Show simple item record

dc.contributor.authorJuvonen, Antti
dc.contributor.authorSipola, Tuomo
dc.contributor.editorKoucheryavy, Yevgeni
dc.contributor.editorRak, Jacek
dc.contributor.editorSterbenz, James P. G.
dc.contributor.editorVinel, Alexey
dc.contributor.editorVishnevsky, Vladimir
dc.contributor.editorWalke, Bernhard H.
dc.date.accessioned2013-04-12T04:44:47Z
dc.date.available2013-04-12T04:44:47Z
dc.date.issued2012
dc.identifier.citationJuvonen, A., & Sipola, T. (2012). Adaptive framework for network traffic classification using dimensionality reduction and clustering. In Y. Koucheryavy, J. Rak, J. P. G. Sterbenz, A. Vinel, V. Vishnevsky, & B. H. Walke (Eds.), <i>IV International Congress on Ultra Modern Telecommunications and Control Systems 2012</i> (pp. 274-279). IEEE. International Conference on Ultra Modern Telecommunications & workshops. <a href="https://doi.org/10.1109/ICUMT.2012.6459678" target="_blank">https://doi.org/10.1109/ICUMT.2012.6459678</a>
dc.identifier.otherCONVID_22184336
dc.identifier.otherTUTKAID_54665
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/41189
dc.description.abstractInformation security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then be analyzed in more detail. We expand our previous work by elaborating the cluster analysis after obtaining the low-dimensional representation. The framework was tested with actual server log data collected from a large web service. Several previously unknown intrusions were found. Proposed methods could be customized to analyze any kind of log data. The system could be used as a real-time anomaly detection system in any network where sufficient data is available.fi
dc.language.isoeng
dc.publisherIEEE
dc.relation.ispartofIV International Congress on Ultra Modern Telecommunications and Control Systems 2012
dc.relation.ispartofseriesInternational Conference on Ultra Modern Telecommunications & workshops
dc.relation.urihttp://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6459678
dc.subject.otheranomaly detection
dc.subject.otherdiffusion map
dc.subject.otherintrusion detection
dc.subject.otherk-means
dc.subject.othern-grams
dc.titleAdaptive framework for network traffic classification using dimensionality reduction and clustering
dc.typeconferenceObject
dc.identifier.urnURN:NBN:fi:jyu-201304121436
dc.contributor.laitosTietotekniikan laitosfi
dc.contributor.laitosDepartment of Mathematical Information Technologyen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
jyx.tutka.ksnameIV International Congress on Ultra Modern Telecommunications and Control Systems 2012
dc.type.urihttp://purl.org/eprint/type/ConferencePaper
dc.date.updated2013-04-12T03:30:04Z
dc.relation.isbn978-1-4673-2015-3
dc.type.coarconference paper
dc.description.reviewstatuspeerReviewed
dc.format.pagerange274-279
dc.relation.issn2157-0221
dc.type.versionacceptedVersion
dc.rights.copyright© 2010 IEEE. This is an author's post-print version of an article whose final and definitive form has been published in the conference proceeding by IEEE.
dc.rights.accesslevelopenAccessfi
dc.relation.conferenceInternational Congress on Ultra Modern Telecommunications and Control Systems
dc.subject.ysotiedonlouhinta
dc.subject.ysokoneoppiminen
jyx.subject.urihttp://www.yso.fi/onto/yso/p5520
jyx.subject.urihttp://www.yso.fi/onto/yso/p21846
dc.relation.doi10.1109/ICUMT.2012.6459678


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record