Title :
System Anomaly Detection: Mining Firewall Logs
Author :
Winding, Robert ; Wright, Timothy ; Chapple, Michael
Author_Institution :
Notre Dame Univ., IN
fDate :
Aug. 28 2006-Sept. 1 2006
Abstract :
This paper describes an application of data mining and machine learning to discovering network traffic anomalies in firewall logs. There is a variety of issues and problems that can occur with systems that are protected by firewalls. These systems can be improperly configured, operate unexpected services, or fall victim to intrusion attempts. Firewall logs often generate hundreds of thousands of audit entries per day. It is often easy to use these records for forensics if one knows that something happened and when. However, it can be burdensome to attempt to manually review logs for anomalies. This paper uses data mining techniques to analyze network traffic, based on firewall audit logs, to determine if statistical analysis of the logs can be used to identify anomalies
Keywords :
authorisation; computer networks; data mining; learning (artificial intelligence); statistical analysis; telecommunication traffic; data mining; firewall audit log mining; machine learning; network traffic anomalies; statistical analysis; system anomaly detection; Data mining; Data security; Forensics; Intrusion detection; Machine learning; Protection; Reconnaissance; Statistical analysis; Telecommunication traffic; Traffic control; Data mining; Firewall log analysis; Intrusion Detection;
Conference_Titel :
Securecomm and Workshops, 2006
Conference_Location :
Baltimore, MD
Print_ISBN :
1-4244-0423-1
Electronic_ISBN :
1-4244-0423-1
DOI :
10.1109/SECCOMW.2006.359572
