Litcius/Paper detail

Log Files Analysis For Network Intrusion Detection

André Brandão, Pétia Georgieva

202019 citationsDOI

Abstract

Information security remains an unsolved challenge for organizations, because every day brings new and sophisticated cyber-attacks. The implementation of network security operation systems is a new trend in the companies, to permanently monitor the logs and, in case of any anomalous traffic, to detect and hopefully prevent any security incident. These systems generate a huge amount of logs per second to be handled, leading to the need of automated ways to identify the cyber-attacks.In this paper we propose an effective Log-based Intrusion Detection System (LIDS), to predict an attack or not, based on carefully selected features. The logs from various sources are aggregated into one dashboard and the most discriminative features are first determined. For the attack prediction, a few machine learning techniques were comparatively tested, with the Decision tree being the winner. The proposed system is illustrated with the largest publicly available labelled log file dataset KDD Cup 1999.

Topics & Concepts

Computer scienceIntrusion detection systemDiscriminative modelDashboardDecision treeNetwork forensicsNetwork securityData miningComputer securityMachine learningDatabaseDigital forensicsNetwork Security and Intrusion DetectionAnomaly Detection Techniques and ApplicationsInternet Traffic Analysis and Secure E-voting