University of Jyväskylä | JYX Digital Repository

  • English  | Give feedback |
    • suomi
    • English
 
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  • JYX
  • Artikkelit
  • Informaatioteknologian tiedekunta
  • View Item
JYX > Artikkelit > Informaatioteknologian tiedekunta > View Item

An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction

ThumbnailFinal draft
View/Open
372.1Kb

Downloads:  
Show download detailsHide download details  
Juvonen, A., & Hämäläinen, T. (2014). An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction. In M. Badra, & O. Alfandi (Eds.), 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops. IEEE. https://doi.org/10.1109/NTMS.2014.6814006
Authors
Juvonen, Antti |
Hämäläinen, Timo
Editors
Badra, Mohamad |
Alfandi, Omar
Date
2014
Discipline
TietotekniikkaMathematical Information Technology
Copyright
© IEEE. This is the authors’ postprint version of the article. The original print version is available online at http://ieeexplore. ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963

 
Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an anomaly score for each data point. Log lines that are too different are flagged as anomalies. The system is tested with real-world network data, and actual intrusion attempts are found. In addition, visualizations are created to represent the structure of the network data. We also perform computational time evaluation to ensure the performance is feasible. The system is fast, finds real intrusion attempts and does not need clean training data. ...
Publisher
IEEE
Parent publication ISBN
978-1-4799-3223-8
Conference
IFIP International Conference on New Technologies, Mobility and Security
Is part of publication
2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops
Keywords
intrusion detection random projection mahalanobis distance tiedonlouhinta koneoppiminen
DOI
https://doi.org/10.1109/NTMS.2014.6814006
URI

http://urn.fi/URN:NBN:fi:jyu-201406252141

Publication in research information system

https://converis.jyu.fi/converis/portal/detail/Publication/23636414

Metadata
Show full item record
Collections
  • Informaatioteknologian tiedekunta [1594]

Related items

Showing items with similar title or keywords.

  • Dimensionality reduction framework for detecting anomalies from network logs 

    Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)
    Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ...
  • Adaptive framework for network traffic classification using dimensionality reduction and clustering 

    Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)
    Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ...
  • Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets 

    Vahdani Amoli, Payam (University of Jyväskylä, 2015)
    Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
  • Intrusion detection applications using knowledge discovery and data mining 

    Juvonen, Antti (University of Jyväskylä, 2014)
  • Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system 

    Kokkonen, Tero (University of Jyväskylä, 2016)
    Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same ...
  • Browse materials
  • Browse materials
  • Articles
  • Conferences and seminars
  • Electronic books
  • Historical maps
  • Journals
  • Tunes and musical notes
  • Photographs
  • Presentations and posters
  • Publication series
  • Research reports
  • Research data
  • Study materials
  • Theses

Browse

All of JYXCollection listBy Issue DateAuthorsSubjectsPublished inDepartmentDiscipline

My Account

Login

Statistics

View Usage Statistics
  • How to publish in JYX?
  • Self-archiving
  • Publish Your Thesis Online
  • Publishing Your Dissertation
  • Publication services

Open Science at the JYU
 
Data Protection Description

Accessibility Statement

Unless otherwise specified, publicly available JYX metadata (excluding abstracts) may be freely reused under the CC0 waiver.
Open Science Centre