Topological Data Analysis for Anomaly Detection in Host-Based Logs. (arXiv:2204.12919v1 [cs.LG])

Topological Data Analysis (TDA) gives practioners the ability to analyse the
global structure of cybersecurity data. We use TDA for anomaly detection in
host-based logs collected with the open-source Logging Made Easy (LME) project.
We present an approach that builds a filtration of simplicial complexes
directly from Windows logs, enabling analysis of their intrinsic structure
using topological tools. We compare the efficacy of persistent homology and the
spectrum of graph and hypergraph Laplacians as feature vectors against a
standard log …

analysis anomaly detection data data analysis detection host lg logs