π§ Daily Study Log [2025-10-27] Β
Completed the first day of the SK Shieldus Rookies 28th program, focusing on Python Fundamentals (Data Types & Security Application) and initiating a paper review on DeepLog (Log Anomaly Detection using LSTM).
π‘ Idea β Knowledge Structuring
- Motivation: Re-launching the study log after a break (midterm exams, program start). Need to ensure long-term, consistent learning.
- Solution: Adopt a structured log format (this template) and establish dedicated folders for log files (
daily_logs/) and academic research (paper_review/).
- Goal: Shift from fragmented learning to a robust system that structures knowledge into three areas: Programming, Academia, and Security Practice.
π Paper Review β DeepLog (Day 1: Abstract & Intro) Β
- Initiated review of DeepLog: Anomaly Detection and Diagnosis from System Logs (ACM CCS 2017).
- Context & Motivation: Traditional log analysis fails due to the sheer volume/complexity of modern system logs and cannot detect new anomalies (rules-based limit). Statistical methods fail to capture sequential dependency.
- Core Insight: Model logs as a systemβs language (log events as tokens in a sequence). Use LSTM (Long Short-Term Memory) to learn the patterns of normal sequences and detect anomalies when the next predicted event deviates from the actual event.
- Significance: Represents a major shift in SOC (Security Operation Center) philosophy: moving from defining rules to learning the context of normality. It established the foundation for subsequent sequence-based log analysis research (LogBERT, etc.).
- Methodology: Operates as Unsupervised Learning, trained only on normal logs.
π Class Summary (SK Shieldus Rookies 28th - Day 1) Β
π Python Fundamentals & Data Types Β
- Core Principle: Python is an interpreter-based language, making it critical to use
type() to confirm the Built-In Type of variables.
- Immutable Types (Stability): String and Tuple are immutable.
- Security-focused Type: The Set type is valuable for security checks due to its no-duplicate nature. Itβs used for detecting duplicate logins or managing unique tokens.
- Syntax Tips: Use f-strings for clear log formatting (
{num:,} for thousands separator).
- Log Best Practice: Combine Triple Quotes (
""") and f-strings to create structured log messages that are easily parsed by detection rules.
β
TL;DR Β
π Began SK Shieldus Rookies program; set up structured log system. Β
π Python: Focused on Built-In Types (List, Dict, Set) and their use in security (e.g., Set for duplicate detection). Β
π DeepLog (Paper Review): Explored the LSTM-based approach to log anomaly detection by modeling logs as system language.