Conference papers
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, February 7, 2017 - 5:25:41 PM
Last modification on : Sunday, November 22, 2020 - 12:52:02 PM
Long-term archiving on: : Monday, May 8, 2017 - 2:58:10 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Gregory Bosman, Stefan Gruner. Log File Analysis with Context-Free Grammars. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.145-152, ⟨10.1007/978-3-642-41148-9_10⟩. ⟨hal-01460602⟩



Record views


Files downloads