Dimensionality reduction framework for detecting anomalies from network logs
Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20(1/2), 87-97.
Published in
Engineering Intelligent SystemsDate
2012Copyright
© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.
Publisher
CRL PublishingISSN Search the Publication Forum
1472-8915Keywords
Original source
http://www.crlpublishing.co.uk/journal.asp?j=eis&s=Aims and ScopePublication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/21505967
Metadata
Show full item recordCollections
Related items
Showing items with similar title or keywords.
-
Anomaly detection from network logs using diffusion maps
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ... -
Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ... -
Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ... -
Using affinity perturbations to detect web traffic anomalies
Shmueli, Yaniv; Sipola, Tuomo; Shabat, Gil; Averbuch, Amir (EURASIP, 2013)The initial training phase of machine learning algorithms is usually computationally expensive as it involves the processing of huge matrices. Evolving datasets are challenging from this point of view because changing ... -
A Network-Based Framework for Mobile Threat Detection
Kumar, Sanjay; Viinikainen, Ari; Hämäläinen, Timo (IEEE, 2018)Mobile malware attacks increased three folds in the past few years and continued to expand with the growing number of mobile users. Adversary uses a variety of evasion techniques to avoid detection by traditional systems, ...