Abstract
To make cybersecurity efforts proactive rather than solely reactive, this work proposes using machine learning to process large network related data: We collect various performance metrics in a network and use machine learning techniques to identify anomalous behavior. We introduce the novel idea of using weighted trust to prevent corruption of classifiers. Our design combines all aspects of a log management system into one distributed application for a data center to effectively offer logging, aggregation, monitoring and intelligence services. For this, we employ a three-component log management system: (1) to actively extract metrics from machines, (2) to aggregate and analyze extracted metrics to detect anomalous behavior, and (3) to allow reviewing collected metrics and to report on anomalous behavior observed. Our system runs at network and application layers and is concerned with risk mitigation and assessment. Several machine learning techniques are compared w.r.t. their classification, as well as detection performances.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Steinberger, R.: Proactive vs. Reactive Security. http://www.crime-research.org/library/Richard.html
Application Security, Deconstructed and Demystified, Infosec Institute (2011). http://resourcesinfosecinstitute.com/application-security-deconstructed/
Kent, K., Souppaya, M.: Guide to Computer Security Log Management. NIST Special Publication 800-92 (2006)
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems. National Institute of Standards and Technology, Gaithersburg. Special Publication 800-94 (2007)
Lee, W., Stolfo, S.J.: Learning patterns from unix process execution traces for intrusion detection. AAAI technical report WS-97-07, pp. 50–56 (1997)
Ramanan, S.: What are the top 10 cybersecurity breaches of 2015? https://www.quora.com/What-are-the-top-10-Cyber-security-breaches-of-2015
Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B., Tygar J.D.: Adversarial Machine Learning. In: AISec 2011, pp. 43–58 (2011)
Blum, A.L., Langley, P.: Selection of relevant features and examples in machine learning. Artif. Intell. 97, 245–271 (1997)
Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ASIACCS 2006, pp. 16–25 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Muggler, M., Eshwarappa, R., Cankaya, E.C. (2018). Cybersecurity Management Through Logging Analytics. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)