Network Event Classification for Security of IT Infrastructure

Abstract

The number of devices connected over the Internet are expected to grow tremendously over the next few years. Maintaining secure communications between these network-enabled devices would be a major challenge. By carefully examining the events generated by these devices it is expected to gain some insights into their behavior and identifying if a device has been compromised. One of the major challenges in classifying the events generated by these devices is the inconsistencies in the data formats of these events and the separators between them. The approach presented in this paper is based on identifying and grouping similar events generated by these devices using an Agglomerative Hierarchical Clustering technique. To deal with the inconsistencies of formats and delimiters, some data preprocessing was used. The methodology proposed in this study was successful in identifying events stored in fifteen data files tested for analysis. The results indicate that the combination of text processing techniques in conjunction with machine learning based unsupervised learning offers promising alternatives in separating events generated by the network-enabled devices and, thus, facilitating a better understanding of their behavior and identifying potential security breaches.