Abstract : Event logs are information-rich and complex data that keep track of the activity taking place in a computer network, and can therefore contain traces of malicious activity when an intrusion happens. However, such traces are scarce and buried under considerable volumes of unrelated information, making the use of event logs for intrusion detection a challenging research topic. We review some recent contributions to that area of research, focusing on the application of statistical analysis to various types of event logs collected over a computer network. Emphasis is put on the formalism used to translate the data into a collection of mathematical objects suited to statistical modelling.
https://hal.telecom-paris.fr/hal-03123038 Contributor : Corentin LarrocheConnect in order to contact the contributor Submitted on : Wednesday, January 27, 2021 - 2:37:51 PM Last modification on : Wednesday, November 3, 2021 - 6:21:11 AM Long-term archiving on: : Wednesday, April 28, 2021 - 6:52:05 PM
Corentin Larroche, Johan Mazel, Stéphan Clémençon. Recent Trends in Statistical Analysis of Event Logs for Network-Wide Intrusion Detection. Conference on Artificial Intelligence for Defense (CAID), Dec 2020, Rennes, France. ⟨hal-03123038⟩