| dc.contributor.author | Juvonen, Antti | |
| dc.contributor.author | Hämäläinen, Timo | |
| dc.contributor.editor | Badra, Mohamad | |
| dc.contributor.editor | Alfandi, Omar | |
| dc.date.accessioned | 2014-08-04T10:19:21Z | |
| dc.date.available | 2014-08-04T10:19:21Z | |
| dc.date.issued | 2014 | |
| dc.identifier.citation | Juvonen, A., & Hämäläinen, T. (2014). An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction. In M. Badra, & O. Alfandi (Eds.), <i>2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops</i>. IEEE. <a href="https://doi.org/10.1109/NTMS.2014.6814006" target="_blank">https://doi.org/10.1109/NTMS.2014.6814006</a> | |
| dc.identifier.other | CONVID_23636414 | |
| dc.identifier.other | TUTKAID_61606 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/43932 | |
| dc.description.abstract | Network traffic is increasing all the time and
network services are becoming more complex and vulnerable.
To protect these networks, intrusion detection systems are used.
Signature-based intrusion detection cannot find previously unknown
attacks, which is why anomaly detection is needed.
However, many new systems are slow and complicated. We
propose a log anomaly detection framework which aims to
facilitate quick anomaly detection and also provide visualizations
of the network traffic structure. The system preprocesses network
logs into a numerical data matrix, reduces the dimensionality
of this matrix using random projection and uses Mahalanobis
distance to find outliers and calculate an anomaly score for
each data point. Log lines that are too different are flagged as
anomalies. The system is tested with real-world network data, and
actual intrusion attempts are found. In addition, visualizations are
created to represent the structure of the network data. We also
perform computational time evaluation to ensure the performance
is feasible. The system is fast, finds real intrusion attempts and
does not need clean training data. | fi |
| dc.language.iso | eng | |
| dc.publisher | IEEE | |
| dc.relation.ispartof | 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops | |
| dc.subject.other | intrusion detection | |
| dc.subject.other | random projection | |
| dc.subject.other | mahalanobis distance | |
| dc.title | An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction | |
| dc.type | conferenceObject | |
| dc.identifier.urn | URN:NBN:fi:jyu-201406252141 | |
| dc.contributor.laitos | Tietotekniikan laitos | fi |
| dc.contributor.laitos | Department of Mathematical Information Technology | en |
| dc.contributor.oppiaine | Tietotekniikka | fi |
| dc.contributor.oppiaine | Mathematical Information Technology | en |
| jyx.tutka.ksname | 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops | |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | |
| dc.date.updated | 2014-06-25T03:30:04Z | |
| dc.relation.isbn | 978-1-4799-3223-8 | |
| dc.type.coar | http://purl.org/coar/resource_type/c_5794 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.type.version | acceptedVersion | |
| dc.rights.copyright | © IEEE. This is the authors’ postprint version of the article. The original print
version is available online at http://ieeexplore.
ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963 | |
| dc.rights.accesslevel | openAccess | fi |
| dc.relation.conference | IFIP International Conference on New Technologies, Mobility and Security | |
| dc.subject.yso | tiedonlouhinta | |
| dc.subject.yso | koneoppiminen | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p5520 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p21846 | |
| dc.relation.doi | 10.1109/NTMS.2014.6814006 | |
| dc.type.okm | A4 | |
