Okta logs are used today to detect cybersecurity events using various rule-based models with restricted look back periods. These functions have limitations, such as a limited retrospective analysis, a predefined rule set, and susceptibility to generating false positives. To address this, we adopt unsupervised techniques, specifically employing autoencoders. To properly use an autoencoder, we need to transform and simplify the complexity of the log data we receive from our users. This transformed and filtered data is then fed into the autoencoder, and the output is evaluated.
@article{arxiv.2411.07314,
title = {Anomaly Detection in OKTA Logs using Autoencoders},
author = {Jericho Cain and Hayden Beadles and Karthik Venkatesan},
journal= {arXiv preprint arXiv:2411.07314},
year = {2024}
}
Comments
11 pages, 3 tables, 8 figures, Databricks AI Summit 2024