Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, A., & Sipola, T. (2012). Adaptive framework for network traffic classification using dimensionality reduction and clustering. In Y. Koucheryavy, J. Rak, J. Sterbenz, A. Vinel, V. Vishnevsky, & B. Walke (Eds.), IV International Congress on Ultra Modern Telecommunications and Control Systems 2012 (pp. 274-279). IEEE. doi:10.1109/ICUMT.2012.6459678 Retrieved from http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6459678
Date
2012Discipline
TietotekniikkaCopyright
© 2010 IEEE. This is an author's post-print version of an article whose final and definitive form has been published in the conference proceeding by IEEE.
Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then be analyzed in more detail. We expand our previous work by elaborating the cluster analysis after obtaining the low-dimensional representation. The framework was tested with actual server log data collected from a large web service. Several previously unknown intrusions were found. Proposed methods
...
Publisher
IEEEIs part of publication
IV International Congress on Ultra Modern Telecommunications and Control Systems 2012. Edited by Y. Koucheryavy, J. Rak, J. Sterbenz, A. Vinel, V. Vishnevsky, & B. Walke. ISBN 978-1-4673-2015-3Keywords