Smart Log Data Analytics: Techniques for

Advanced Security Analysis Florian Skopik

download

https://ebookmeta.com/product/smart-log-data-analytics-
techniques-for-advanced-security-analysis-florian-skopik/

Download more ebook from https://ebookmeta.com

We believe these products will be a great fit for you. Click
the link to download now, or visit ebookmeta.com
to discover even more!

Data-Driven Mining, Learning and Analytics for Secured

Smart Cities: Trends and Advances (Advanced Sciences
and Technologies for Security Applications) Chinmay
Chakraborty
https://ebookmeta.com/product/data-driven-mining-learning-and-
analytics-for-secured-smart-cities-trends-and-advances-advanced-
sciences-and-technologies-for-security-applications-chinmay-
chakraborty/

SQL for Data Analysis: Advanced Techniques for

Transforming Data into Insights 1st Edition Cathy
Tanimura

https://ebookmeta.com/product/sql-for-data-analysis-advanced-
techniques-for-transforming-data-into-insights-1st-edition-cathy-
tanimura/

Big Data Analytics and Intelligent Techniques for Smart

Cities 1st Edition Kolla Bhanu Prakash

https://ebookmeta.com/product/big-data-analytics-and-intelligent-
techniques-for-smart-cities-1st-edition-kolla-bhanu-prakash/

Sold by the Alien 2022nd Edition Renard Loki

https://ebookmeta.com/product/sold-by-the-alien-2022nd-edition-
renard-loki/
Marketing 6th Edition Dhruv Grewal

https://ebookmeta.com/product/marketing-6th-edition-dhruv-grewal/

Voice Ergonomics 1st Edition

https://ebookmeta.com/product/voice-ergonomics-1st-edition/

Gripp Caged and Dangerous Book 6 1st Edition Milly

Taiden

https://ebookmeta.com/product/gripp-caged-and-dangerous-
book-6-1st-edition-milly-taiden/

The Truth According to Ginny Moon Benjamin Ludwig

https://ebookmeta.com/product/the-truth-according-to-ginny-moon-
benjamin-ludwig/

UTAH 1st Edition Elle James

https://ebookmeta.com/product/utah-1st-edition-elle-james/
An Army Doctor on the Western Frontier Journals and
Letters of John Vance Lauderdale 1864 1890 1st Edition
Robert M. Utley

https://ebookmeta.com/product/an-army-doctor-on-the-western-
frontier-journals-and-letters-of-john-vance-
lauderdale-1864-1890-1st-edition-robert-m-utley/
Florian Skopik
Markus Wurzenberger
Max Landauer

Smart
Log Data
Analytics
Techniques for Advanced Security
Analysis
Smart Log Data Analytics
Florian Skopik • Markus Wurzenberger
Max Landauer

Smart Log Data Analytics

Techniques for Advanced Security Analysis
Florian Skopik Markus Wurzenberger
Center for Digital Safety & Security Center for Digital Safety & Security
Austrian Institute of Technology Austrian Institute of Technology
Vienna, Austria Vienna, Austria

Max Landauer
Center for Digital Safety & Security
Austrian Institute of Technology
Vienna, Austria

ISBN 978-3-030-74449-6 ISBN 978-3-030-74450-2 (eBook)

https://doi.org/10.1007/978-3-030-74450-2

© Springer Nature Switzerland AG 2021

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or
the editors give a warranty, expressed or implied, with respect to the material contained herein or for any
errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG.
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface

Prudent event monitoring and logging are the only means that allow system
operators and security teams to truly understand how complex systems are utilized.
Log data are essential to detect intrusion attempts in real time or forensically work
through previous incidents to create a vital understanding of what has happened in
the past.
Today, almost every organization already logs data to some extent, and although
it means a considerable effort to establish a secure and robust logging infrastructure
as well as the governing management policies and processes, basic and raw logging
is comparatively simple in contrast to log analysis. The latter is an art of its own,
which not many organizations know how to master. Log data are extremely diverse
and processing them is unfortunately quite complex. There is no standard that
dictates the granularity, structure, and level of details that log events provide. There
is no agreement what logs comprise and how they are formatted.
Facing these facts, it is astonishing that not much literature that concerns logging
in computer networks exists. And although there are at least some great books
out there, it is not enough. On the one side some existing literature did not age
well (certain topics are simply outdated after several years as technologies evolve
and newer concepts such as bring your own device, cloud computing, and IoT hit
the market), and on the other side some relevant topics are simply not sufficiently
covered yet, especially when it comes to complex—and sometimes dry—log data
analytics.
We take Dr. Chuvakin’s (et al.) book ‘Logging and Log Management’ from 2013
as a starting point. This is a great book that covers all the essential basics from
a technical and management point of view, such as what log data actually are,
how to collect log data, and how to perform simple analysis, and also explains
filtering, normalization, and correlation as well as reporting of findings. It further
elaborates on available tools and helps the practitioner to adopt state-of-the-art
logging technologies quickly. However, while it provides a profound and important
basis for everyone who is in charge of setting up a logging infrastructure, this book
does not go far enough for certain audiences. The authors essentially stop there,
where our book starts. We assume, the reader of our book knows the basics and

