使用标准偏差在windows事件日志中查找异常

9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing Pub Date : 2013-12-12 DOI:10.4108/ICST.COLLABORATECOM.2013.254136

J. Dwyer, T. Truta

{"title":"使用标准偏差在windows事件日志中查找异常","authors":"J. Dwyer, T. Truta","doi":"10.4108/ICST.COLLABORATECOM.2013.254136","DOIUrl":null,"url":null,"abstract":"Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator's attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.","PeriodicalId":222111,"journal":{"name":"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Finding anomalies in windows event logs using standard deviation\",\"authors\":\"J. Dwyer, T. Truta\",\"doi\":\"10.4108/ICST.COLLABORATECOM.2013.254136\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator's attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.\",\"PeriodicalId\":222111,\"journal\":{\"name\":\"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/ICST.COLLABORATECOM.2013.254136\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.COLLABORATECOM.2013.254136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

安全性是任何拥有IT基础设施的公司最关心的问题之一。Windows事件日志是非常有用的安全信息数据源，但由于日志数据的复杂性或每分钟生成的事件数量，有时几乎无法使用。出于这个原因，必须自动处理事件日志数据，以便向管理员提供实际需要管理员注意的事件列表。多年来，这一直是入侵检测系统中发现网络流量异常的标准方法，但在事件日志处理中并不常见。本文将这些入侵检测技术应用于Windows事件日志数据集，以发现这些日志数据集中的异常。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Finding anomalies in windows event logs using standard deviation

Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator's attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

自引率

0.00%

发文量