Log Files Analysis For Network Intrusion Detection
André Brandão, Pétia Georgieva
Abstract
Information security remains an unsolved challenge for organizations, because every day brings new and sophisticated cyber-attacks. The implementation of network security operation systems is a new trend in the companies, to permanently monitor the logs and, in case of any anomalous traffic, to detect and hopefully prevent any security incident. These systems generate a huge amount of logs per second to be handled, leading to the need of automated ways to identify the cyber-attacks.In this paper we propose an effective Log-based Intrusion Detection System (LIDS), to predict an attack or not, based on carefully selected features. The logs from various sources are aggregated into one dashboard and the most discriminative features are first determined. For the attack prediction, a few machine learning techniques were comparatively tested, with the Decision tree being the winner. The proposed system is illustrated with the largest publicly available labelled log file dataset KDD Cup 1999.