FLUKES: Autonomous log forensics, intelligence and visualization tool
Source of Publication
ACM International Conference Proceeding Series
© 2017 Association for Computing Machinery. The number of structured and unstructured logs datasets is increasing, and the complexity of analyzing threats from log files poses a challenge to the research community. We propose intelligent technique to visualize and extract threats from logs files using D3.js modules with standard RegEx API, called "FLUKES". In this paper we investigate the text-based ASCII format FTP, Snort, Apache and IIS server logs. When a content of a file type .json, .csv, .log, and .txt format is loaded into FLUKES, a representative summary is executed with least signi?cant a?ack traces. FLUKES will formalize and generate a new signature pa?ern that eases the process of detection and analysis of threat anomalies in log files. Forensic investigators can then determine a set of certain fields relevant to the a?ack according to the corresponding target. We present an example investigation comparison based on FTP and Apache server logs collected and managed using Snort. The ultimate contribution is to forensically determine the summary of authentication (failed and successful) a?empts to secure systems and traces found without altering the log evidence.
Aldwairi, Monther and Alsaadi, Hesham H., "FLUKES: Autonomous log forensics, intelligence and visualization tool" (2017). Scopus Indexed Articles. 1305.