While we're on the subject of anomaly detection, I recently finished a paper on using term weights to flag log messages as anomalies. It's not earth-shattering, and the approach is simplistic, but I've posted the pdf online. The main goal was to see how well a very simple term weight approach works. The experiment doesn't consider some of the more complex (and realistic) metrics, such as time sequencing or event correlation. And the audience was somewhat broader than the log analysis specialists on the list. :) Applying Term Weight Techniques to Event Log Analysis for Intrusion Detection. http://www.ibiblio.org/john/pubs/johnreuning_sils_unc.pdf Thanks to Stefano among others for providing research cited in the paper! -John R. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 13:00:23 PDT