Journal article
Anomaly detection in a forensic timeline with deep autoencoders
Journal of Information Security and Applications, Vol.63, Art. 103002
2021
Abstract
An investigator needs to analyze a forensic timeline after a cybersecurity incident has occurred. Log entries from various sources are used to generate a forensic timeline. Finding the anomalous activities recorded in these log records is a difficult task if manual inspection or keyword searches are used. In this work, we propose a method for identifying anomalies in a forensic timeline. We use deep autoencoders as a machine learning technique to establish a baseline for normal activities in log files. Furthermore, we set an anomaly threshold of reconstruction value based on the constructed baseline. We then plot these anomalous events on a forensic timeline. Our experiments indicate that the proposed method achieves superior performance compared to other log anomaly detection methods with overall mean F1 score and accuracy of 94.036% and 96.720%, respectively.
Details
- Title
- Anomaly detection in a forensic timeline with deep autoencoders
- Authors/Creators
- H. Studiawan (Author/Creator) - Sepuluh Nopember Institute of TechnologyF. Sohel (Author/Creator) - Murdoch University
- Publication Details
- Journal of Information Security and Applications, Vol.63, Art. 103002
- Publisher
- Elsevier Ltd
- Identifiers
- 991005543328407891
- Copyright
- © 2021 Published by Elsevier Ltd.
- Murdoch Affiliation
- School of Information Technology
- Language
- English
- Resource Type
- Journal article
Metrics
99 Record Views
InCites Highlights
These are selected metrics from InCites Benchmarking & Analytics tool, related to this output
- Collaboration types
- Domestic collaboration
- International collaboration
- Citation topics
- 4 Electrical Engineering, Electronics & Computer Science
- 4.47 Software Engineering
- 4.47.2804 Microservices Diagnostics
- Web Of Science research areas
- Computer Science, Information Systems
- ESI research areas
- Computer Science