The 8th IEEE International Workshop on Trusted Collaboration

Research Article

Finding Anomalies in Windows Event Logs Using Standard Deviation

Download607 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254136,
        author={John Dwyer and Traian Marius Truta},
        title={Finding Anomalies in Windows Event Logs Using Standard Deviation},
        proceedings={The 8th IEEE International Workshop on Trusted Collaboration},
        publisher={ICST},
        proceedings_a={TRUSTCOL},
        year={2013},
        month={11},
        keywords={windows event logs standard deviation anomaly detection},
        doi={10.4108/icst.collaboratecom.2013.254136}
    }
    
  • John Dwyer
    Traian Marius Truta
    Year: 2013
    Finding Anomalies in Windows Event Logs Using Standard Deviation
    TRUSTCOL
    ICST
    DOI: 10.4108/icst.collaboratecom.2013.254136
John Dwyer1, Traian Marius Truta1,*
  • 1: Northern Kentucky University
*Contact email: trutat1@nku.edu

Abstract

Security is one of the biggest concerns of any company that has an IT infrastructure. Windows event logs are a very useful source of data for security information, but sometimes can be nearly impossible to use due to the complexity of log data or the number of events generated per minute. For this reason, event log data must be automatically processed so that an administrator is given a list of events that actually need the administrator’s attention. This has been standard in intrusion detection systems for many years to find anomalies in network traffic, but has not been common in event log processing. This paper will adapt these intrusion detection techniques for Windows event log data sets to find anomalies in these log data sets.