v
vi Preface

has already collected experience with logging technologies. We further assume, the
reader spent some serious thoughts on what to log, how to log and why to log—
and that common challenges regarding the collection of log data have been solved,
including time synchronization, access control for log agents, log buffering/rotation,
and consistency assurance. For all these topics, technical (and vendor-specific)
documentation exists.
We pick up the reader at this point, where they ask the question what to do with
the collected logs beyond simple outlier detection and static rule-based evaluations.
Here, we enter new territory and provide insights into latest research results and
promising approaches. We provide an outlook on what kind of log analysis is
actually possible with the appropriate algorithms and provide the accompanying
open-source software solution AMiner1 to try out cutting-edge research methods
from this book on own data!
This book discusses important extensions to the state of the art. Its content is
meant for academics, researchers, and graduate students—as well as any forward-
thinking practitioner interested to:
• Learn how to parse and normalize log data in a scalable way, i.e., without
inefficient linear lists of regular expressions
• Learn how to efficiently cluster log events in real time, i.e., create clusters
incrementally while log events arrive
• Learn how to characterize systems and create behavior profiles with the use of
cluster maps
• Learn how to automatically create correlation rules from log data
• Learn how to track system behavior trends over time
In the last decade, numerous people supported this project. We would like to
specifically thank Roman Fiedler as one of the founders of the AMiner project,
Wolfgang Hotwagner for the invaluable infrastructure and implementation support,
Georg Höld for his contributions to the advanced detectors, and Ernst Leierzopf for
software quality improvements.

Vienna, Austria Florian Skopik

Vienna, Austria Markus Wurzenberger

Vienna, Austria Max Landauer

March 2021

1 https://github.com/ait-aecid.
Acknowledgments

This work has been financially supported by the Austrian Research Promotion
Agency FFG and the European Union’s FP7 and H2020 programs in course of
several research projects from 2011 to 2021.

vii
Contents

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 State of the Art in Security Monitoring and Anomaly Detection . . . . 1
1.2 Current Trends and . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 . . . Future Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Log Data Analysis: Today and Tomorrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5 Smart Log Data Analytics: Structure of the Book . . . . . . . . . . . . . . . . . . . . 9
1.6 Try It Out: Hands-on Examples Throughout the Book . . . . . . . . . . . . . . . 10
2 Survey on Log Clustering Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Survey Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3 Survey Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.4 Survey Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3 Incremental Log Data Clustering for Processing Large
Amounts of Data Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.2 Concept for Incremental Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.3 Outlook and Further Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4 Try It Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4 Generating Character-Based Templates for Log Data. . . . . . . . . . . . . . . . . . . 63
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.2 Concept for Generating Character-Based Templates . . . . . . . . . . . . . . . . . 65
4.3 Cluster Template Generator Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.4 Outlook and Further Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.5 Try it Out. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5 Time Series Analysis for Temporal Anomaly Detection . . . . . . . . . . . . . . . . . 83
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
5.2 Concept for Dynamic Clustering and AD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
5.3 Cluster Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

ix
x Contents

5.4 Time Series Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

5.5 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
6 AECID: A Light-Weight Log Analysis Approach for Online
Anomaly Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
6.2 The AECID Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
6.3 System Deployment and Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.4 Application Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
6.5 Try It Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
7 A Concept for a Tree-Based Log Parser Generator . . . . . . . . . . . . . . . . . . . . . . 131
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
7.2 Tree-Based Parser Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
7.3 AECID-PG: Tree-Based Log Parser Generator . . . . . . . . . . . . . . . . . . . . . . . 136
7.4 Outlook and Further Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
7.5 Try it Out. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
8 Variable Type Detector for Statistical Analysis of Log Tokens . . . . . . . . . 151
8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
8.2 Variable Type Detector Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
8.3 Variable Type Detector Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
8.4 Try It Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
9 Final Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

A Getting Started with AIT’s AMiner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

A.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
A.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
A.3 First Very Simple Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
A.4 Detecting Anomalies in Combinations of Different Log
Line Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

B Description of the AIT Log Data Set (AIT-LDSv1.1) . . . . . . . . . . . . . . . . . . . . 189

