Organizing And Analyzing Logdata With Entropy, Sergey Bratus presented at TROOPERS 2008

by Sergey Bratus,

Tags: Data Exfiltration

Summary : I will show how entropy, a measure of information content defined by Shannon in 1948, can provide useful ways of organizing and analyzing logdata. In particular, we use entropy and mutual information heuristics to group syslog records and packet captures in such a way as to bring out anomalies and summarize the overall structure in each particular data set. I will show a modification of Ethereal that is based on these heuristics, and a separate tool for browsing syslogs. Our data organization heuristics produce decision trees that can be saved and applied to building views of other data sets. Our tools also allow the user to mark records based on relevance, and use this feedback to improve the data views. Our tools and algorithm descriptions can be found at http://kerf.cs.dartmouth.edu

Sergey Bratus: Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He enjoys wireless and wired network hacking and tries to help fellow academics to understand its value and relevance. Before coming to Dartmouth, he worked on machine learning for natural text processing at BBN Technologies. He has a Ph.D. In Mathematics from Northeastern University.