Cybersecurity management through logging analytics

Abstract

To make cybersecurity efforts proactive rather than solely reactive, this work proposes using machine learning to process large network related data: We collect various performance metrics in a network and use machine learning techniques to identify anomalous behavior. We introduce the novel idea of using weighted trust to prevent corruption of classifiers. Our design combines all aspects of a log management system into one distributed application for a data center to effectively offer logging, aggregation, monitoring and intelligence services. For this, we employ a three-component log management system: (1) to actively extract metrics from machines, (2) to aggregate and analyze extracted metrics to detect anomalous behavior, and (3) to allow reviewing collected metrics and to report on anomalous behavior observed. Our system runs at network and application layers and is concerned with risk mitigation and assessment. Several machine learning techniques are compared w.r.t. their classification, as well as detection performances.