Proceedings of the 13th USENIX Security Symposium
Department of Computer Science
Kerf is a toolkit for post-hoc intrusion analysis of available system logs and some types of network logs. It takes the view that this process is inherently interactive and iterative: the human analyst browses the log data for apparent anomalies, and tests and revises his hypothesis of what happened. The hypothesis is alternately refined, as information that partially confirms the hypothesis is discovered, and expanded, as the analyst tries new avenues that broaden the investigation.
Dartmouth Digital Commons Citation
Aslam, Javed; Bratus, Sergey; Kotz, David; Peterson, Ron; and Rus, Daniela, "Kerf: Machine Learning to Aid Intrusion Analysts" (2004). Dartmouth Scholarship. 3077.