Pattern and Policy Driven Log Analysis for Software Monitoring

July 28-August 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.81

2008 32nd Annual IEEE International C ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ali Razavi Articles by Kostas Kontogiannis

	ASCII Text	x
	Ali Razavi, Kostas Kontogiannis, "Pattern and Policy Driven Log Analysis for Software Monitoring," Computer Software and Applications Conference, Annual International, pp. 108-111, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008.

	BibTex	x
	@article{ 10.1109/COMPSAC.2008.81, author = {Ali Razavi and Kostas Kontogiannis}, title = {Pattern and Policy Driven Log Analysis for Software Monitoring}, journal ={Computer Software and Applications Conference, Annual International}, volume = {0}, year = {2008}, issn = {0730-3157}, pages = {108-111}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.81}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - Pattern and Policy Driven Log Analysis for Software Monitoring SN - 0730-3157 SP108 EP111 A1 - Ali Razavi, A1 - Kostas Kontogiannis, PY - 2008 KW - Software Monitoring KW - Software Auditing KW - Trace Analysis VL - 0 JA - Computer Software and Applications Conference, Annual International ER -

Ali Razavi

Kostas Kontogiannis

The component-based nature of large industrial software systems that consist of a number of diverse collaborating applications, pose significant challenges with respect to system maintenance, monitoring, auditing, and diagnosing. In this context, a monitoring and diagnostic system interprets log data to recognize patterns of significant events that conform to specific Threat Models. Threat Models have been used by the software industry for analyzing and documenting a system’s risks in order to understand a system’s threat profile. In this paper, we propose a framework whereby patterns of significant events are represented as expressions of a specialized monitoring language that are used to annotate specific threat models. An approximate matching technique that is based on the Viterbi algorithm is then used to identify whether system generated events, fit the given patterns. The technique has been applied and evaluated considering threat models and monitoring policies in logs that have been obtained from multi-user MS-Windows based systems.

Index Terms:

Software Monitoring, Software Auditing, Trace Analysis

Citation:

Ali Razavi, Kostas Kontogiannis, "Pattern and Policy Driven Log Analysis for Software Monitoring," compsac, pp.108-111, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.