Kerf: Machine Learning to Aid Intrusion Analysts

Authors

Javed Aslam, Northwestern UniversityFollow
Sergey Bratus, Dartmouth CollegeFollow
David Kotz, Dartmouth CollegeFollow
Ron Peterson, Dartmouth College
Daniela Rus, Massachussets Institute of Technology

Document Type

Conference Paper

Publication Date

8-2004

Publication Title

Proceedings of the 13th USENIX Security Symposium

Department

Department of Computer Science

Abstract

Kerf is a toolkit for post-hoc intrusion analysis of available system logs and some types of network logs. It takes the view that this process is inherently interactive and iterative: the human analyst browses the log data for apparent anomalies, and tests and revises his hypothesis of what happened. The hypothesis is alternately refined, as information that partially confirms the hypothesis is discovered, and expanded, as the analyst tries new avenues that broaden the investigation.

Dartmouth Digital Commons Citation

Aslam, Javed; Bratus, Sergey; Kotz, David; Peterson, Ron; and Rus, Daniela, "Kerf: Machine Learning to Aid Intrusion Analysts" (2004). Dartmouth Scholarship. 3077.
https://digitalcommons.dartmouth.edu/facoa/3077