ML for unusual name detection

Kim-Kruse-Hansen · December 14, 2018, 6:24pm

Hi

We are trying to find hostnames in the DHCP logs, that are roque in the sense that the hostname is not following current naming standards.

So I have been trying to figure out, how to do that with ML.

So I came up with an idea to collapse the hostname into patterns. So I preprocess all the names like this:

change all upper case chars to 'A',
change all lowercase to 'a'
change all digits to '0'
all special char to '.'.

This gives a uniform pattern of the names.

I then used the rare function in a ML job to run through all the DHCP leases and I actually got some pretty decent results with this approach.

But is the correct way of detecting stuff like this or is there a simpler way , where I dont have to preprocess all the names myself ?

Best regards
Kim

richcollier · December 14, 2018, 10:25pm

Your approach is clever and is likely the best way to do it.

Kudos!

Kim-Kruse-Hansen · December 16, 2018, 11:57am

Thanks Rich , appreciate it.

I am sure , some more recipes for stuff like this would be very welcomed by the community. We have many usecases, where we would like to try ML , but quite unsure on how to proceed.

Regards
Kim

pjanzen · December 16, 2018, 7:15pm

If your hostnames are following a fixed pattern could you not create a regex and used that in the ML job query? All that do not match would that not be rouge clients on the network..

I do like the use case..

system · January 13, 2019, 7:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.