Using affinity perturbations to detect web traffic anomalies
Shmueli, Y., Sipola, T., Shabat, G., & Averbuch, A. (2013). Using affinity perturbations to detect web traffic anomalies. In W. Henkel (Ed.), Proceedings of the 10th International Conference on Sampling Theory and Applications (SampTA 2013) (pp. 444-447). EURASIP. http://www.eurasip.org/Proceedings/Ext/SampTA2013/proceedings.html
Editors
Date
2013Copyright
© 2013 EURASIP. First published in the proceedings of SampTA 2013 by EURASIP.
The initial training phase of machine learning algorithms
is usually computationally expensive as it involves the
processing of huge matrices. Evolving datasets are challenging
from this point of view because changing behavior requires
updating the training. We propose a method for updating the
training profile efficiently and a sliding window algorithm for
online processing of the data in smaller fractions. This assumes
the data is modeled by a kernel method that includes spectral
decomposition. We demonstrate the algorithm with a web server
request log where an actual intrusion attack is known to
happen. Updating the kernel dynamically using a sliding window
technique, prevents the problem of single initial training and can
process evolving datasets more efficiently.
Publisher
EURASIPConference
International Conference on Sampling Theory and ApplicationsIs part of publication
Proceedings of the 10th International Conference on Sampling Theory and Applications (SampTA 2013)Keywords
Original source
http://www.eurasip.org/Proceedings/Ext/SampTA2013/proceedings.htmlPublication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/22502120
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Dimensionality reduction framework for detecting anomalies from network logs
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ... -
Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ... -
Anomaly detection from network logs using diffusion maps
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ... -
Adaptive framework for network traffic classification using dimensionality reduction and clustering
Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ... -
Online anomaly detection using dimensionality reduction techniques for HTTP log analysis
Juvonen, Antti; Sipola, Tuomo; Hämäläinen, Timo (Elsevier BV * North-Holland; International Council for Computer Communications, 2015)Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often ...