Publication: Detection of suspicious activities on windows systems with log analysis
No Thumbnail Available
Date
2022-12-21
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
In recent years, rapid technological developments in
many different fields have brought along various problems along
with many innovations. One of these problems is cyber-attacks.
Storing many records and data in digital media has made it very
important to protect these records and data. Continuous log
records play an important role in taking necessary precautions
against cyber-attacks by system administrators.
With the logging mechanism found in Windows systems, every
transaction made on the system is recorded. These log records are
analyzed with various algorithms and tools. As a result of these
analyzes, suspicious or attacker behaviors on the system are
detected. In this study, various cyber-attacks were tested in an
environment where these Windows systems are located. As a result
of these tests, the logs formed in the systems were collected and
analyzed with the ELK Stack toolkit. As a result of these analyzes,
the attacks were determined and associated with the tactics and
techniques on Mitre ATT & CK.
Description
Keywords
Log analysis, Mitre Att&CK, ELK Stack, Windows Systems
Citation
Öztürk A., ÜLKÜ E. E., \"Detection of Suspicious Activities on Windows Systems with Log Analysis\", International Conference on Engineering Technologies 2022 (ICENTE'2022), Konya, Türkiye, 17 Kasım 2022