Behavioral analysis of Active Directory logs

Abstract

This thesis focuses on the behavioral analysis of log data for anomaly detection and clustering in the field of cybersecurity. The objective is to obtain insights into patterns, anomalies, and potential threats present in sonatrach’s logs. Various algorithms, including K-means, DBSCAN, GMM, and Isolation Forest, were evaluated and compared in terms of their performance in detecting anomalies and clustering the data. The results showed that while K-means performed poorly, DBSCAN, GMM, and Isolation Forest exhibited different levels of sensitivity and performance. The findings provide valuable insights for improving anomaly detection and threat analysis in cybersecurity. Keywords : anomaly detection, behavioral analysis, clustering, preprocessing, machine learning.