Proxy logs provide the most effective and centralized data for this analysis. A proxy server acts as an intermediary for all outbound web requests from a network. Its logs capture detailed records for each transaction, including the source IP address (identifying the system), the authenticated username (identifying the user), the destination URL, and the volume of data transferred. By aggregating and analyzing this single source of data, an administrator can quickly identify which specific system or user is responsible for generating an anomalous or excessive amount of web traffic.

A. Browser logs: These logs are stored on individual client machines and only record the activity of that specific browser, making network-wide traffic analysis impractical.

B. HTTP logs: These are located on the destination web server and only show traffic requests made to that server, not the total outbound traffic generated by a user to all destinations.

C. System logs: These logs (e.g., Windows Event Logs, syslog) primarily record operating system and application events, and they lack the specific web traffic details needed for this type of analysis.

1. Du

W. (2019). Computer & Internet Security: A Hands-on Approach (2nd ed.). Syracuse University. In Chapter 22: Web Security

the text discusses the role of web proxies as intermediaries that can log all user web activities. Section 22.1.2 describes how proxies see all HTTP requests

making their logs a comprehensive source for monitoring user traffic.

2. Al-Qerem

A.

& Alauthman

M. (2019). Detecting anomalous user behavior using proxy server logs. International Journal of Advanced Computer Science and Applications

10(11). This paper explicitly details the use of proxy server logs for security analysis

stating

"The proxy server log files contain a huge amount of information about the users’ behavior and their interests... such as client IP address

timestamp

requested URL..." (Section II

Paragraph 2). This supports their utility in identifying unusual traffic patterns. DOI: https://doi.org/10.14569/IJACSA.2019.0101101

3. Saltzer

J. H.

& Kaashoek

M. F. (2009). Principles of Computer System Design: An Introduction. MIT OCW

Course 6.033

Spring 2009. Chapter 9

"Security

" discusses the use of firewalls and proxies as "choke points" for monitoring and controlling network traffic. The principle establishes that a centralized logging point like a proxy is the most effective place to analyze traffic from many internal clients to the external network (Section 9.5.2).