B.1 Testbed Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
B.2 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
B.3 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

C Going Further: Integrating AMiner with SIEM Solutions . . . . . . . . . . . . . . 193

C.1 Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
C.2 ELK Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
C.3 QRadar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
About the Authors

Florian Skopik is head of the cyber security research

program at the Austrian Institute of Technology (AIT)
with a team comprising around 30 people. He spent
10+ years in cyber security research, before, and partly
in parallel, another 15 years in software development.
Nowadays, he coordinates national and large-scale
international research projects as well as the overall
research direction of the team. His main interests
are centered on critical infrastructure protection,
smart grid security, and national cyber security and
defense. Since 2018, Florian further works as ISO
27001 Lead Auditor. Before joining AIT in 2011,
Florian was with the Distributed Systems Group at
the Vienna University of Technology as a research
assistant and postdoctoral research scientist from
2007 to 2011, where he was involved in a number
of international research projects dealing with cross-
organizational collaboration over the Web. In context
of these projects, he also finished his PhD studies.
Florian further spent a sabbatical at IBM Research
India in Bangalore for several months. He published
more than 125 scientific conference papers and journal
articles and holds more than 50 industry recognized
security certifications, including CISSP, CISM, CISA,
CRISC, and CCNP Security. In 2017, he finished a
professional degree in advanced computer security at
the Stanford University, USA. Florian is member of
various conference program committees and editorial
boards and standardization groups, such as ETSI
TC Cyber and OASIS CTI. He frequently serves as

xi
xii About the Authors

reviewer for numerous high-profile journals, includ-

ing Elsevier’s Computers & Security. He is registered
subject matter expert of ENISA in the areas of new
ICTs and emerging application areas as well as crit-
ical information infrastructure protection (CIIP) and
CSIRTs cooperation. In his career, he gave several
keynote speeches; organized scientific panel discussions
at flagship conferences, such as a smart grid security
panel at the IEEE Innovative Smart Grid Technologies
(ISGT) conference in Washington D.C.; and acted as
co-moderator of the National Austrian Cyber Security
Challenge 2017, and as jury member of the United
Nations Cyber Security Challenge 2019. Florian is
IEEE senior member, senior member of the Association
for Computing Machinery (ACM), member of (ISC)2,
member of ISACA, and member of the International
Society of Automation (ISA).

Markus Wurzenberger is a scientist and project

manager at AIT—Austrian Institute of Technology,
located in Vienna, Austria. Since 2014, he is part of
the cyber security research group of AIT’s Center
for Digital Safety and Security. His main research
interests are log data analysis with focus on anomaly
detection and cyber threat intelligence (CTI). This
includes the development of (i) novel machine learning
that allow online processing of large amounts of
log data to enable attack detection in real time, and
(ii) artificial intelligence (AI) methods and concepts
for extracting threat information from anomalies
to automatically generate actionable and shareable
CTI. Besides the involvement in several national
and international research projects, Markus is one
of the key researchers working on AIT’s anomaly
detection project AECID (Automatic Event Correlation
for Incident Detection). Among the most prominent
solutions developed within this project, Markus and his
team created AMiner, a software component for log
analysis, which implements several anomaly detection
algorithms and is included as package in the official
Debian distribution. In 2021, Markus finished his
PhD in computer science at the Vienna University
of Technology, with focus on anomaly detection in
computer log data. The subject of his PhD aligned with
several national and international research projects AIT
About the Authors xiii

is involved in. In 2015, Markus obtained his master’s

degree in technical mathematics from the Vienna Uni-
versity of Technology. Since 2014 he is a full-time
researcher at AIT in the area of cyber security.

Max Landauer completed his bachelor’s degree in

business informatics at the Vienna University of Tech-
nology in 2016. In 2017, he joined the Austrian Institute
of Technology, where he carried out his master’s the-
sis on clustering and time-series analysis of system
log data. He started his PhD studies as a cooperative
project between the Vienna University of Technology
and the Austrian Institute of Technology in 2018. For
his dissertation, Max is working on an automatic threat
intelligence mining approach that extracts actionable
CTI from raw log data. The goal of this research is to
transform threat information shared by different organi-
zations into abstract alert patterns that allow detection
and classification of similar attacks. Moreover, Max is
a maintainer of the logdata-anomaly-miner (AMiner),
an open-source agent for parsing and analyzing all
kinds of system logs, which is developed at AIT and
available in the Debian distribution. He is also con-
tributing to multiple other tools that are part of AECID
(Automatic Event Correlation for Incident Detection),
a framework for all kinds of efficient and scalable
log data analysis techniques such as parser generation
and log clustering. Max has many years of experience
with nationally and internationally funded projects in
numerous areas, including machine learning, artificial
intelligence, cyber-physical systems, and digital service
chains. He is currently employed as a junior scientist
in the Center for Digital Safety and Security at the
Austrian Institute of Technology. His main research
interests are log data analysis, anomaly detection, and
cyber threat intelligence.
Acronyms

