Author's Post-print version
Dimensionality reduction framework for detecting anomalies from network logs
Abstract
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized.
Main Authors
Format
Articles
Research article
Published
2012
Series
Subjects
Publication in research information system
Publisher
CRL Publishing
Original source
http://www.crlpublishing.co.uk/journal.asp?j=eis&s=Aims and Scope
The permanent address of the publication
https://urn.fi/URN:NBN:fi:jyu-201210122663Käytä tätä linkitykseen.
Review status
Peer reviewed
ISSN
1472-8915
Language
English
Published in
Engineering Intelligent Systems
Citation
- Sipola, T., Juvonen, A., & Lehtonen, J. (2012). Dimensionality reduction framework for detecting anomalies from network logs. Engineering Intelligent Systems, 20(1/2), 87-97.
License
Copyright© 2012 CRL Publishing Ltd. This is an author's postprint version of on article whose final and definitive form has been published by CRL Publsihing.