An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction
Juvonen, A., & Hämäläinen, T. (2014). An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction. In M. Badra, & O. Alfandi (Eds.), 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops. IEEE. https://doi.org/10.1109/NTMS.2014.6814006
Päivämäärä
2014Tekijänoikeudet
© IEEE. This is the authors’ postprint version of the article. The original print
version is available online at http://ieeexplore.
ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963
Network traffic is increasing all the time and
network services are becoming more complex and vulnerable.
To protect these networks, intrusion detection systems are used.
Signature-based intrusion detection cannot find previously unknown
attacks, which is why anomaly detection is needed.
However, many new systems are slow and complicated. We
propose a log anomaly detection framework which aims to
facilitate quick anomaly detection and also provide visualizations
of the network traffic structure. The system preprocesses network
logs into a numerical data matrix, reduces the dimensionality
of this matrix using random projection and uses Mahalanobis
distance to find outliers and calculate an anomaly score for
each data point. Log lines that are too different are flagged as
anomalies. The system is tested with real-world network data, and
actual intrusion attempts are found. In addition, visualizations are
created to represent the structure of the network data. We also
perform computational time evaluation to ensure the performance
is feasible. The system is fast, finds real intrusion attempts and
does not need clean training data.
...
Julkaisija
IEEEEmojulkaisun ISBN
978-1-4799-3223-8Konferenssi
IFIP International Conference on New Technologies, Mobility and SecurityKuuluu julkaisuun
2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and WorkshopsJulkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/23636414
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Dimensionality reduction framework for detecting anomalies from network logs
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ... -
Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ... -
Anomaly detection from network logs using diffusion maps
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ... -
Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ... -
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets
Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.