Using Google Analytics to Support Cybersecurity Forensics
Han Qin, Kit Riehle, Haozhen Zhao

TL;DR
This paper presents a methodology that leverages Google Analytics data, using rule-based anomaly detection and session analysis, to enhance cybersecurity forensics by identifying malicious web activity more effectively.
Contribution
It introduces a novel approach to cybersecurity monitoring by transforming Google Analytics web traffic data into user sessions for improved anomaly detection.
Findings
Enhanced detection of malicious web activity.
Faster analysis of large web traffic volumes.
Improved understanding of user behavior patterns.
Abstract
Web traffic is a valuable data source, typically used in the marketing space to track brand awareness and advertising effectiveness. However, web traffic is also a rich source of information for cybersecurity monitoring efforts. To better understand the threat of malicious cyber actors, this study develops a methodology to monitor and evaluate web activity using data archived from Google Analytics. Google Analytics collects and aggregates web traffic, including information about web visitors' location, date and time of visit, visited webpages, and searched keywords. This study seeks to streamline analysis of this data and uses rule-based anomaly detection and predictive modeling to identify web traffic that deviates from normal patterns. Rather than evaluating pieces of web traffic individually, the methodology seeks to emulate real user behavior by creating a new unit of analysis: the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
