A Study on Log Analysis Approaches Using Sandia Dataset

Modern enterprises collect, process, and analyze security data from various system and network logs. Previous studies show that, handling large security datasets and detecting anomalies from those are key challenges faced by most of todays' enterprises. Unfortunately most security professionals are inexperienced at performing data analysis. In this paper, we study published works analyzing one publicly accessible log dataset (Sandia Dataset) published by Los Alamos National Laboratory. We evaluate their data analysis methodology as well as results and found significant flaws in most analysis methodologies.