SCOUT: Security by computing OUTliers on activity logs

The current increase in cybercrime is demanding more effective and efficient data exploration and analysis solutions that can help analysts to detect cyberattacks. However, the huge amount of data generated continuously confronts a number of technological difficulties and classical algorithms must be often redesigned to be able to deal with this seemingly endless stream of information coming from past activity logs and real-time data. In this paper, we propose a novel methodology able to identify security threats in activity logs. The contribution of the paper is twofold: we propose an encoding technique, based on prime numbers, that can be used to represent in a compact way a set of activities, we then describe an outlier detection algorithm which, based on the encoded activities, is able to detect malicious behavior. The extensive experimental analysis proved the effectiveness of the proposed methodology.