2020
DOI: 10.24251/hicss.2020.238
|View full text |Cite
|
Sign up to set email alerts
|

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Abstract: Forensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, simil… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
1

Relationship

0
4

Authors

Journals

citations
Cited by 4 publications
(3 citation statements)
references
References 24 publications
0
3
0
Order By: Relevance
“…The Mapper algorithm has three main steps: (1) the placement of input data in one or more bins, (2) inter-and intra-clustering within and between bins, and (3) finally, the creation of a new graphical network where clusters act as vertices and interactions between clusters act as edges (Bihl, et al, 2020). Mapper's most popular Python implement is KeplerMapper, which is a part of the larger suite of libraries, scikit-tda (see (Saul & Tralie, 2019)) (van Veen, et al, 2019).…”
Section: Mappermentioning
confidence: 99%
“…The Mapper algorithm has three main steps: (1) the placement of input data in one or more bins, (2) inter-and intra-clustering within and between bins, and (3) finally, the creation of a new graphical network where clusters act as vertices and interactions between clusters act as edges (Bihl, et al, 2020). Mapper's most popular Python implement is KeplerMapper, which is a part of the larger suite of libraries, scikit-tda (see (Saul & Tralie, 2019)) (van Veen, et al, 2019).…”
Section: Mappermentioning
confidence: 99%
“…We also considered the spectrum of the graph Laplacian and the hypergraph Laplacian as features. 2 By considering the 0 and 1-simplices of the final simplicial complex in the filtration we obtain a graph. We compute the spectrum of its Laplacian, which we use as a feature vector.…”
Section: Previous Workmentioning
confidence: 99%
“…Finally, we implemented the count vectorisation strategy discussed in Section 2.2 as our baseline [14]. This vector is commonly used in the literature for automated anomaly detection in logs, so is a suitable comparison for our techniques [2,7]. We refer to this baseline as 'counts'.…”
Section: Previous Workmentioning
confidence: 99%