Application of data mining techniques to TCP/IP network traffic logs analysis / Aplicação de técnicas de data mining para a análise de logs de trafégo TCP/IP

AUTOR(ES)
DATA DE PUBLICAÇÃO

2007

RESUMO

Since the popularization of the Internet in recent years, the amount and variety of computer network services has greatly increased. At the same time new methods to commit crimes using these services appeared, mostly by attempting intrusion or compromising networks. Logging network and application activities through collection and storing of network logs is a very important step to allow further event analysis in order to discover errors, anomalies or even to characterize attacks and intrusion. In spite of the importance of this task, even today log analysts suer from a lack of tools to classify correctly interesting logs, making the analysis task impossible to be accomplished timely. This fact can lead to the compromise of an institutions network without counter measures being taken in time. In this work we aim to present the log analysis problems, to discuss log filtering, handling and intrusion detection approaches through data mining techniques, to evaluate some data mining algorithms to apply them on network trac logs separation and to build a prototype to perform log reduction with an acceptable rate of false positives. Tests were done with some algorithms such as nearest neighbors, multilayer perceptrons and decision trees, which allowed the deployment of a modular prototype using decision trees to automatize log classification and reduce logs to a small set of suspicious sessions. A case study containing the prototype application and the results obtained with reduction rates in the log sets greater than 90% are also presented.

ASSUNTO(S)

detecção de intrusão análise de logs computação aplicada segurança de sistema de informação data mining redes de computadores

ACESSO AO ARTIGO

Documentos Relacionados