Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Automatic event log abstraction to support forensic investigation

Tools

Studiawan, H., Sohel, F. and Payne, C. (2020) Automatic event log abstraction to support forensic investigation. In: ACSW '20: Australasian Computer Science Week 2020, 3 - 7 February 2020, Swinburne University of Technology, Melbourne

[img]
Preview
PDF - Published Version
Download (728kB) | Preview
Free to read: https://doi.org/10.1145/3373017.3373018
*No subscription required

Abstract

Abstraction of event logs is the creation of a template that contains the most common words representing all members in a group of event log entries. Abstraction helps the forensic investigators to obtain an overall view of the main events in a log file. Existing log abstraction methods require user input parameters. This manual input is time consuming due to the need to identify the best parameters, especially when a log file is large. We propose an automatic method to facilitate event log abstraction avoiding the need for the user to manually identify suitable parameters. We model event logs as a graph and propose a new graph clustering approach to group log entries. The abstraction is then extracted from each cluster. Experimental results show that the proposed method achieves superior performance compared to existing approaches with an F-measure of 95.35%.

Item Type: Conference Paper
Murdoch Affiliation(s): Information Technology, Mathematics and Statistics
URI: http://researchrepository.murdoch.edu.au/id/eprint/55008
Item Control Page Item Control Page

Downloads

Downloads per month over past year