Discovering actionable patterns in event data

Hellerstein, Joseph L.; Ma, Sheng; Perng, Chang-Shing

doi:10.1147/sj.413.0475

Cited by 82 publications

(51 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several researches explore pattern mining of various logs for security purposes (e.g., alarm logs in [15,20], system calls in [16], event logs in [13]). These authors use pattern mining on burst of alarms to build episode rules.…”

Section: Related Workmentioning

confidence: 99%

A log mining approach for process monitoring in SCADA

Hadžiosmanović

Bolzoni

Hartel

2012

Int. J. Inf. Secur.

View full text Add to dashboard Cite

SCADA (supervisory control and data acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.

show abstract

Section: Related Workmentioning

confidence: 99%

A log mining approach for process monitoring in SCADA

Hadžiosmanović

Bolzoni

Hartel

2012

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…The correlation engines use installed rules to filter incoming events, which are logged (Event Log) and displayed on the event console. By event mining [2,3] or operator intervention, patterns of events that need to be filtered or in sum indicate a situation are selected. In the rule wizard and the rule…”

Section: Fig 1 Tools For Automated Correlation Rule Generationmentioning

confidence: 99%

Simplifying Correlation Rule Creation for Effective Systems Monitoring

Araujo¹,

Biazetti²,

Bussani

et al. 2004

Utility Computing

View full text Add to dashboard Cite

Abstract. Event correlation is a necessary component of systems management but is perceived as a difficult function to set up and maintain. We report on our work to develop a set of tools and techniques to simplify event correlation and thereby reduce overall operating costs. The tools prototyped are described and our current plans for future tool development outlined.Event correlation is a key component of systems management. Events from multiple resources, e.g., network elements, servers, applications, are collected and analyzed to detect problems such as component failures, security breeches and failed business processes. Management solutions require correlation for filtering and analyzing massive numbers of events, for example by removing duplicate events, or for detecting event sequences that signal a significant occurrence in the managed systems. Relevant event patterns need to be identified and formulated as rules, and mechanisms provided to map observed events into the defined patterns. Many systems allow correlation of events where the patterns are expressed as rules [1]. The difficulty lies in identifying the different and relevant patterns of events, as patterns change and new ones are introduced. Our goal is to develop tools to help operators and systems management architects to identify event patterns, to create rules to implement the patterns, test their validity, and to monitor and manage the rules during their lifecycle. Fig. 1. Tools for automated correlation rule generationThe tool collection is shown in Figure 1. The correlation engines use installed rules to filter incoming events, which are logged (Event Log) and displayed on the event console. By event mining [2,3] or operator intervention, patterns of events that need to be filtered or in sum indicate a situation are selected. In the rule wizard and the rule

show abstract

“…Automatic learning of rules has been studied earlier by Hellerstein et al [1]. They discover patterns using association rule mining based techniques [14].…”

Section: Introductionmentioning

confidence: 99%

“…Unlike earlier approaches [1], we can learn the problem signature for a fault with a very small number of fault instances. Our method also adaptively updates problem signatures as new information becomes available.…”

Section: Introductionmentioning

confidence: 99%

Fast Extraction of Adaptive Change Point Based Patterns for Problem Resolution in Enterprise Systems

Agarwal

Sachindran

Gupta

et al. 2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Enterprise middleware systems typically consist of a large cluster of machines with stringent performance requirements. Hence, when a performance problem occurs in such environments, it is critical that the health monitoring software identifies the root cause with minimal delay. A technique commonly used for isolating root causes is rule definition, which involves specifying combinations of events that cause particular problems. However, such predefined rules (or problem signatures) tend to be inflexible, and crucially depend on domain experts for their definition. We present in this paper a method that automatically generates change point based problem signatures using administrator feedback, thereby removing the dependence on domain experts. The problem signatures generated by our method are flexible, in that they do not require exact matches for triggering, and adapt as more information becomes available. Unlike traditional data mining techniques, where one requires a large number of problem instances to extract meaningful patterns, our method requires few fault instances to learn problem signatures. We demonstrate the efficacy of our approach by learning problem signatures for five common problems that occur in enterprise systems and reliably recognizing these problems with a small number of learning instances.

show abstract

Discovering actionable patterns in event data

Cited by 82 publications

References 21 publications

A log mining approach for process monitoring in SCADA

A log mining approach for process monitoring in SCADA

Simplifying Correlation Rule Creation for Effective Systems Monitoring

Fast Extraction of Adaptive Change Point Based Patterns for Problem Resolution in Enterprise Systems

Contact Info

Product

Resources

About