Anomaly detection from network logs using diffusion maps
Abstract
The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done by applying diffusion maps. The method is adaptive and thus does not need training before analysis. We tested the method with data that includes normal and intrusive traffic to a web server. This approach finds all intrusions in the dataset.
Main Authors
Format
Conferences
Conference paper
Published
2011
Series
Subjects
Publication in research information system
Publisher
Springer
Original source
http://www.springerlink.com/index/N615170400W21N13.pdf
The permanent address of the publication
https://urn.fi/URN:NBN:fi:jyu-201206051800Käytä tätä linkitykseen.
Parent publication ISBN
978-3-642-23956-4
Review status
Peer reviewed
ISSN
1868-4238
DOI
https://doi.org/10.1007/978-3-642-23957-1_20
Language
English
Published in
IFIP Advances in Information and Communication Technology
Is part of publication
Engineering Applications of Neural Networks
Citation
- Sipola, T., Juvonen, A., & Lehtonen, J. (2011). Anomaly detection from network logs using diffusion maps. In L. Iliadis, & C. Jayne (Eds.), Engineering Applications of Neural Networks (pp. 172-181). Springer. IFIP Advances in Information and Communication Technology, 363. https://doi.org/10.1007/978-3-642-23957-1_20
License
Copyright© Springer. This is an electronic final draft version of an article whose final and definitive form has been published by Springer.