Causal Connections Mining Within Security Event Logs

Khan, Saad; Parkinson, Simon

doi:10.1145/3148011.3154476

Cited by 8 publications

(3 citation statements)

References 16 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To determine adjacency score between two events, this technique applies 2‐skip bi‐gram model. A similar approach is proposed by Khan et al 26 . At first, this approach detects causally related event pairs in a time series dataset of system event logs by applying association rule mining technique.…”

Section: Related Workmentioning

confidence: 99%

A deep learning model for mining and detecting causally related events in tweets

Kayesh

Islam

Wang

et al. 2020

Concurrency and Computation

View full text Add to dashboard Cite

Nowadays, public gatherings and social events are an integral part of a modern city life. To run such events seamlessly, it requires real time mining and monitoring of causally related events so that the management can make informed decisions and take appropriate actions. The automatic detection of event causality from short text such as tweets could be useful for event management in this context. However, detecting event causality from tweets is a challenging task. Tweets are short, unstructured, and often written in highly informal language which lacks enough contextual information to detect causality. The existing approaches apply different techniques including hand‐crafted linguistic rules and machine learning models. However, none of the approaches tackle the issue related to the lack of contextual information. In this paper, we detect event causality in tweets by applying a context word extension technique and a deep causal event detection model. The context word extension technique is driven by background knowledge extracted from one million news articles. Our model achieves 79.35% recall and 67.28% f1‐score, which are 17.39% and 2.33% improvements to the state‐of‐the‐art approach.

show abstract

Section: Related Workmentioning

confidence: 99%

A deep learning model for mining and detecting causally related events in tweets

Kayesh

Islam

Wang

et al. 2020

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…The adjacency is determined by applying 2-skip bigram model where two events occurring with two or less events are considered adjacent. A similar approach is used in [16] to identify causal relationship between time series events extracted from computer event logs. The events have unique IDs and they may appear multiple times in the database.…”

Section: Related Workmentioning

confidence: 99%

On Event Causality Detection in Tweets

Kayesh¹,

Islam²,

Wang³

2019

Preprint

View full text Add to dashboard Cite

Nowadays, Twitter has become a great source of user-generated information about events. Very often people report causal relationships between events in their tweets. Automatic detection of causality information in these events might play an important role in predictive event analytics. Existing approaches include both rule-based and data-driven supervised methods. However, it is challenging to correctly identify event causality using only linguistic rules due to the highly unstructured nature and grammatical incorrectness of social media short text such as tweets. Also, it is difficult to develop a data-driven supervised method for event causality detection in tweets due to insufficient contextual information. This paper proposes a novel event context word extension technique based on background knowledge. To demonstrate the effectiveness of our proposed event context word extension technique, we develop a feedforward neural network based approach to detect event causality from tweets. Extensive experiments demonstrate the superiority of our approach.

show abstract

“…Another challenge exists for users with less experience and expertise as access to expertise becomes expensive through the use of consultancy services and automation software. In some instance the event log might store information critical to the security and usability of an individual's computer, but without in-depth knowledge and expertise the user is unable to identify and interpret this information [1].…”

Section: Introductionmentioning

confidence: 99%

Identifying irregularities in security event logs through an object-based Chi-squared test of independence

Parkinson

Khan

2018

Journal of Information Security and Applications

Self Cite

View full text Add to dashboard Cite

A novel technique for identifying irregular event log entries is presented in this paper along with the implementation in a Microsoft Windows-based environment. The motivation behind this research is to identify irregular activity in a system whilst minimising any requirement on expert knowledge, in addition to saving investigative time and computing resources. As the developed solution utilises the standard Microsoft format for event logs, it can work with both live systems, as well as events extracted and stored for off-site analysis. The solution consists of two major steps: first, convert the event logs into objects-based model and second, perform statistical analysis using the Chi-squared (χ 2 ) test of independence and classify mean χ 2 values into discrete categories using Jenks natural breaks method. The event logs entries, which failed the test of dependence are considered as irregular events. It is also shown that the proposed solution poses an advantage over primitive frequency analysis methods as it uses object relationships among event log entries to determine irregularities for locating anomalous activities. Empirical analysis of the solution is performed using event logs data from 20 machines and shows promising results by correctly identifying irregular events. Further experimental analysis involving the insertion of synthetic irregular events results in an average accuracy of 85%.

show abstract

Causal Connections Mining Within Security Event Logs

Cited by 8 publications

References 16 publications

A deep learning model for mining and detecting causally related events in tweets

A deep learning model for mining and detecting causally related events in tweets

On Event Causality Detection in Tweets

Identifying irregularities in security event logs through an object-based Chi-squared test of independence

Contact Info

Product

Resources

About