# Using Google Analytics to Support Cybersecurity Forensics

**Authors:** Han Qin, Kit Riehle, Haozhen Zhao

arXiv: 1904.01725 · 2019-04-04

## TL;DR

This paper presents a methodology that leverages Google Analytics data, using rule-based anomaly detection and session analysis, to enhance cybersecurity forensics by identifying malicious web activity more effectively.

## Contribution

It introduces a novel approach to cybersecurity monitoring by transforming Google Analytics web traffic data into user sessions for improved anomaly detection.

## Key findings

- Enhanced detection of malicious web activity.
- Faster analysis of large web traffic volumes.
- Improved understanding of user behavior patterns.

## Abstract

Web traffic is a valuable data source, typically used in the marketing space to track brand awareness and advertising effectiveness. However, web traffic is also a rich source of information for cybersecurity monitoring efforts. To better understand the threat of malicious cyber actors, this study develops a methodology to monitor and evaluate web activity using data archived from Google Analytics. Google Analytics collects and aggregates web traffic, including information about web visitors' location, date and time of visit, visited webpages, and searched keywords. This study seeks to streamline analysis of this data and uses rule-based anomaly detection and predictive modeling to identify web traffic that deviates from normal patterns. Rather than evaluating pieces of web traffic individually, the methodology seeks to emulate real user behavior by creating a new unit of analysis: the user session. User sessions group individual pieces of traffic from the same location and date, which transforms the available information from single point-in-time snapshots to dynamic sessions showing users' trajectory and intent. The result is faster and better insight into large volumes of noisy web traffic.

---
Source: https://tomesphere.com/paper/1904.01725