Two Extensions of k-Tails for Log Analysis
12 Oct 2018 Friday, 02:30 PM to 04:00 PM
COM2 Level 4
Executive Classroom, COM2-04-02
Much work has been published on extracting finite-state machines from logs that document the execution of running systems. One prominent algorithm is the well-known k-Tails, which extracts a candidate behavioral model from a log of execution traces, based on the set of sequences of $k$ consecutive events found in the log. In this talk, we present two extensions of k-Tails.
The first extension aims to address scalability of the k-Tails algorithm, while providing statistical guarantees about the completeness of the inferred models. To this end, we employ statistical hypothesis testing, and design a sound stopping criteria. While we demonstrate the approach over k-Tails, it can be applied to other log analysis algorithms.
The second extension aims to extend the k-Tails algorithm for the purpose of log differencing. In many cases, for example in the context of evolution, testing, or malware analysis, engineers are interested not only in a single log but in a set of several logs, each of which originated from a different set of runs of the system at hand. Then, the difference between the logs is the main target of interest. We present two algorithms that generate concise models to describe and highlight log differences.
Nimrod Busany is a PhD student at the School of Computer Science, Tel Aviv Universtiy, Israel. His main research interests include log analysis, model inference, model exploration and visualization, statistical and ML methods, and mining software repositories. Since 2013, he has worked at IBM Research lab, Haifa, where he has been involved in the research and development of several projects, focusing on mining of various software repositories and on incorporating the extracted information into tools that assist in test prioritization, test prediction, code reviews, and more. Nimrod has a BSc and an MSc degrees in Information Systems, IE, from the Technion IIT.