AD Anomaly detection
AECID Automatic event correlation for incident detection
ARIMA Autoregressive integrated moving-average
CE Cluster evolution
CPS Cyber-physical systems
CTI Cyber threat intelligence
DNS Domain name system
EDR Endpoint detection and response
HIDS Host-based intrusion detection system
IDS Intrusion detection system
IOC Indicator of compromise
JSON JavaScript Object Notation
NIDS Network-based intrusion detection system
PCA Principle component analysis
SIEM Security information and event management
TSA Time-series analysis
VTD Variable type detector

xv
Chapter 1
Introduction

1.1 State of the Art in Security Monitoring and Anomaly

Detection

“Prevention is ideal, but detection is a must” [20]. Active monitoring and intrusion
detection systems (IDS) are the backbone of every effective cyber security frame-
work. Whenever carefully planned, implemented and executed preventive security
measures fail, IDS are a vital part of the last line of defence. IDS are an essential
measure to detect the first steps of an attempted intrusion in a timely manner. This
is a prerequisite to avoid further harm. It is commonly agreed that active monitoring
of networks and systems and the application of IDS are a vital part of the state
of the art. Usually, findings of IDS, as well as major events from monitoring, are
forwarded to, managed and analyzed with SIEM [77] solutions. These security
information and event management solutions provide a detailed view on the status
of an infrastructure under observation.
However, a SIEM solution is only as good as the underlying monitoring and
analytics pipeline. IDS are an inevitable part of this pipeline, which spans from
gathering data, including operating system logs, process call trees, memory dumps
etc., from systems, feed them into analysis engines and report findings to SIEMs.
Obviously, the verbosity and expressiveness of data is a key criterion for the
selection of data sources. This is an art of its own and mainly dependent on
answering what kind of common attack vectors today (referring to the MITRE
ATT&CK matrix [105] are reflected best in which sources (e.g., DNS logs, netflows,
syscalls etc.). There are literally hundreds of tools and agents to harness the different
sources and tons of guidelines on the configuration of these tools to control the
verbosity and quality of resulting log data.
In terms of detection mechanisms, most commonly used today are still signature-
based NIDS approaches. Similarly, signature-based HIDS are capable of using
host-based sources, such as audit trails from operating systems, to perform intrusion
detection. The secret of their successes lies in the simple applicability and the

© Springer Nature Switzerland AG 2021 1

F. Skopik et al., Smart Log Data Analytics,
https://doi.org/10.1007/978-3-030-74450-2_1
2 1 Introduction

virtually zero false positive rate. Either a malicious pattern is present, or it is not. As
simple as that.
Unfortunately, this easy applicability comes with a price. The slightest mod-
ification to the Malware or (configuration of) attacking tool changes the traces
an attack leaves on a system and in the numerous log files respectively, which
renders signature-based approaches almost null and void [15]. For instance, [18]
demonstrated that well-known Malware can evade IDS by implementing a single
NOP instruction in the right place of its code.
In order to mitigate attacks with polymorphic and customized tools, IDS vendors
combine signature-based approaches with heuristics to enable a kind of fuzzy
detection, i.e., detect patterns that match to a certain degree but allow some inherent
noise. This again however, increases the false positive rate, which makes such
approaches of limited use. The job for solution vendors and integrators is to find
the sweet spot where fuzzy signature-based matching still works without producing
too many false detections. While there are some promising solutions available today,
it is expected that attacks become even more customized in the future, why the focus
on the detection of known bad actions seems to be a dead end for defenders on the
long run.
As a consequence, a major transition away from signature-based blacklisting
approaches to behavior-based whitelisting approaches takes place. The fundamental
idea is that if we cannot determine how malicious activities look like on a system,
we could do it with legit activities (which get whitelisted) and define everything else
as potentially problematic. This is how anomaly detection (AD) methods work.

