Dimensionality reduction framework for detecting anomalies from network logs
Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20(1/2), 87-97.
Julkaistu sarjassa
Engineering Intelligent SystemsPäivämäärä
2012Tekijänoikeudet
© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.
Julkaisija
CRL PublishingISSN Hae Julkaisufoorumista
1472-8915Asiasanat
Alkuperäislähde
http://www.crlpublishing.co.uk/journal.asp?j=eis&s=Aims and ScopeJulkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/21505967