As part of a personal project, I would like to implement an anomaly detection script of user login activities via machine learning and windows event logs.
actually, I want you to implement *Exactly* this article which shown in the following link:
[login to view URL]
in General, the steps of implementation (as detailed on the above link) are:
1. Create lab setup via VM'S with active directory
2. Simulate the user's anomaly behivor.
3. Generate a .evtx file (Windows event logs) with good/bad behavior.
4. Convert .Evtx to CSV.
5. Train An KNN model.
6. Detect anomaly events.
So, if you feel comfortable with:
1. Writing scripts in Python.
2. Windows event logs.
3. Simulating windows users and basic attacks via Active Directory.
4. machine learning (KNN).
Feel free to contact me.