Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, A., & Sipola, T. (2012). Adaptive framework for network traffic classification using dimensionality reduction and clustering. In Y. Koucheryavy, J. Rak, J. P. G. Sterbenz, A. Vinel, V. Vishnevsky, & B. H. Walke (Eds.), IV International Congress on Ultra Modern Telecommunications and Control Systems 2012 (pp. 274-279). IEEE. International Conference on Ultra Modern Telecommunications & workshops. https://doi.org/10.1109/ICUMT.2012.6459678
Editors
Date
2012Copyright
© 2010 IEEE. This is an author's post-print version of an article whose final and definitive form has been published in the conference proceeding by IEEE.
Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then be analyzed in more detail. We expand our previous work by elaborating the cluster analysis after obtaining the low-dimensional representation. The framework was tested with actual server log data collected from a large web service. Several previously unknown intrusions were found. Proposed methods could be customized to analyze any kind of log data. The system could be used as a real-time anomaly detection system in any network where sufficient data is available.
...


Publisher
IEEEParent publication ISBN
978-1-4673-2015-3Conference
International Congress on Ultra Modern Telecommunications and Control SystemsIs part of publication
IV International Congress on Ultra Modern Telecommunications and Control Systems 2012ISSN Search the Publication Forum
2157-0221Keywords
Original source
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6459678Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/22184336
Metadata
Show full item recordCollections
Related items
Showing items with similar title or keywords.
-
Dimensionality reduction framework for detecting anomalies from network logs
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ... -
A Network-Based Framework for Mobile Threat Detection
Kumar, Sanjay; Viinikainen, Ari; Hämäläinen, Timo (IEEE, 2018)Mobile malware attacks increased three folds in the past few years and continued to expand with the growing number of mobile users. Adversary uses a variety of evasion techniques to avoid detection by traditional systems, ... -
An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction
Juvonen, Antti; Hämäläinen, Timo (IEEE, 2014)Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find ... -
Using affinity perturbations to detect web traffic anomalies
Shmueli, Yaniv; Sipola, Tuomo; Shabat, Gil; Averbuch, Amir (EURASIP, 2013)The initial training phase of machine learning algorithms is usually computationally expensive as it involves the processing of huge matrices. Evolving datasets are challenging from this point of view because changing ... -
On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks
Zolotukhin, Mikhail; Kokkonen, Tero; Hämäläinen, Timo; Siltanen, Jarmo (Advanced Institute of Convergence IT, 2016)Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate ...