Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Anomaly detection in a forensic timeline with deep autoencoders

Studiawan, H. and Sohel, F. (2021) Anomaly detection in a forensic timeline with deep autoencoders. Journal of Information Security and Applications, 63 . Art. 103002.

Link to Published Version: https://doi.org/10.1016/j.jisa.2021.103002
*Subscription may be required

Abstract

An investigator needs to analyze a forensic timeline after a cybersecurity incident has occurred. Log entries from various sources are used to generate a forensic timeline. Finding the anomalous activities recorded in these log records is a difficult task if manual inspection or keyword searches are used. In this work, we propose a method for identifying anomalies in a forensic timeline. We use deep autoencoders as a machine learning technique to establish a baseline for normal activities in log files. Furthermore, we set an anomaly threshold of reconstruction value based on the constructed baseline. We then plot these anomalous events on a forensic timeline. Our experiments indicate that the proposed method achieves superior performance compared to other log anomaly detection methods with overall mean F1 score and accuracy of 94.036% and 96.720%, respectively.

Item Type: Journal Article
Murdoch Affiliation(s): IT, Media and Communications
Publisher: Elsevier Ltd
Copyright: © 2021 Published by Elsevier Ltd.
URI: http://researchrepository.murdoch.edu.au/id/eprint/62803
Item Control Page Item Control Page