Dimensionality reduction framework for detecting anomalies from network logs
Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20(1/2), 87-97.
Published inEngineering Intelligent Systems
© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.
Original sourcehttp://www.crlpublishing.co.uk/journal.asp?j=eis&s=Aims and Scope
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Adaptive framework for network traffic classification using dimensionality reduction and clustering Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ...
An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction Juvonen, Antti; Hämäläinen, Timo (IEEE, 2014)Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find ...
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ...
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ...
Juvonen, Antti; Sipola, Tuomo; Hämäläinen, Timo (Elsevier BV * North-Holland; International Council for Computer Communications, 2015)Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often ...