Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics
Document Type
Conference Proceeding
Publication Date
1-2020
Abstract
Forensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback. Topological Data Analysis (TDA) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files. Using real-world firewall log data from an enterprise-level organization, our end-to-end evaluation shows the effective detection and interpretation of log anomalies via the proposed process, many of which would have otherwise been missed by traditional means.
DOI
10.24251/hicss.2020.238
Source Publication
Proceedings of the 53rd Annual Hawaii International Conference on System Sciences, HICSS 2020
Recommended Citation
Bihl, T. J., Gutierrez, R. J., Bauer, K. W., Boehmke, B. C., & Saie, C. M. (2020). Topological data analysis for enhancing embedded analytics for enterprise cyber log analysis and forensics. In Proceedings of the 53rd Annual Hawaii International Conference on System Sciences, HICSS 2020 (pp. 1937–1946). http://hdl.handle.net/10125/63977
Comments
The "Link to Full Text" on this page will open or save the PDF of the conference paper, hosted at the conference website.
This is an Open Access conference paper published and distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License, which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way. CC BY-NC-ND 4.0
Please fully attribute as cited below in any re-use.