"Kerf: Machine Learning to Aid Intrusion Analysts" by Javed Aslam, Sergey Bratus et al.

Dartmouth Scholarship

Title

Kerf: Machine Learning to Aid Intrusion Analysts

Authors

Javed Aslam, Northwestern UniversityFollow
Sergey Bratus, Dartmouth CollegeFollow
David Kotz, Dartmouth CollegeFollow
Ron Peterson, Dartmouth College
Daniela Rus, Massachussets Institute of Technology

Document Type

Conference Paper

Publication Date

8-2004

Publication Title

Proceedings of the 13th USENIX Security Symposium

Department

Department of Computer Science

Abstract

Kerf is a toolkit for post-hoc intrusion analysis of available system logs and some types of network logs. It takes the view that this process is inherently interactive and iterative: the human analyst browses the log data for apparent anomalies, and tests and revises his hypothesis of what happened. The hypothesis is alternately refined, as information that partially confirms the hypothesis is discovered, and expanded, as the analyst tries new avenues that broaden the investigation.

Dartmouth Digital Commons Citation

Aslam, Javed; Bratus, Sergey; Kotz, David; Peterson, Ron; and Rus, Daniela, "Kerf: Machine Learning to Aid Intrusion Analysts" (2004). Dartmouth Scholarship. 3077.
https://digitalcommons.dartmouth.edu/facoa/3077

Download

Included in

Computer Sciences Commons

COinS

Dartmouth Scholarship

Title

Authors

Document Type

Publication Date

Publication Title

Department

Abstract

Dartmouth Digital Commons Citation

Included in

Browse

Search

Contribute

Links

Questions?