Background: Anomaly Detection in a Nutshell

AD approaches [13] are more flexible than signature-based approaches
and can detect novel and previously unknown attacks. They permit only
normal system behavior, and therefore are also called whitelisting approaches.
Anomaly Detection (AD) based approaches apply machine learning to deter-
mine a system’s normal behavior. There exist three ways how self-learning
AD can be realized [33]: Unsupervised learning does not require any labeled
data and is able to learn to distinguish normal from malicious system behavior
during the training phase. Based on the findings, it classifies any other given
data during the detection phase. Semi-supervised learning implies that the
training set only contains anomaly-free data and is therefore also called “one-
class” classification. Supervised learning requires a fully labeled training set
containing both normal and malicious data. The authors of [9] differentiate
between six classes of AD algorithms. Statistical AD is a semi-supervised
method: A model defines the expected behavior of the system and data
deviating from this model are marked as anomalies. Statistical AD is a simple
algorithm that may be challenged by complex attacks. In Classification based

(continued)
Exploring the Variety of Random
Documents with Different Content
Functional diseases, 56.

G
ALVANOMETER, 300.
General causes of uterine and pelvic diseases, 61.
Germ theory of disease, 77.
German measles, 372.
Germans, river-bathing of, 77.
Germicidal properties of drugs, 176.
Girls should be independent to choose their choice, 66.
Gonorrhœal infection, statistics of, 276.
Goodells, Prof., on “abuses of uterine treatment,” 22.
on uterine symptoms, 140.
Graafian follicles, 263.
Green sickness, 133, 134.
Growth of the uterus from the moment of conception, 72.

H
EMORRHAGE of the womb, 143, 144.
of wounds, 381.
arrest of, 382.
Hemorrhoids, causing inflammation of urethra, 152, 322.
in irritability of bladder, 166.
Heroic treatment, 42.
Hippocrates’s view of fetal life, 102.
Histology of inflammation, 145.
How a woman should lie after confinement, 335.
Human ovum, size of, 264.
Hygiene of gynecology, 78, 79.
Hygienic measures, 182, 183.
Hypnotism, 52.
Hysteria, amenable to mind cure, 56.

I CE-BAGS, 291.
Imagination is the realm of the soul, 49.
Impersonal sleep of Dr. Charcot, 54.
Improprieties of dress, 68, 69, 70.
Imprudence during menstruation, 71.
In the realm of thought there is no monopoly, 15.
Indigestion, 356.
Infants fed on cows’ milk, 406.
overfeeding of, 394.
Infection, 287.
gonorrhœal, 81.
innocent, 81.
Inflammation, 145.
of the womb, 196.
chronic, 203.
Interpolar regions, 297.
Intra-abdominal pressure, 233.
Involution, 73.
Iron pills in chlorosis, 137.

K NEE-CHEST posture, 254.

in relaxed vagina, 180.
in falling of the womb, 236.

L
AITY, object of educating the, 18.
Landois, Prof., on the curative force in the lower animals, 39.
Laws on abortion, 104, 105.
Leucorrhœa, 80, 176.
Little girls, muco-purulent secretion of the vagina, 152.
Lochial discharge, 84.
Lung fever, 352.
Lying on the back after confinement, 73.

M ALTHUS, law of, 99.

Man, instinctive desire of, 89.
Mania for cutting operations, 21.
Marital excesses, and prevention of conception, 87.
Marital excesses the mainspring of disease, 91.
Married women exposed to infectious contamination, 80.
Martin, Dr., of Chicago, 300.
Massey, Dr. G. Batton, 297.
Measles, 370, 371.
Measurements of the healthy uterus, 71.
Mechanical age, 19.
Menopause and puberty, 129.
Menorrhagia and metrorrhagia, 143, 144.
Menstrual disorders, 131.
Menstruation and menstrual disorders, 126.
Menstruation, average period of, 128.
precocious, 132.
source from which the blood comes, 128.
Menstruation suspended during pregnancy, 129.
Menstruation, climate and temperament, 127.
Menstruation, diversity in ages, 126.
Mental photography in the hypnotic state, 54.
Mesmerism, 52.
Metritis, 196.
acute, 198.
causes of, 199.
chronic, 203.
cold applications in, 201.
treatment for, 200, 207, 208.
Metrorrhagia, 143.
Milk, 400.
analysis of, 408.
arrowroot with, 410.
boiled, 404.
condensed, 410.
gruel for, 410.
 diarrhœal diseases from, 406.
from the country, 402.
promiscuously mixed, 402.
quantity to be taken, 405.
sterilizing the, 406.
shake, 404.
Milk-leg, 290.
Mill, John Stuart, 99.
Milliampère, 300.
Moral restraint, 90.
More thought required to make good mothers than to file briefs or write
prescriptions, 68.
Morning-sickness, 300.
Morphine habit vice asthma, 60.
Mouth, catarrh of the, 342.
putrid sore, 342.
Mucous membrane, 182.
Mumps, 344.
Murchison, Dr., 397.
Mystic union of the soul with the body, 102.

