Detect and correlate information system events through verbose logging messages analysis

摘要

Detecting and tracking events from logging data is a critical element for security and system administrators and thus attracts more and more research efforts. However, there exists a major limitation in current processes of Event Logging analysis, related to the verbosity and language-dependence of messages produced by many logging systems. In this paper, a novel methodology was proposed to tackle this limitation by analysing event messages through a Natural Language Processing task in order to annotate them with semantic metadata. These metadata are further used to enable semantic searches or domain ontology population that help administrator to filter only relevant event and to correlate them for a prompt and efficient response and incident analysis.