IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Threat Hunting in Windows Using Big Security Log Data

Threat Hunting in Windows Using Big Security Log Data
View Sample PDF
Author(s): Mohammad Rasool Fatemi (University of New Brunswick, Canada)and Ali A. Ghorbani (University of New Brunswick, Canada)
Copyright: 2020
Pages: 21
Source title: Security, Privacy, and Forensics Issues in Big Data
Source Author(s)/Editor(s): Ramesh C. Joshi (Graphic Era University, Dehradun, India)and Brij B. Gupta (National Institute of Technology, Kurukshetra, India)
DOI: 10.4018/978-1-5225-9742-1.ch007

Purchase

View Threat Hunting in Windows Using Big Security Log Data on the publisher's website for pricing and purchasing information.

Abstract

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

Related Content

Chaymaâ Boutahiri, Ayoub Nouaiti, Aziz Bouazi, Abdallah Marhraoui Hsaini. © 2024. 14 pages.
Imane Cheikh, Khaoula Oulidi Omali, Mohammed Nabil Kabbaj, Mohammed Benbrahim. © 2024. 30 pages.
Tahiri Omar, Herrou Brahim, Sekkat Souhail, Khadiri Hassan. © 2024. 19 pages.
Sekkat Souhail, Ibtissam El Hassani, Anass Cherrafi. © 2024. 14 pages.
Meryeme Bououchma, Brahim Herrou. © 2024. 14 pages.
Touria Jdid, Idriss Chana, Aziz Bouazi, Mohammed Nabil Kabbaj, Mohammed Benbrahim. © 2024. 16 pages.
Houda Bentarki, Abdelkader Makhoute, Tőkési Karoly. © 2024. 10 pages.
Body Bottom