Abstract
Classical intrusion analysis of network log files uses statistical machine learning or regular expressions. Where statistically machine learning methods are not analytically exact, methods based on regular expressions do not reach up very far in Chomsky’s hierarchy of languages. This paper focuses on parsing traces of network traffic using context-free grammars. “Green grammars” are used to describe acceptable log files while “red grammars” are used to represent known intrusion patterns. This technique can complement or augment existing approaches by providing additional precision. Analytically, the technique is also more powerful than existing techniques that use regular expressions.
Chapter PDF
Similar content being viewed by others
References
S. Axelsson, Intrusion Detection Systems: A Survey and Taxonomy, Technical Report, Department of Computer Science, Chalmers University, Goteborg, Sweden, 2000.
S. Gruner and B. Watson, Model-based passive testing of safety-critical components, in Model-Based Testing for Embedded Systems, J. Zander, I. Schieferdecker and P. Mosterman (Eds.), CRC Press, Boca Raton, Florida, pp. 453–483, 2011.
R. Harang and P. Guarino, Clustering of Snort alerts to identify patterns and reduce analyst workload, Proceedings of the 2012 Military Communications Conference, 2012.
T. Lunt, A survey of intrusion detection techniques, Computers and Security, vol. 12(4), pp. 405–418, 1993.
A. Memon, Log File Categorization and Anomaly Analysis Using Grammar Inference, M.S. Thesis, School of Computing, Queen’s University, Kingston, Canada, 2008.
P. Ning and S. Jajodia, Intrusion detection techniques, in The Internet Encyclopedia, Volume 2, H. Bidogli (Ed.), Wiley, Hoboken, New Jersey, pp. 355–367, 2004.
M. Olivier and E. Gudes, Wrappers: A mechanism to support state-based authorization in web applications, Data and Knowledge Engineering, vol. 43(3), pp. 281–292, 2002.
T. Parr, The Definitive ANTLR Reference: Building Domain-Specific Languages, Pragmatic Bookshelf, Raleigh, North Carolina, 2007.
A. Valdez and K. Skinner, Probabilistic alert correlation, Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection, pp. 54–68, 2001.
S. Zhang, T. Dean and S. Knight, A lightweight approach to state-based security testing, Proceedings of the Conference of the Center for Advanced Studies on Collaborative Research, article no. 28, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bosman, G., Gruner, S. (2013). Log File Analysis with Context-Free Grammars. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics IX. DigitalForensics 2013. IFIP Advances in Information and Communication Technology, vol 410. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41148-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-41148-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41147-2
Online ISBN: 978-3-642-41148-9
eBook Packages: Computer ScienceComputer Science (R0)