Statistical Analysis of Unauthorized-Access Log Data and Its Interpretation

We have studied how we analyse unauthorized network access logs and our empirical studies have suggested that we could classify the logs into some typical patterns and tried to develop methodology, to reveal them with aggregated statistical methodologies including symbolic data analysis (SDA). Our motivation is to extract some specific patterns from the logs. Many applications have been already developed to detect anomalies from them, but few are mainly based on statistics. To improve their quality, a mathematical viewpoint is key since most unauthorized actions are based on automatic algorithms. Thus we could apply some statistical (and intensive) model to them. When we develop an intensive statistical analysis for this data, SDA, known as a typical aggregated data analysis method would be applicable. In the study, we discuss how we aggregate the original log data and derive a reasonable classification and interpretation through the analyses.