Abstract
The number of attacks on government websites has escalated in the last years. In order to assist in the detection process conducted by cybersecurity analysts, this document suggests implementing machine learning techniques over web server access logs. The overall objective is to optimize the detection time using a customized classifier which selects traces corresponding to anomalous activity. Specifically, web server combined log format (CLF) access logs coded as real vectors are an input to a weighted K-NN nearest neighbors’ model. The methodology was tested on datasets and premises provided by the CERTuy (National Cybersecurity Event Response Team) and the SOC (Security Operations Center). According to evaluations 82% of cybersecurity offenses have been detected, 80% of normal behavior has been filtered and the reduction time has been reduced from 13 hours to 15 minutes.
Highlights
Summary.- The number of attacks on government websites has escalated in the last years
En la publicación de Zhang et al [2] se intentó resolver un problema similar para detectar incidentes de ciberseguridad, en sitios web del Estado chino, estudiando el análisis del tráfico HTTP
Reducción en tiempo de detección de logs normales.- Este indicador se midió según la cantidad de horas requeridas para encontrar un volumen de 1 gigabyte de logs anormales
Summary
Summary.- The number of attacks on government websites has escalated in the last years. 2. Definición del problema.- El objetivo es optimizar la duración de análisis de logs de acceso en formato CLF correspondientes a sitios web por parte del equipo de respuesta (CERTuy) y operaciones en seguridad (SOC) de AGESIC frente a incidentes de ciberseguridad. Seguidamente los analistas filtran los datos para identificar líneas anómalas que indican el momento en el que el atacante accedió al sitio en base a la fecha del incidente.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call