Knowledge Discovery from Network Logs
Sipola, T. (2015). Knowledge Discovery from Network Logs. In M. Lehto, & P. Neittaanmäki (Eds.), Cyber Security: Analytics, Technology and Automation (pp. 195-203). Intelligent Systems, Control and Automation: Science and Engineering, 78. Springer International Publishing. doi:10.1007/978-3-319-18302-2_12
© 2015 Springer
Modern communications networks are complex systems, which facilitates malicious behavior. Dynamic web services are vulnerable to unknown intrusions, but traditional cyber security measures are based on fingerprinting. Anomaly detection differs from fingerprinting in that it finds events that differ from the baseline traffic. The anomaly detection methodology can be modelled with the knowledge discovery process. Knowledge discovery is a high-level term for the whole process of deriving actionable knowledge from databases. This article presents the theory behind this approach, and showcases research that has produced network log analysis tools and methods.