N
AVEL, care of the, 338, 339.
Nerve strain, 140, 141, 152.
Nervous and congestive dysmenorrhœa, 140.
Nervous system in chlorosis, 135.
Nervousness, due to excessive mental application, 63.
Negative pole, 301.
Nine years of my professional life, 15.
Noeggerath, Dr., on gonorrhœal infection, 276.

O BJECT of educating the laity, 18.

Ovaries, 124.
acute inflammation, 266, 267.
chronic inflammation, 270.
 cysts or tumors of, 264.
diseases of, 263.
displacement of, 266.
incomplete or rudimentary, 266.
supernumerary, 265.
Ova, number discharged at the menstrual period, 131.
Ovaritis, 266, 267.
treatment of, 269, 272.

P AIN in the abdominal walls, 321.

Painful sensations from imaginary causes, 48.
Painless childbirth, 325.
Palpitation of the heart, 321.
Parametritis, 285.
Parotitis, 344.
Pelvis, true, 120.
false, 119.
floor of the, 228.
Perimetritis and peritonitis, 275.
Perineum, 121.
Period of fruitfulness, 264.
Peritonitis and perimetritis, 275.
Peritonitis, treatment of, 282, 283.
criminal abortion the cause, 281.
Piles, 322.
Playfair, Dr., 401.
Pneumonia, 352.
treatment for, 354.
Poisons, 388, 389, 390, 391.
Precocious talents should not be forced, 64.
Pregnancy, breasts become enlarged in, 308.
bladder trouble in, 321.
constipation in, 319, 320.
capricious appetite in, 307.
deposit of coloring matter, 308.
 duration of, 305.
diet in, 324.
extrauterine, 305.
false, 306.
menstruation during, 306.
nausea and vomiting, 319.
salivation of the mouth, 307, 319.
simulating, 314.
symptoms of, 305, 306.
unnatural, 305.
Pregnant woman, precautions to, 316.
clean linen for the, 318.
proper clothing for, 315.
Preliminary signs of labor, 330.
Preparation of homœpathic dilutions, 44.
Prolapsus, or falling of the womb, 231.
Protophytes, 286.
Psychical exaggeration, 140.
Ptomaines are developed from uncleanliness, 83.
Puberty and menopause, 129.
Puerperal or childbed fever, 77, 78, 290.
Pulsation of the fetal heart, 311.
Putrefactive germs, 286.
Putrid or septic poison, 287.
Pyosalpinx, 285.

Q UICKENING, 103, 104, 310.

Quinsy, 344.

R
EPARATIVE energy of nature, 38.
Reparative process after confinement, 233.
Retroflexion in pregnancy, 256.
treatment of, 252.
Retroflexion of the womb, 247.
Retroflexion, replacement of, 254, 255.
Retroversion of the womb, 246.
Round ligaments of the womb, 248.
Rose-rash, 372.
Rumbold, Dr. Thos. F., 184.

S
ALPINGITIS, 259.
treatment for, 260, 261.
Sawyer, Dr. Herbert C., 58.
Scalds, 382.
Scarlet fever, 373, 374, 375.
Schelling, William Joseph, 47.
Scrofulous diseases, 400.
Serous membrane, 277, 278.
Sexual desire, Prof. Carpenter on, 89, 90.
Sexual instinct not unholy and depraved, 109.
Signs and symptoms of pregnancy, 305.
Signs of chronic inflammation of the womb, 207.
Skin, or integument, 182.
Somnambulism, 52.
Soor, 343.
Sore nipples, 339.
Soxhlet, Prof., 406.
Spasms in children, 361.
Spermatozoa, 89, 100.
measurements of, 105.
Spruce, 343.
Stages of labor, 332.
Sterility in flexion, 244.
in ovaritis, 272.
due to abortion, 118.
Sterilization of milk, 407.
Stoics’ view of fetal life, 102.
Stricture of the neck of the womb, 139.
Stupidity of the masses, 23.
Subinvolution of the womb, 73.
Sugar, digestion of, 398.
Superfluous garments, 70.
Sympathy will cause disease, 58.
Syringe, proper selection of a, 181.

T
EMPERATURE for living-rooms, 189.
Terror causes or cures disease, 58.
The bed for confinement, 329, 330.
The choice of a physician, 328.
The care of the baby, 337.
The nurse, 328.
The righting of the organ, 331.
Thermæ, 76.
Thrush, 341.
Tonsilitis, 344.
Too much mischievous doctoring, 24.
Tubal dropsy, 259.
Tuke, Dr. Daniel H., 50.
Tying the cord, 336.

U NCLEANLINESS a cause of disease, 76.

