Abstract
With the rapid popularization of cloud computing, mobile devices and high speed Internet, recent security incidents have become more complicated which imposes a great burden on network administrators. In this paper we propose an integration and simplification method of log strings obtained by many kinds of computer devices: memory, socket and file. Besides, we apply reasoning strategy for term rewriting called as Knuth-Bendix completion algorithm for ensuring termination and confluent. Knuth Bendix completion includes some inference rules such as lrpo (the lexicographic recursive path ordering) and dynamic demodulation. As a result, we can achieve the reduction of generated clauses which result in faster integration of log strings. In experiment, we present the effectiveness of proposed method by showing the result of exploitation of vulnerability and malware’s behavior log.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wos, L.: The Problem of Self-Analytically Choosing the Weights. J. Autom. Reasoning 4(4), 463–464 (1988)
Wos, L., Robinson, G.A., Carson, D.F., Shalla, L.: The Concept of Demodulation in Theorem Proving. Journal of Automated Reasoning (1967)
Wos, L., Robinson, G.A., Carsonmh, D.F.: Efficiency Completeness of the Set of Support Strategy in Theorem Provingh. Journal of Automated Reasoning (1965)
Wos, L.: The Problem of Explaining the Disparate Performance of Hyperresolution and Paramodulation. J. Autom. Reasoning 4(2), 215–217 (1988)
Wos, L.: The Problem of Choosing the Type of Subsumption to Use. J. Autom. Reasoning 7(3), 435–438 (1991)
Knuth, D., Bendix, P.: Simple word problems in universal algebras. In: Leech, J. (ed.) Computational Problems in Abstract Algebra, pp. 263–297 (1970)
Microsoft Security Advisory, http://www.microsoft.com/technet/security/advisory/979352.mspx
Operation Aurora Hit Google, Others. McAfee, Inc. (January 14, 2010)
CVE-1999-0256, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0256
Miyachi, T., Basuki, A., Mikawa, S., Miwa, S., Chinen, K.-i., Shinoda, Y.: Educational Environment on StarBED —Case Study of SOI. In: Asia 2008 Spring Global E-Workshop–, Asian Internet Engineering Conference (AINTEC) 2008, Bangkok, Thailand, pp. 27–36. ACM (November 2008) ISBN: 978-1-60558-127-9
Ando, R.: Automated Log Analysis of Infected Windows OS Using Mechanized Reasoning. In: 16th International Conference on Neural Information Processing ICONIP 2009, Bangkok, Thailand, December 1-5 (2009)
Schneider, S., Beschastnikh, I., Chernyak, S., Ernst, M.D., Brun, Y.: Synoptic: Summarizing system logs with refinement. Appeared at the Workshop on Managing Systems via Log Analysis and Machine Learning Techniques, SLAML (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ando, R., Miwa, S. (2011). Faster Log Analysis and Integration of Security Incidents Using Knuth-Bendix Completion. In: Lu, BL., Zhang, L., Kwok, J. (eds) Neural Information Processing. ICONIP 2011. Lecture Notes in Computer Science, vol 7063. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24958-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-24958-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24957-0
Online ISBN: 978-3-642-24958-7
eBook Packages: Computer ScienceComputer Science (R0)