1

I need to develop a report that will show automated queries in an audit log of queries on a system of the company. The logs have this fashion:

query_id id          query_time
1        1           2018-02-01 00:09:02
2        1           2018-02-01 00:24:55
3        1           2018-02-01 00:58:55
4        1           2018-02-01 01:01:49
5        1           2018-02-01 01:05:42
6        1           2018-02-01 01:18:56

Where query_id is an index of the query, the id is who has queried and query_time is the time of the query.

I tried to make the difference between the time of the queries and count how much was less than 60 seconds, but don't make the job. One other way is see the periodicity of the queries. I was thinking if there was a better way to do this. Maybe something using time series. There is some technique that could identify a query bot?

Stephen Rauch
  • 1,783
  • 11
  • 22
  • 34
Allan
  • 131
  • 3
  • 2
    Do you have a list of IDs where you know that they are a bot/not a bot, so you could build a training set? Alternatively: Can you find out in retrospect whether some ID was a bot/bot a bot? – Elias Strehle Feb 02 '18 at 16:43

1 Answers1

0

It sounds like you have good initial data but you might need to develop a meta data set. I would start by taking all this info and building behavior profiles. How often do they query per session? When do they query? How many sessions per hour/day/week/month? And so on, I think you get the idea. It just doesn't strike me like the raw file is the way to go, you need a little bit more to work with but you can get there with what you have now. Get down to various behaviors, one ID per row, and you'll be in a much better position to model this out.

I_Play_With_Data
  • 2,089
  • 3
  • 16
  • 40