Toward a Log-based Anomaly Detection System for Cyber Range Platforms

Nowadays, the Information Technology landscape is permeated by a multitude of vulnerabilities and threats. The constantly rising number of heterogeneous devices makes difficult or even impossible a complete mapping of all possible threats to which they are exposed. Antivirus and Anti-malware tools have been developed to quickly detect anomalous software or behaviors. However, these solutions often rely on a knowledge base stored in such a kind of database. They are not effective against unknown attacks, also known as zero-day attacks. By relying on (network/system) log analysis it is possible to detect attacker activities. The log analysis plays a crucial role against cyber threats providing an effective tool in order to detect them rapidly and build advanced monitoring systems. However, log consultation can often be a challenging and costly task. Over time, useful tools and utilities have been developed to simplify the task for analysts. This paper presents a system capable to detect attackers’ activities in a Cyber Range platform. The system also features the visualization of attackers’ activity traces represented as attack graphs.