|
|
Rating Log Events using Reputation and Anomaly Scores
Zbořil, Jan ; Burgetová, Ivana (oponent) ; Matoušek, Petr (vedoucí práce)
The current amount of data flowing through computer networks cannot be monitored by individuals. This data is also being saved by IDS or IPS systems to logs, which grow ever faster. The goal is thus to automatically reduce the amount of such logs, for them to contain only the most valuable information. Rating scores, such as anomaly score or a reputation scores, are valid metrics for determining whether the information (i.e., log event) is valuable or not. The goal of this thesis is to explore the current state of methods used for anomaly detection and reputation scoring. And to propose a solution on how to use data captured in the logs of network analysers like Suricata to detect anomalies in the traffic and score network nodes. A complete solution from data processing, scoring using methods for computation of reputation score and anomaly detection, and result interpretation, is developed and demonstrated on real-world data. A way of reducing the amount of log events by using the calculated scores is demonstrated. A resulting method of combining both scores to automatically rate the log events is demonstrated and explained on examples of the real scored data. Possible future uses of the results are discussed.
|
host ::
RSS.