Title :
A next generation entropy based framework for alert detection in system logs
Author :
Makanju, Adetokunbo ; Zincir-Heywood, A. Nur ; Milios, Evangelos E.
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
Recent research efforts have highlighted the capability of entropy based approaches in the automatic discovery of alerts in system logs. In this work, we extend this research to present the evaluations of three entropy based approaches on new datasets not utilized in previous papers. We also extend the approach with the introduction of a Cluster Membership Anomaly score. This extension of the approach is intended to reduce the false positive rates required to detect all alerts. Previous work has shown that false positive rates required for the detection of all alerts for an entropy based approach could be very high. The results show that the Cluster Membership Anomaly score has value for the reduction of false positive rates.
Keywords :
entropy; pattern clustering; system monitoring; system recovery; alert detection; cluster membership anomaly score; false positive rate reduction; next generation entropy; system logs; Lead; Silicon compounds; Tin; Algorithms; Modeling and Assessment; Networked Systems; System Management;
Conference_Titel :
Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on
Conference_Location :
Dublin
Print_ISBN :
978-1-4244-9219-0
Electronic_ISBN :
978-1-4244-9220-6
DOI :
10.1109/INM.2011.5990587
