Anomaly Detection in OKTA Logs using Autoencoders
This addresses cybersecurity event detection for organizations using Okta, but it is incremental as it applies an existing unsupervised method to a specific domain.
The paper tackled the problem of detecting cybersecurity anomalies in Okta logs by using autoencoders, achieving unspecified results without concrete numbers.
Okta logs are used today to detect cybersecurity events using various rule-based models with restricted look back periods. These functions have limitations, such as a limited retrospective analysis, a predefined rule set, and susceptibility to generating false positives. To address this, we adopt unsupervised techniques, specifically employing autoencoders. To properly use an autoencoder, we need to transform and simplify the complexity of the log data we receive from our users. This transformed and filtered data is then fed into the autoencoder, and the output is evaluated.