FLUKES: Autonomous log forensics, intelligence and visualization tool

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

7-19-2017

Abstract

© 2017 Association for Computing Machinery. The number of structured and unstructured logs datasets is increasing, and the complexity of analyzing threats from log files poses a challenge to the research community. We propose intelligent technique to visualize and extract threats from logs files using D3.js modules with standard RegEx API, called "FLUKES". In this paper we investigate the text-based ASCII format FTP, Snort, Apache and IIS server logs. When a content of a file type .json, .csv, .log, and .txt format is loaded into FLUKES, a representative summary is executed with least signi?cant a?ack traces. FLUKES will formalize and generate a new signature pa?ern that eases the process of detection and analysis of threat anomalies in log files. Forensic investigators can then determine a set of certain fields relevant to the a?ack according to the corresponding target. We present an example investigation comparison based on FTP and Apache server logs collected and managed using Snort. The ultimate contribution is to forensically determine the summary of authentication (failed and successful) a?empts to secure systems and traces found without altering the log evidence.

ISBN

9781450348447

Publisher

Association for Computing Machinery

Volume

Part F130522

First Page

33

Disciplines

Computer Sciences

Keywords

D3, Intrusion detection, Intrusion prevention, Log forensics, Visualization

Scopus ID

85030450515

Indexed in Scopus

yes

Open Access

no

Link to Full Text

Share

COinS