Log Analyzer To Detect Malicious Attacks Based On Pattern Matching

Sreenidhi Institute of Science and Technology, Cyber Security Department, Yamnampet, Hyderabad, Telangana, India

^* N. N. A. G. Sadasiva Murthy: 21311a6201@sreenidhi.edu.in

Abstract

The Log Analyzer scan through the system logs and search for patterns found in particular cyber threat and come to conclusion whether a system is infiltrated and data is being breached, given if the patterns of cyber threat match with the system logs and further the tool automates the process of detecting the malicious activities. The tool has the capability to detect and analyze the potential threats such as malware, unauthorized access, DOS attack and other few attacks through the given built-in patterns. Given that the tool might lack the ability to detect sophisticated intrusions only with pattern matching regular expressions, the machine learning algorithm Isolation Forest has been implemented for detecting anomalous behaviors. Tool can take custom patterns from end user to detect new kinds of vulnerabilities. The Log analyzer also has the functionality of creating an analyzed report from given logs in form of chart diagrams using data visualization techniques. The analysis report classifies each attack on basis of severity levels and also state at which hour of a day the system dealt with a kind of cyber threat. Based on the kind of system log provided the tool categories the log under suspicious and unsuspicious groups.