Dimensionality reduction framework for detecting anomalies from network logs
Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20(1/2), 87-97.
Published in
Engineering Intelligent SystemsDate
2012Copyright
© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.
Publisher
CRL PublishingISSN Search the Publication Forum
1472-8915Keywords
Original source
http://www.crlpublishing.co.uk/journal.asp?j=eis&s=Aims and ScopePublication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/21505967
Metadata
Show full item recordCollections
Related items
Showing items with similar title or keywords.
-
Anomaly detection from network logs using diffusion maps
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ... -
Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ... -
Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ... -
An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction
Juvonen, Antti; Hämäläinen, Timo (IEEE, 2014)Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find ... -
Online anomaly detection using dimensionality reduction techniques for HTTP log analysis
Juvonen, Antti; Sipola, Tuomo; Hämäläinen, Timo (Elsevier BV * North-Holland; International Council for Computer Communications, 2015)Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often ...