Union suits, 194.
Urethra, 121.
gonorrhœal infection of, 152.
in pregnancy, 155.
in the newly married, 156.
inflammation of, 150.
irritation of, 150.
neuralgia of, 155.
Urethritis and neuralgia of the urethra, 150.
 caused by eruptive fevers, 152.
Urethritis in pregnancy, 153.
papillated growths and mucous polypoids, 153.
Urinary fistula, 170, 171.
Uterus, 123.
anteflexion, 242.
anteversion, 240.
changes after confinement, 72.
measurements after confinement, 72.
natural position and support, 226, 227.
prolapsus, or falling of the, 236.
retroflexion, 247.
retroversion, 246.
treatment for prolapsus, 236.
versions and flexions, 240.

V
AGINA, 122.
catarrh of, 175.
catarrh in children, 177, 178.
acute and chronic inflammation of the, 172.
gonorrhœal infection of, 174.
knee-chest posture in catarrh of the, 180.
relaxed, mistaken for falling of the womb, 179, 180.
Vaginal douches after confinement, 335.
Vaginal injections, directions for their use, 85, 86.
Versions and flexions due to abortions, 117.
Virchow, Prof., theory of inflammation, 146.

W ARMING a dwelling, 186.

Weapon ointment, 41.
What is mind-cure? 46.
What is termed mind-cure is not mind-cure, 40.
When the soul becomes associated with the body, 107.
When to begin to train mothers, 65.
Whey, 409.
While in childbed, 328.
Whites, 176.
Whom to teach, 15.
Whooping-cough, 367, 368, 369.
Why crowd our girls into the profession? 67.
Winter cough, 189.
Wives who become delicate and nervous, 93.
Womb, 123.
tear or laceration of, 84.
Women’s rights vice women’s wrongs, 68.
Women, after getting up from confinement, 74.
Worms, 363, 364, 365.
Wounds, 378.
contused, 379.
incised, 379.
lacerated, 379.
poisoned, 380, 381.
punctured, 379.

Z IEGLER, Prof., on infection, 286.

*** END OF THE PROJECT GUTENBERG EBOOK FEMINA, A WORK
FOR EVERY WOMAN ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States
copyright in these works, so the Foundation (and you!) can copy
and distribute it in the United States without permission and
without paying copyright royalties. Special rules, set forth in the
General Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree
to abide by all the terms of this agreement, you must cease
using and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project Gutenberg™
works in compliance with the terms of this agreement for
keeping the Project Gutenberg™ name associated with the
work. You can easily comply with the terms of this agreement
by keeping this work in the same format with its attached full
Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.

1.E. Unless you have removed all references to Project

Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project
Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed,
viewed, copied or distributed:

This eBook is for the use of anyone anywhere in the United

States and most other parts of the world at no cost and
with almost no restrictions whatsoever. You may copy it,
give it away or re-use it under the terms of the Project
Gutenberg License included with this eBook or online at
www.gutenberg.org. If you are not located in the United
States, you will have to check the laws of the country
where you are located before using this eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is

derived from texts not protected by U.S. copyright law (does not
contain a notice indicating that it is posted with permission of
the copyright holder), the work can be copied and distributed to
anyone in the United States without paying any fees or charges.
If you are redistributing or providing access to a work with the
phrase “Project Gutenberg” associated with or appearing on the
work, you must comply either with the requirements of
paragraphs 1.E.1 through 1.E.7 or obtain permission for the use
of the work and the Project Gutenberg™ trademark as set forth
in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is

posted with the permission of the copyright holder, your use and
distribution must comply with both paragraphs 1.E.1 through
1.E.7 and any additional terms imposed by the copyright holder.
Additional terms will be linked to the Project Gutenberg™
License for all works posted with the permission of the copyright
holder found at the beginning of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files
 containing a part of this work or any other work associated with
Project Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute

this electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the
Project Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must,
at no additional cost, fee or expense to the user, provide a copy,
a means of exporting a copy, or a means of obtaining a copy
upon request, of the work in its original “Plain Vanilla ASCII” or
other form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™
works unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or

providing access to or distributing Project Gutenberg™
electronic works provided that:

• You pay a royalty fee of 20% of the gross profits you derive
from the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
 payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt
that s/he does not agree to the terms of the full Project
Gutenberg™ License. You must require such a user to return or
destroy all copies of the works possessed in a physical medium
and discontinue all use of and all access to other copies of
Project Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project

