• Login
    View Item 
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSc.ISS Theses and Dissertations
    • MSc.ISS Theses and Dissertations (2018)
    • View Item
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSc.ISS Theses and Dissertations
    • MSc.ISS Theses and Dissertations (2018)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    A Platform for analyzing log files using temporal logic approach: a test case with web server logs

    Thumbnail
    View/Open
    Full-text Thesis 2018 (12.00Mb)
    Date
    2018
    Author
    Muema, Peris Ndululu
    Metadata
    Show full item record
    Abstract
    Web logs are a set of recorded events between clients and web servers. Information provided by these events is valuable to computer system administrators, digital forensic investigators and system security personnel during digital investigations. It is important for these entities to understand when certain system events were initiated and by whom. To achieve this, it is fundamental to gather related evidence to the crime from log files. These forensic procedures however pose a major challenge due to large sizes of the web log files, difficulty in understanding and correlating to attack patterns associated to digital crimes. The connections of events that are remotely positioned in the large log files require extensive computational manpower. This dissertation proposes the design, implementation and evaluation of a web log analysis system based on temporal logic and reconstruction. The case study will be on web server misuse. Temporal Logic operators represent system changes over time. The reconstruction of records in web server log files as streams will enable the implementation of temporal logic on the streaming data. The web server attack patterns established will be described by a special subset of temporal logic known as MSFOMTL (Many Sorted First Order Metric Temporal Logic). The attack patterns will be written in a special EPL (Event Processing Language) as queries and be parsed through Esper, a Complex Event Processing (CEP) engine. To ensure the proposed system increases the quality of log analysis process, log analysis will be performed based on a time window mechanism on sorted log files.
    URI
    http://hdl.handle.net/11071/5990
    Collections
    • MSc.ISS Theses and Dissertations (2018) [9]

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of SU+Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV