Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Question

1. What contributions have the authors mentioned in the paper "Topological data analysis for enhancing embedded analytics for enterprise cyber log analysis and forensics" ?

2. What are the future works in "Topological data analysis for enhancing embedded analytics for enterprise cyber log analysis and forensics" ?

3. What was the first use of TDA for cyber log analytics?

4. How many components are retained in the example state vector matrix?

Accepted Answer

This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback.. Topological Data Analysis ( TDA ) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files.

Accepted Answer

Future work can also involve extending the TFV process to include sparse data fields, which are currently removed due to multicollinearity issues.. Further future work can consider further automation of the general process in Figure 4 to bring human analysts ; which could be accomplished by automating the novelty detection of TDA data products.

Accepted Answer

For cyber log analytics, the authors employed a tabulated feature vector (TFV) approach which extracted numerical, and non-sparse, data from sparse log files.

Accepted Answer

When considering the example state vector matrix through this process, the dimensionality of columns is reduced from 91 variables to 6 retained components/factors.

Accepted Answer

Of particular interest appears Block 48, which has high levels of activity from Country 27, as well as the adjacent Block 49, which also appears.

Accepted Answer

The closest application of TDA to log analysis is that of Chow [15], who applied TDA to Windows event logs from the BRAWL (Blue versus Red Agent War-game Evaluation) project.

Accepted Answer

Future work can also involve extending the TFV process to include sparse data fields, which are currently removed due to multicollinearity issues.

Accepted Answer

By enabling one to repeated query the dataset through the feedback mechanism, the authors showed how one can find anomalous behavior to examine which would have been missed by approaches in literature.

Accepted Answer

e-Government cyber systems are enterprise level systems which encompass a variety of devices and standards due to the myriad of e-Government services offered.

Accepted Answer

As described in [3], preprocessing involves: 1. Dividing the log file into time-regional blocks 2. Creating tabulated state vectors 3.

Accepted Answer

The process to create a TFV involves i) condensing text fields into columns of unique counts, and ii) summations of the original numerical values, which results in the TFV seen in Figure 2b.

Accepted Answer

Of interest in this paper is proposing and employing a combined experiential and analytical approach to log forensics through a data driven embedded application.

Accepted Answer

Whole log files can be divided into blocks by specifying an amount of time each block should represent or the number of observations each block represents.

Accepted Answer

Additional research can involve TDA in general, including better understanding the TDA hyperparameter space, comparison with other clustering methods, and selecting appropriate analytics given TDA outputs on the shape of the data.

Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What contributions have the authors mentioned in the paper "Topological data analysis for enhancing embedded analytics for enterprise cyber log analysis and forensics" ?

2. What are the future works in "Topological data analysis for enhancing embedded analytics for enterprise cyber log analysis and forensics" ?

3. What was the first use of TDA for cyber log analytics?

4. How many components are retained in the example state vector matrix?

5. What is the interesting block in the diagram?

6. What is the closest application of TDA to log analysis?

7. What can be done to improve the TFV process?

8. How can one find anomalous behavior to examine?

9. What is the definition of e-Government cyber systems?

10. What is the process of preparing log data?

11. What is the process to create a TFV?

12. What is the purpose of this paper?

13. How can a log file be divided into blocks?

14. What can be done to improve the accuracy of the analysis?

Figures

Citations

Virtual Knowledge Graphs for Federated Log Analysis

Application of Data Analytics to Cyber Forensic Data

Networked Intelligence: Towards Autonomous Cyber Physical Systems

Topological Data Analysis for Anomaly Detection in Host-Based Logs

Identification of deviations in behavioral patterns of users of corporate information resources using topological features

References

Statistical pattern recognition: a review

An Intrusion-Detection Model

Review: Intrusion detection system: A comprehensive review

A survey of network anomaly detection techniques

A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection.

Related Papers (5)

Data mining based cyber-attack detection

Intrusion Detection in Cyber Security: Role of Machine Learning and Data Mining in Cyber Security

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

Cyber Security Datasets Research

Modeling of Cyber Reconnaissance through the Analysis of Hidden IP based Web Access logs