Gutenberg™ electronic work or group of works on different
terms than are set forth in this agreement, you must obtain
permission in writing from the Project Gutenberg Literary
Archive Foundation, the manager of the Project Gutenberg™
trademark. Contact the Foundation as set forth in Section 3
below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on,
transcribe and proofread works not protected by U.S. copyright
law in creating the Project Gutenberg™ collection. Despite these
efforts, Project Gutenberg™ electronic works, and the medium
on which they may be stored, may contain “Defects,” such as,
but not limited to, incomplete, inaccurate or corrupt data,
transcription errors, a copyright or other intellectual property
infringement, a defective or damaged disk or other medium, a
computer virus, or computer codes that damage or cannot be
read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except

for the “Right of Replacement or Refund” described in
paragraph 1.F.3, the Project Gutenberg Literary Archive
Foundation, the owner of the Project Gutenberg™ trademark,
and any other party distributing a Project Gutenberg™ electronic
work under this agreement, disclaim all liability to you for
damages, costs and expenses, including legal fees. YOU AGREE
THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT
LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT
EXCEPT THOSE PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE
THAT THE FOUNDATION, THE TRADEMARK OWNER, AND ANY
DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE
TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE
NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of
receiving it, you can receive a refund of the money (if any) you
paid for it by sending a written explanation to the person you
received the work from. If you received the work on a physical
medium, you must return the medium with your written
explanation. The person or entity that provided you with the
defective work may elect to provide a replacement copy in lieu
of a refund. If you received the work electronically, the person
or entity providing it to you may choose to give you a second
opportunity to receive the work electronically in lieu of a refund.
If the second copy is also defective, you may demand a refund
in writing without further opportunities to fix the problem.

1.F.4. Except for the limited right of replacement or refund set

forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’,
WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of
damages. If any disclaimer or limitation set forth in this
agreement violates the law of the state applicable to this
agreement, the agreement shall be interpreted to make the
maximum disclaimer or limitation permitted by the applicable
state law. The invalidity or unenforceability of any provision of
this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the

Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and
distribution of Project Gutenberg™ electronic works, harmless
from all liability, costs and expenses, including legal fees, that
arise directly or indirectly from any of the following which you
do or cause to occur: (a) distribution of this or any Project
Gutenberg™ work, (b) alteration, modification, or additions or
deletions to any Project Gutenberg™ work, and (c) any Defect
you cause.

Section 2. Information about the Mission

of Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new
computers. It exists because of the efforts of hundreds of
volunteers and donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project
Gutenberg™’s goals and ensuring that the Project Gutenberg™
collection will remain freely available for generations to come. In
2001, the Project Gutenberg Literary Archive Foundation was
created to provide a secure and permanent future for Project
Gutenberg™ and future generations. To learn more about the
Project Gutenberg Literary Archive Foundation and how your
efforts and donations can help, see Sections 3 and 4 and the
Foundation information page at www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-
profit 501(c)(3) educational corporation organized under the
laws of the state of Mississippi and granted tax exempt status
by the Internal Revenue Service. The Foundation’s EIN or
federal tax identification number is 64-6221541. Contributions
to the Project Gutenberg Literary Archive Foundation are tax
deductible to the full extent permitted by U.S. federal laws and
your state’s laws.

The Foundation’s business office is located at 809 North 1500

West, Salt Lake City, UT 84116, (801) 596-1887. Email contact
links and up to date contact information can be found at the
Foundation’s website and official page at
www.gutenberg.org/contact
 Section 4. Information about Donations to
the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission
of increasing the number of public domain and licensed works
that can be freely distributed in machine-readable form
accessible by the widest array of equipment including outdated
equipment. Many small donations ($1 to $5,000) are particularly
important to maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws

regulating charities and charitable donations in all 50 states of
the United States. Compliance requirements are not uniform
and it takes a considerable effort, much paperwork and many
fees to meet and keep up with these requirements. We do not
solicit donations in locations where we have not received written
confirmation of compliance. To SEND DONATIONS or determine
the status of compliance for any particular state visit
www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states

where we have not met the solicitation requirements, we know
of no prohibition against accepting unsolicited donations from
donors in such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot

make any statements concerning tax treatment of donations
received from outside the United States. U.S. laws alone swamp
our small staff.

Please check the Project Gutenberg web pages for current

donation methods and addresses. Donations are accepted in a
number of other ways including checks, online payments and
credit card donations. To donate, please visit:
www.gutenberg.org/donate.

Section 5. General Information About

Project Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could
be freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose
network of volunteer support.

Project Gutenberg™ eBooks are often created from several

printed editions, all of which are confirmed as not protected by
copyright in the U.S. unless a copyright notice is included. Thus,
we do not necessarily keep eBooks in compliance with any
particular paper edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg
Literary Archive Foundation, how to help produce our new
eBooks, and how to subscribe to our email newsletter to hear
about new eBooks.