Reference Hub

This research has been cited in:

Article
A Survey on Threat Hunting in Enterprise NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2023.3299519
Article
Handling Insider Threat Through Supervised Machine Learning TechniquesProcedia Computer Science10.1016/j.procs.2020.10.012
Conference
An Analysis of Insider Attack Detection Using Machine Learning Algorithms2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)10.1109/ICMNWC56175.2022.10032009
Article
Evaluation of Local Security Event Management System vs. Standard Antivirus SoftwareApplied Sciences10.3390/app12031076

Threat Hunting in Windows Using Big Security Log Data

Mohammad Rasool Fatemi, Ali A. Ghorbani

Source Title: Security, Privacy, and Forensics Issues in Big Data

ISBN13: 9781522597421|ISBN10: 1522597425|ISBN13 Softcover: 9781522597438|EISBN13: 9781522597445

DOI: 10.4018/978-1-5225-9742-1.ch007

Cite Chapter Cite Chapter

MLA

Fatemi, Mohammad Rasool, and Ali A. Ghorbani. "Threat Hunting in Windows Using Big Security Log Data." Security, Privacy, and Forensics Issues in Big Data, edited by Ramesh C. Joshi and Brij B. Gupta, IGI Global, 2020, pp. 168-188. https://doi.org/10.4018/978-1-5225-9742-1.ch007

APA

Fatemi, M. R. & Ghorbani, A. A. (2020). Threat Hunting in Windows Using Big Security Log Data. In R. Joshi & B. Gupta (Eds.), Security, Privacy, and Forensics Issues in Big Data (pp. 168-188). IGI Global. https://doi.org/10.4018/978-1-5225-9742-1.ch007

Chicago

Fatemi, Mohammad Rasool, and Ali A. Ghorbani. "Threat Hunting in Windows Using Big Security Log Data." In Security, Privacy, and Forensics Issues in Big Data, edited by Ramesh C. Joshi and Brij B. Gupta, 168-188. Hershey, PA: IGI Global, 2020. https://doi.org/10.4018/978-1-5225-9742-1.ch007

Export Reference

Favorite

View Full Text HTML

View Full Text PDF

Abstract

System logs are one of the most important sources of information for anomaly and intrusion detection systems. In a general log-based anomaly detection system, network, devices, and host logs are all collected and used together for analysis and the detection of anomalies. However, the ever-increasing volume of logs remains as one of the main challenges that anomaly detection tools face. Based on Sysmon, this chapter proposes a host-based log analysis system that detects anomalies without using network logs to reduce the volume and to show the importance of host-based logs. The authors implement a Sysmon parser to parse and extract features from the logs and use them to perform detection methods on the data. The valuable information is successfully retained after two extensive volume reduction steps. An anomaly detection system is proposed and performed on five different datasets with up to 55,000 events which detects the attacks using the preserved logs. The analysis results demonstrate the significance of host-based logs in auditing, security monitoring, and intrusion detection systems.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Threat Hunting in Windows Using Big Security Log Data

MLA

APA

Chicago

Export Reference

Abstract

Request Access