Spray: Streaming Log Parser for Real-Time Analysis-Reference-Cited by-同舟云学术

Spray: Streaming Log Parser for Real-Time Analysis

Published:2022-09-06 Issue: Volume:2022 Page:1-11
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Zou Feng¹^ORCID,Chen Xingshu²^ORCID,Luo Yonggang²^ORCID,Huang Tiemai³,Liao Zhihong³,Song Keer³

Affiliation:

1. Institute of Computer Application, China Academy of Engineering Physics, Mianyang 621000, Sichuan, China

2. School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, Sichuan, China

3. China Mobile (Chengdu) Information & Telecommunication Technology Co., Ltd., Chengdu 610065, Sichuan, China

Abstract

Logs is an important source of data in the field of security analysis. Log messages characterized by unstructured text, however, pose extreme challenges to security analysis. To this end, the first issue to be addressed is how to efficiently parse logs into structured data in real-time. The existing log parsers mostly parse raw log files by batch processing and are not applicable to real-time security analysis. It is also difficult to parse large historical log sets with such parsers. Some streaming log parsers also have some demerits in accuracy and parsing performance. To realize automatic, accurate, and efficient real-time log parsing, we propose Spray, a streaming log parser for real-time analysis. Spray can automatically identify the template of a real-time incoming log and accurately match the log and its template for parsing based on the law of contrapositive. We also improve Spray’s parsing performance based on key partitioning and search tree strategies. We conducted extensive experiments from such aspects as accuracy and performance. Experimental results show that Spray is much more accurate in parsing a variety of public log sets and has higher performance for parsing large log sets.

Funder

Defense Industrial Technology Development Program

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2022/1559270.pdf

Reference28 articles.

1. Towards process mining utilization in insider threat detection from audit logs;M. Macak

2. Topase: Detection of brute force attacks used disciplined IPs from IDS log;S. Honda

3. Execution Anomaly Detection in Distributed Systems through Unstructured Log Analysis;Q. Fu

4. Experience Report: Log Mining Using Natural Language Processing and Application to Anomaly Detection;C. Bertero

5. Prediction of web user behavior by discovering temporal relational rules from web log data;X. Yu

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A literature review and existing challenges on software logging practices;Empirical Software Engineering;2024-06-18

2. Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection Methods;IEEE Access;2024