Title :
Finding anomalies in windows event logs using standard deviation
Author :
Dwyer, Johanna ; Truta, Traian Marius
Author_Institution :
Dept. of Comput. Sci., Northern Kentucky Univ., Highland Heights, KY, USA
Abstract :
Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator´s attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.
Keywords :
computational complexity; security of data; IT infrastructure; Windows event log anomalies; administrator attention; event log processing; intrusion detection systems; log data complexity; security information; standard deviation; Companies; Complexity theory; Cryptography; Databases; Servers; Standards; Anomaly Detection; Standard Deviation; Windows Event Logs;
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on
Conference_Location :
Austin, TX
