Download Full Text (1.9 MB)
As servers move to the cloud, sources for security analysis become more limited. Security teams must make the most of the resources available to them. Our project attempts to fulfill this need by providing a template-based application to analyze and detect security events in logs that are available in cloud environments. We focus on authentication logs, but analysis modules can be added to flag anomalies in any log.
The deliverables include log analysis, including successive repeated failures, location-based anomalies, and excessive failed login attempts across multiple accounts. To present our findings we output the results to a web interface for further analysis by a security team.
Our project was limited by time, knowledge, available hardware and log sources. Under these constraints we developed a server-based solution that analyzes authentication logs and presents the data in an easily understood format.
An authentication data log for a large organization can contain millions of events. To narrow down the large volume of information into a manageable number of interesting events, we analyzed the data-based on a set of our proposed criteria. The information that results from the analysis is easily read and used for further investigation into possible malicious behavior.
The market impact of a comprehensive security engine capable of analyzing large amounts of seemingly unconnected data and reducing them into only the interesting entries would be significant. It would save security teams time, improve the incident detection efficiency, and help focus efforts and funds where they are needed most.
Computer engineering, anomaly, cloud, log, security
Computer Engineering | Engineering
VCU Capstone Design Expo Posters
© The Author(s)
Date of Submission