System Anomaly Detection: Mining Firewall Logs

Author

Winding, Robert ; Wright, Timothy ; Chapple, Michael

Author_Institution

Notre Dame Univ., IN

fYear

2006

fDate

Aug. 28 2006-Sept. 1 2006

Firstpage

1

Lastpage

5

Abstract

This paper describes an application of data mining and machine learning to discovering network traffic anomalies in firewall logs. There is a variety of issues and problems that can occur with systems that are protected by firewalls. These systems can be improperly configured, operate unexpected services, or fall victim to intrusion attempts. Firewall logs often generate hundreds of thousands of audit entries per day. It is often easy to use these records for forensics if one knows that something happened and when. However, it can be burdensome to attempt to manually review logs for anomalies. This paper uses data mining techniques to analyze network traffic, based on firewall audit logs, to determine if statistical analysis of the logs can be used to identify anomalies

Keywords

authorisation; computer networks; data mining; learning (artificial intelligence); statistical analysis; telecommunication traffic; data mining; firewall audit log mining; machine learning; network traffic anomalies; statistical analysis; system anomaly detection; Data mining; Data security; Forensics; Intrusion detection; Machine learning; Protection; Reconnaissance; Statistical analysis; Telecommunication traffic; Traffic control; Data mining; Firewall log analysis; Intrusion Detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Securecomm and Workshops, 2006

Conference_Location

Baltimore, MD

Print_ISBN

1-4244-0423-1

Electronic_ISBN

1-4244-0423-1

Type

conf

DOI

10.1109/SECCOMW.2006.359572

Filename

4198832