Please use this identifier to cite or link to this item:

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

File Size Format  
0192.pdf 833.3 kB Adobe PDF View/Open

Item Summary

Title:Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics
Authors:Bihl, Trevor
Gutierrez, Robert
Bauer, Kenneth
Boehmke, Brad
Saie, Cade
Keywords:Cybersecurity and Privacy in Government
data mining
show 2 moregovernment
topological data analysis
show less
Date Issued:07 Jan 2020
Abstract:Forensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback. Topological Data Analysis (TDA) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files. Using real-world firewall log data from an enterprise-level organization, our end-to-end evaluation shows the effective detection and interpretation of log anomalies via the proposed process, many of which would have otherwise been missed by traditional means.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cybersecurity and Privacy in Government

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons