Dimensionality reduction framework for detecting anomalies from network logs
Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20 (1/2), 87-97.
Published inEngineering Intelligent Systems
© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.