System Anomaly Detection: Mining Firewall Logs

Winding, Robert; Wright, Timothy; Chapple, Michael J.

doi:10.1109/seccomw.2006.359572

Cited by 27 publications

(20 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tabulated feature vector (TFV) extraction gets around difficulties handling mixed and sparse data and facilitates the use of statistical methods for log data. The method proposed by Winding et al [32], and further applied in [3] takes log files and aggregates observations. The resultant feature vector is a count of occurrences of unique values and columns [32].…”

Section: Tabulated Feature Vectors (Tfvs)mentioning

confidence: 99%

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Bihl

Gutierrez

Bauer

et al. 2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Forensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback. Topological Data Analysis (TDA) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files. Using real-world firewall log data from an enterprise-level organization, our end-to-end evaluation shows the effective detection and interpretation of log anomalies via the proposed process, many of which would have otherwise been missed by traditional means.

show abstract

Section: Tabulated Feature Vectors (Tfvs)mentioning

confidence: 99%

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Bihl

Gutierrez

Bauer

et al. 2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Machine learning techniques are used in the latest firewalls for identifying the threats based on logs of previous firewalls. These firewall logs store tons of information on these threats like, time of the attack done, that helps find and analyzing the new reasonably cyberattacks [3].…”

Section: Introductionmentioning

confidence: 99%

Backdoor Implementation in Android using Open Source Tools

Reddy. R*,

Sri,

Sai.P

et al. 2020

IJITEE

View full text Add to dashboard Cite

In this paper, we are showing the usage of hacking into android framework with the help of an open source tool. Turn around TCP opens an indirect access on the target system and which is remotely operated by the attacker without the target's information. However the connection must be initiated by the victim. The Metasploit tool is an open source tool. It help about the susceptibilities and helps in performing penetration testing. Metasploit framework consists of an exploits database, payloads, and vulnerabilities. By this attack, the assaulter creates a payload, and that payload is transferred into the victim system. When the payload is initiated, the attacker gets access to the victim’s system, files, images, contacts, messages etc.

show abstract

“…Moreover, much of the related research has focused on anomaly detection at the device/software level (i.e. Lazarevic et al, 2003;Denning, 1987;Garcia-Teodoro et al, 2009), with little exploration into anomaly detection in the log files generated from the preexisting devices or software (i.e McDonald et al, 2012;Winding et al, 2006;Breier and Branišová, 2015). Consequently, efficient analytic approaches are desirable to help detect anomalous activity in cyber network log data .…”

Section: Introductionmentioning

confidence: 99%

anomalyDetection: Implementation of Augmented Network Log Anomaly Detection Procedures

Gutierrez¹,

Boehmke²,

Bauer³

et al. 2017

The R Journal

View full text Add to dashboard Cite

As the number of cyber-attacks continues to grow on a daily basis, so does the delay in threat detection. For instance, in 2015, the Office of Personnel Management discovered that approximately 21.5 million individual records of Federal employees and contractors had been stolen. On average, the time between an attack and its discovery is more than 200 days. In the case of the OPM breach, the attack had been going on for almost a year. Currently, cyber analysts inspect numerous potential incidents on a daily basis, but have neither the time nor the resources available to perform such a task. anomalyDetection aims to curtail the time frame in which anomalous cyber activities go unnoticed and to aid in the efficient discovery of these anomalous transactions among the millions of daily logged events by i) providing an efficient means for pre-processing and aggregating cyber data for analysis by employing a tabular vector transformation and handling multicollinearity concerns; ii) offering numerous built-in multivariate statistical functions such as Mahalanobis distance, factor analysis, principal components analysis to identify anomalous activity, iii) incorporating the pipe operator (%>%) to allow it to work well in the tidyverse workflow. Combined, anomalyDetection offers cyber analysts an efficient and simplified approach to break up network events into time-segment blocks and identify periods associated with suspected anomalies for further evaluation.

show abstract

System Anomaly Detection: Mining Firewall Logs

Cited by 27 publications

References 2 publications

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Backdoor Implementation in Android using Open Source Tools

anomalyDetection: Implementation of Augmented Network Log Anomaly Detection Procedures

Contact Info

Product

Resources

About