Finding anomalies in windows event logs using standard deviation

Abstract

Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator's attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.