Skip to main content
SpringerLink
Log in

A semantic-aware log generation method for network activities

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Context-aware network logging is becoming more prevalent for enterprise networks, data centers, and forensics. Monitoring agents are strategically placed to generate log files from the activity of interests from various network points. In a distributed architecture, these agents are scattered across multiple nodes, and they have limited network visibility. Consequently, the resulting logs become fragmented and less perceptible without a unified network context. Besides, aggregating useful information from a diverse management protocol with various languages, syntax styles, and notations requires complex semantic understanding to synthesize these log files. Currently, general-purpose logs like SNMP's logs only provide parametric values at connection levels but lacks incident-specific information. Meanwhile, proprietary services like AWS CloudTrail identify more contexts at the incident-level, but they only work on selected products and infrastructure. This paper proposed a platform-agnostic log decoding and generation algorithm (SAG) for network logging that is semantic aware using context aggregation. Firstly, a protocol-agnostic controller acts as a master to collect logs from agents running in routers, firewall, IDS/IPS, load balancers, managed switches, and servers. From these logs, three traffic models, namely (1) service-activity model (SaM), (2) general-activity model (GaM), and (3) device-activity model (DaM), are trained using artificial neural network (ANN). The log generator then uses the context-filling technique to resolve and construct log entries using a generic sentence template while inferring from these machine-learning models. A sentence smoothing technique is designed to restructure entities in the logs based on traffic directionality for semantic correctness. The experimental result shows that SAG's logs have 1.8 times more contexts resolved for improved log's perceptibility.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Reference

  1. Jia, Z., Shen, C., Yi, X., Chen, Y., Yu, T. and Guan, X. "Big-data analysis of multi-source logs for anomaly detection on network-based system." in 13th IEEE Conference on Automation Science and Engineering (CASE), Xi'an, China, 2017.

  2. Shi, S., Shen, X., Zhao J. and Ma, X. "Research on system logs collection and analysis model of the network and information security system by using multi-agent technology." in Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on, 2012.

  3. Ikebe, M. and Yoshida, K. "An integrated distributed log management system with metadata for network operation." in Seventh International Conference on Complex, Intelligent, and Software Intensive Systems, 2013.

  4. Shafiq, O. and Alhajj, R.R.J.G. "Handling incomplete data using semantic logging based social network analysis hexagon for effective application monitoring and management." in IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), 2014.

  5. HatRed, N.: automation for everyone: Modernize your network with Red Hat Ansible Network Automation. Red Hat Inc, United States (2018)

    Google Scholar 

  6. ExtraHop, Better together: An executive’s guide to integrating SecOps and NetOps, ExtraHop networks, Inc, 2019.

  7. Yang, Y., Huang C. and Qin, Z. "A network misuse detection mechanism based on traffic log." in International Conference on Networks Security, Wireless Communications and Trusted Computing, 2009.

  8. AWS, "CloudTrail concepts," Amazon Web Services, Inc., 2021. [Online]. Available: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html. [Accessed 2021 January 14].

  9. Quittek, J. "Artificial intelligence in network operations and management," NEC Corporation, Europe, 2018.

  10. Yan, D., Feng, .R., Huang, J. and Yang, F. "Host scurity event track for complex network, enviranments based on the analysis of log." in Proceedings of IEEE CCIS2012, 2012.

  11. Wei, J. Zhao, Y., Jiang, K., Xie, R. and Jin, Y. "Analysis farm: A cloud-based scalable aggregation and query platform for network log analysis," in International Conference on Cloud and Service Computing, 2011.

  12. Guo-Feng. R. and Zhu-Mei, T. "Application of self-organizing competitive network in lithologic identification of the logging data." in International Conference on Computing, Measurement, Control and Sensor Network, 2012.

  13. Wu, J., Lv, R., Liu, Y-H. and Cao, G.X. "A method of network traffic analysis based on multiple-combination model." in Fifth International Joint Conference on INC, IMS and IDC, 2009.

  14. Kimura, T., Ishibashi. K., Mori, T. and Sawada, H., Toyono, T. "Spatio-temporal factorization of log data for understanding network events." in IEEE Conference on Computer Communications (IEEE INFOCOM 2014), 2014.

  15. Zhu, H., Chen, E., Yu, K. H. Cao, H. Xiong and J. Tian, "Mining personal context-aware preferences for mobile users." in IEEE 12th International Conference on Data Mining, 2012.

  16. Zhang, D.Y., Hu, M.Z., Zhang, H.L. and Kang, T.B. "A network traffic model based on measurement." in Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 2005.

  17. Tavassoli, S. and Zweig, K.A. "Analyzing the activity of a person in a chat by combining network analysis and fuzzy logic," in IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, 2015.

  18. CISCO, "Cisco DNA Center Solution Overview," Cisco Systems, Inc., 5 January 2021. [Online]. Available: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-so-cte-en.html. [Accessed 14 January 2021].

  19. Veiga, A.P. "Applications of artificial intelligence to network security," in ArXiv, United States Join institution, 2018.

  20. Sun, Z., Sheng, H., Wei, M., Yang, J., Zhang, H. and Wang, L. "Application of web log mining in local area network security." in International Conference on Electronic & Mechanical Engineering and Information Technology, 2011.

  21. Sato, T., Himura, Y. and Yasuda, Y. "Evidence-based context-aware log data management for integrated monitoring system." in IEICE Transactions on Communications, 2019.

  22. Ma, H., Wu, Y., Ma, Y., and Wang, Z. "Optimization scheme of CGN logs." in Proceedings of IEEE CCIS2012, 2012.

  23. Kimura, T., Watanabe, A., Toyono, T. and Ishibashi, K. "Proactive failure detection learning generation patterns of large-scale network logs." in 11th International Conference on Network and Service Management (CNSM), 2015.

Download references

Acknowledgment

This journal is a collaborative effort of researchers in UTAR CIoTBD A.I. research team working specifically in networking domain. The journal is not funded by any grants or institutions.

Author information

Authors and Affiliations

  1. Faculty of Information Communication and Technology, Universiti Tunku Abdul Rahman, Jalan Universiti, Bandar Barat, Kampar, Perak, Malaysia

    Aun Yichiet, Yen-Min Jasmina Khaw, Ming-Lee Gan & Vasaki Ponnusamy

Authors
  1. Aun Yichiet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yen-Min Jasmina Khaw
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ming-Lee Gan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vasaki Ponnusamy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aun Yichiet.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yichiet, A., Khaw, YM.J., Gan, ML. et al. A semantic-aware log generation method for network activities. Int. J. Inf. Secur. 21, 161–177 (2022). https://doi.org/10.1007/s10207-021-00547-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00547-6

Keywords

Search

Navigation