University of Jyväskylä | JYX Digital Repository

  • English  | Give feedback |
    • suomi
    • English
 
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  • JYX
  • Artikkelit
  • Informaatioteknologian tiedekunta
  • View Item
JYX > Artikkelit > Informaatioteknologian tiedekunta > View Item

Adaptive framework for network traffic classification using dimensionality reduction and clustering

ThumbnailAuthor's Post-print
View/Open
1.1 Mb

Downloads:  
Show download detailsHide download details  
Juvonen, A., & Sipola, T. (2012). Adaptive framework for network traffic classification using dimensionality reduction and clustering. In Y. Koucheryavy, J. Rak, J. P. G. Sterbenz, A. Vinel, V. Vishnevsky, & B. H. Walke (Eds.), IV International Congress on Ultra Modern Telecommunications and Control Systems 2012 (pp. 274-279). IEEE. International Conference on Ultra Modern Telecommunications & workshops. https://doi.org/10.1109/ICUMT.2012.6459678
Published in
International Conference on Ultra Modern Telecommunications & workshops
Authors
Juvonen, Antti |
Sipola, Tuomo
Editors
Koucheryavy, Yevgeni |
Rak, Jacek |
Sterbenz, James P. G. |
Vinel, Alexey |
Vishnevsky, Vladimir |
Walke, Bernhard H.
Date
2012
Discipline
TietotekniikkaMathematical Information Technology
Copyright
© 2010 IEEE. This is an author's post-print version of an article whose final and definitive form has been published in the conference proceeding by IEEE.

 
Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then be analyzed in more detail. We expand our previous work by elaborating the cluster analysis after obtaining the low-dimensional representation. The framework was tested with actual server log data collected from a large web service. Several previously unknown intrusions were found. Proposed methods could be customized to analyze any kind of log data. The system could be used as a real-time anomaly detection system in any network where sufficient data is available. ...
Publisher
IEEE
Parent publication ISBN
978-1-4673-2015-3
Conference
International Congress on Ultra Modern Telecommunications and Control Systems
Is part of publication
IV International Congress on Ultra Modern Telecommunications and Control Systems 2012
ISSN Search the Publication Forum
2157-0221
Keywords
anomaly detection diffusion map intrusion detection k-means n-grams tiedonlouhinta koneoppiminen

Original source
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6459678

DOI
https://doi.org/10.1109/ICUMT.2012.6459678
URI

http://urn.fi/URN:NBN:fi:jyu-201304121436

Publication in research information system

https://converis.jyu.fi/converis/portal/detail/Publication/22184336

Metadata
Show full item record
Collections
  • Informaatioteknologian tiedekunta [1864]

Related items

Showing items with similar title or keywords.

  • Dimensionality reduction framework for detecting anomalies from network logs 

    Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)
    Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ...
  • Anomaly detection from network logs using diffusion maps 

    Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)
    The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ...
  • Combining conjunctive rule extraction with diffusion maps for network intrusion detection 

    Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)
    Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ...
  • An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction 

    Juvonen, Antti; Hämäläinen, Timo (IEEE, 2014)
    Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find ...
  • Online anomaly detection using dimensionality reduction techniques for HTTP log analysis 

    Juvonen, Antti; Sipola, Tuomo; Hämäläinen, Timo (Elsevier BV * North-Holland; International Council for Computer Communications, 2015)
    Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often ...
  • Browse materials
  • Browse materials
  • Articles
  • Conferences and seminars
  • Electronic books
  • Historical maps
  • Journals
  • Tunes and musical notes
  • Photographs
  • Presentations and posters
  • Publication series
  • Research reports
  • Research data
  • Study materials
  • Theses

Browse

All of JYXCollection listBy Issue DateAuthorsSubjectsPublished inDepartmentDiscipline

My Account

Login

Statistics

View Usage Statistics
  • How to publish in JYX?
  • Self-archiving
  • Publish Your Thesis Online
  • Publishing Your Dissertation
  • Publication services

Open Science at the JYU
 
Data Protection Description

Accessibility Statement

Unless otherwise specified, publicly available JYX metadata (excluding abstracts) may be freely reused under the CC0 waiver.
Open Science Centre