Show simple item record

dc.contributor.authorJuvonen, Antti
dc.contributor.authorHämäläinen, Timo
dc.contributor.editorBadra, Mohamad
dc.contributor.editorAlfandi, Omar
dc.date.accessioned2014-08-04T10:19:21Z
dc.date.available2014-08-04T10:19:21Z
dc.date.issued2014
dc.identifier.citationJuvonen, A., & Hämäläinen, T. (2014). An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction. In M. Badra, & O. Alfandi (Eds.), <i>2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops</i>. IEEE. <a href="https://doi.org/10.1109/NTMS.2014.6814006" target="_blank">https://doi.org/10.1109/NTMS.2014.6814006</a>
dc.identifier.otherCONVID_23636414
dc.identifier.otherTUTKAID_61606
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/43932
dc.description.abstractNetwork traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an anomaly score for each data point. Log lines that are too different are flagged as anomalies. The system is tested with real-world network data, and actual intrusion attempts are found. In addition, visualizations are created to represent the structure of the network data. We also perform computational time evaluation to ensure the performance is feasible. The system is fast, finds real intrusion attempts and does not need clean training data.fi
dc.language.isoeng
dc.publisherIEEE
dc.relation.ispartof2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops
dc.subject.otherintrusion detection
dc.subject.otherrandom projection
dc.subject.othermahalanobis distance
dc.titleAn Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction
dc.typeconferenceObject
dc.identifier.urnURN:NBN:fi:jyu-201406252141
dc.contributor.laitosTietotekniikan laitosfi
dc.contributor.laitosDepartment of Mathematical Information Technologyen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
jyx.tutka.ksname2014 6th International Conference on New Technologies, Mobility and Security (NTMS) : Proceedings of NTMS'2014 Conference and Workshops
dc.type.urihttp://purl.org/eprint/type/ConferencePaper
dc.date.updated2014-06-25T03:30:04Z
dc.relation.isbn978-1-4799-3223-8
dc.type.coarconference paper
dc.description.reviewstatuspeerReviewed
dc.type.versionacceptedVersion
dc.rights.copyright© IEEE. This is the authors’ postprint version of the article. The original print version is available online at http://ieeexplore. ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963
dc.rights.accesslevelopenAccessfi
dc.relation.conferenceIFIP International Conference on New Technologies, Mobility and Security
dc.subject.ysotiedonlouhinta
dc.subject.ysokoneoppiminen
jyx.subject.urihttp://www.yso.fi/onto/yso/p5520
jyx.subject.urihttp://www.yso.fi/onto/yso/p21846
dc.relation.doi10.1109/NTMS.2014.6814006


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record