MACHINE LEARNING BASED SECURITY ANALYSIS: ALARM GENERATION AND THREAT FORECASTING

Abstract

Log files keep activity records of each process performed have an important place in terms of security. Systems that provide infrastructure for applications such as network security mainly work on log management. Recently, when the security mechanisms of popular applications are examined, it has been observed that they aim to strengthen their infrastructures with machine learning (ML) methods, but in some respects, they have shortcomings. In this study, we aim to develop an alarm and security reporting system using ML methods. Our study differs from the others since it considers five separate feature (IP reputation, web reputation, malware destination access, botnet) and includes them into ML model.

Keywords

• Log analysis,security management,alarm system,machine learning

References

1. 1. Jansen, B. J., Spink, A., & Taksai, I. (2009). Handbook of research on web log analysis. London: Information Science Reference.
2. 2. T.C. Resm Gazete. Retrieved from https://www.resmigazete.gov.tr/eskiler/2007/11/20071130-6.htm, Aralık, 2019.
3. 3. Miller, D. (2011). Security information and event management (SIEM) implementation. McGraw-Hill.
4. 4. AlSabbagh, B., & Kowalski, S. (2016, August). A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM). In 2016 European Intelligence and Security Informatics Conference (EISIC) (pp. 192-195). IEEE.
5. 5. Deliang, C., Xing, L., & Qianli, Z. (2016, May). A comparative study on user characteristics of fixed and wireless network based on DHCP. In 2016 IEEE Information Technology, Networking, Electronic and Automation Control Conference (pp. 327-330). IEEE.
6. 6. Schleburg, M., Christiansen, L., Thornhill, N. F., & Fay, A. (2013). A combined analysis of plant connectivity and alarm logs to reduce the number of alerts in an automation system. Journal of process control, 23(6), 839-851.
7. 7. Ambre, A., & Shekokar, N. (2015). Insider threat detection using log analysis and event correlation. Procedia Computer Science, 45, 436-445.
8. 8. Li, T., & Yan, L. (2017, June). Siem based on big data analysis. In International Conference on Cloud Computing and Security (pp. 167-175). Springer, Cham.