Topological Data Analysis for Anomaly Detection in Host-Based Logs

by   Thomas Davies, et al.
The Alan Turing Institute

Topological Data Analysis (TDA) gives practioners the ability to analyse the global structure of cybersecurity data. We use TDA for anomaly detection in host-based logs collected with the open-source Logging Made Easy (LME) project. We present an approach that builds a filtration of simplicial complexes directly from Windows logs, enabling analysis of their intrinsic structure using topological tools. We compare the efficacy of persistent homology and the spectrum of graph and hypergraph Laplacians as feature vectors against a standard log embedding that counts events, and find that topological and spectral embeddings of computer logs contain discriminative information for classifying anomalous logs that is complementary to standard embeddings. We end by discussing the potential for our methods to be used as part of an explainable framework for anomaly detection.


page 2

page 4

page 7

page 9


Securing Manufacturing Using Blockchain

Due to the rise of Industrial Control Systems (ICSs) cyber-attacks in th...

Anomaly Detection for Network Connection Logs

We leverage a streaming architecture based on ELK, Spark and Hadoop in o...

Defining a Metric Space of Host Logs and Operational Use Cases

Host logs, in particular, Windows Event Logs, are a valuable source of i...

Xanthus: Push-button Orchestration of Host Provenance Data Collection

Host-based anomaly detectors generate alarms by inspecting audit logs fo...

Mind the Gap: A Well Log Data Analysis

The main task in oil and gas exploration is to gain an understanding of ...

Multi-Source Anomaly Detection in Distributed IT Systems

The multi-source data generated by distributed systems, provide a holist...

Anomaly Detection Using One-Class SVM for Logs of Juniper Router Devices

The article deals with anomaly detection of Juniper router logs. Abnorma...

Please sign up or login with your details

Forgot password? Click here to reset