Practical Data Mining and Analysis for System Administration

Tanner Lund; Hayden Panike; Samuel Moses; Dale C Rowe; Joseph J Ekstrom

Download Paper | Permalink

Conference: 2015 ASEE Annual Conference & Exposition
Location: Seattle, Washington
Publication Date: June 14, 2015
Start Date: June 14, 2015
End Date: June 17, 2015
ISBN: 978-0-692-50180-1
ISSN: 2153-5965
Conference Session: Topics in Computing and Information Technologies I
Tagged Division: Computing & Information Technology
Page Count: 24
Page Numbers: 26.1233.1 - 26.1233.24
DOI: 10.18260/p.24570
Permanent URL: https://peer.asee.org/24570
Download Count: 666

Paper Authors

biography

Tanner Lund Brigham Young University

visit author page

Tanner Lund is a research assistant at Brigham Young University studying Information Technology. His fields of study include system administration and network management, with a specialization in distributed computing and log analysis. He has a strong interest in machine learning and applying its principles to network management.

visit author page

author page

Dr. Rowe has worked for nearly two decades in security and network architecture with a variety of industries in international companies. He has provided secure enterprise architecture on both military and commercial satellite communications systems. He has also advised and trained both national and international governments on cyber-security.
Since joining Brigham Young University in 2010, he has designed a variety of courses on information assurance, cybersecurity, penetration testing, cyber forensics, malware analysis and systems administration and published over a dozen papers in cyber-security.

visit author page

biography

Joseph J Ekstrom Brigham Young University

visit author page

Dr. Ekstrom spent more than 30 years in industry as a software developer, technical manager, and entrepreneur. In 2001 he helped initiate the IT program at BYU. He was the Program Chair of the Information Technology program from 2007-2013. His research interests include network and systems management, distributed computing, system modeling and architecture, system development, Cyber security and IT curriculum development.

visit author page

Download Paper | Permalink

Abstract

Practical Data Mining and Analysis for System AdministrationModern networks are both complex and important, requiring vigilant system administration.System administrators employ many tools to aid them in their work, but still securityvulnerabilities, misconfigurations, and unanticipated device failures can occur regularly. Theconstant and repetitive work put into fixing these problems often leads to wasted money, time,and effort. We have developed a system to greatly reduce this waste. By implementing apractical data mining infrastructure, we are able to analyze device data and logs as part ofgeneral administrative tasks. This allows us to track security risks and identify configurationproblems far more quickly and efficiently than conventional systems could by themselves. Thisapproach gives system administrators much more knowledge about and power over theirsystems, saving them resources and time.The system is practical because it is more straightforward and easier to deploy than traditionaldata mining architectures. Generally, data analysis infrastructure is large, expensive, and used forother purposes than system administration. This has often kept administrators from applying thetechnology to analysis of their networks. In contrast to this we propose a system designed toovercome these problems. We propose a lightweight, easily configurable solution that can be setup and maintained by the system administrators themselves, saving work hours and resources inthe long run.One advantage to using data mining is that we can exploit behavioral analysis to help answerquestions about points of failure, analyze an extremely large number of device logs, and identifymany device failures before they happen. Indexing the logs and parsing out the informationenables system administrators to query and search for specific items, narrowing down points offailure to resolve them faster. Consequently, network and system downtime is decreased.In summary, we have found in our tests that the system increases security response timesignificantly. We have also found that the system identifies configuration problems that had goneon unnoticed for months or even years; problems that could be causing many other issues withinthe network. This system's ability to identify struggling devices by early warning signs beforethey go down has proven invaluable. We feel that the benefits and simplicity of this system aresignificant enough to make it worth implementing in almost any professional computer network.

Citation
Format

Lund, T., & Panike, H., & Moses, S., & Rowe, D. C., & Ekstrom, J. J. (2015, June), Practical Data Mining and Analysis for System Administration Paper presented at 2015 ASEE Annual Conference & Exposition, Seattle, Washington. 10.18260/p.24570

TY - CPAPER
AB - Practical Data Mining and Analysis for System AdministrationModern networks are both complex and important, requiring vigilant system administration.System administrators employ many tools to aid them in their work, but still securityvulnerabilities, misconfigurations, and unanticipated device failures can occur regularly. Theconstant and repetitive work put into fixing these problems often leads to wasted money, time,and effort. We have developed a system to greatly reduce this waste. By implementing apractical data mining infrastructure, we are able to analyze device data and logs as part ofgeneral administrative tasks. This allows us to track security risks and identify configurationproblems far more quickly and efficiently than conventional systems could by themselves. Thisapproach gives system administrators much more knowledge about and power over theirsystems, saving them resources and time.The system is practical because it is more straightforward and easier to deploy than traditionaldata mining architectures. Generally, data analysis infrastructure is large, expensive, and used forother purposes than system administration. This has often kept administrators from applying thetechnology to analysis of their networks. In contrast to this we propose a system designed toovercome these problems. We propose a lightweight, easily configurable solution that can be setup and maintained by the system administrators themselves, saving work hours and resources inthe long run.One advantage to using data mining is that we can exploit behavioral analysis to help answerquestions about points of failure, analyze an extremely large number of device logs, and identifymany device failures before they happen. Indexing the logs and parsing out the informationenables system administrators to query and search for specific items, narrowing down points offailure to resolve them faster. Consequently, network and system downtime is decreased.In summary, we have found in our tests that the system increases security response timesignificantly. We have also found that the system identifies configuration problems that had goneon unnoticed for months or even years; problems that could be causing many other issues withinthe network. This system&#39;s ability to identify struggling devices by early warning signs beforethey go down has proven invaluable. We feel that the benefits and simplicity of this system aresignificant enough to make it worth implementing in almost any professional computer network.
AU - Tanner Lund
AU - Hayden Panike
AU - Samuel Moses
AU - Dale C Rowe
AU - Joseph J Ekstrom
CY - Seattle, Washington
DA - 2015/06/14
PB - ASEE Conferences
TI - Practical Data Mining and Analysis for System Administration
UR - https://peer.asee.org/24570
DO - 10.18260/p.24570
ER -