John Reuning wrote: >While we're on the subject of anomaly detection, I recently finished a >paper on using term weights to flag log messages as anomalies. It's not >earth-shattering, and the approach is simplistic, but I've posted the >pdf online. Speaking of, I thought I'd mention a similar bit of research/disgusting hackery I did a few months ago. I hooked up a bayesian spam filter (specifically bogofilter) into a whitelist/blacklist sorter called logbayes. You can get it on http://www.ranum.com/security/computer_security/code There are lots of caveats. It needs bogofilter, bsd-db, and it is slow and ugly. But it appears to be fairly functional. PDFs of how it works are in the distribution. mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 14:48:01 PDT