|
PHYSICS AND MATHEMATICS
Overview of methods for static and dynamic clustering of security event logs
E. L. Krotova, R. A. Andreev, P. A. Andreeva Perm National Research Polytechnic University
Abstract:
Security event log files provide insight into the state of the information system and allow detecting anomalies in user behavior and information security incidents. However, automatic analysis of security event log data is difficult because it contains a huge amount of unstructured data collected from various sources. This article provides an overview of existing approaches that condense or summarize log data using clustering methods, namely static and dynamic clustering methods. The study examines the examples of using static and dynamic clustering of security event logs as well as limitations and problems in the use of these methods.
Keywords:
event logs, user behavior, anomalies, information security incidents, clustering.
Citation:
E. L. Krotova, R. A. Andreev, P. A. Andreeva, “Overview of methods for static and dynamic clustering of security event logs”, Meždunar. nauč.-issled. žurn., 2021, no. 4(106), 32–34
Linking options:
https://www.mathnet.ru/eng/irj607 https://www.mathnet.ru/eng/irj/v106/i4/p32
|
Statistics & downloads: |
Abstract page: | 77 | Full-text PDF : | 46 | References: | 16 |
|