Online anomaly detection using dimensionality reduction techniques for HTTP log analysis
Juvonen, A., Sipola, T., & Hämäläinen, T. (2015). Online anomaly detection using dimensionality reduction techniques for HTTP log analysis. Computer Networks, 91, 46–56. https://doi.org/10.1016/j.comnet.2015.07.019
Published inComputer Networks
© 2015 Elsevier
Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often differs from the normal web traffic. This paper proposes a framework to find abnormal behavior from these logs. We compare random projection, principal component analysis and diffusion map for anomaly detection. In addition, the framework has online capabilities. The first two methods have intuitive extensions while diffusion map uses the Nyström extension. This fast out-of-sample extension enables real-time analysis of web server traffic. The framework is demonstrated using real-world network log data. Actual abnormalities are found from the dataset and the capabilities of the system are evaluated and discussed. These results are useful when designing next generation intrusion detection systems. The presented approach finds intrusions from high-dimensional datasets in real time. ...
PublisherElsevier BV * North-Holland; International Council for Computer Communications
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ...
An Efficient Network Log Anomaly Detection System using Random Projection Dimensionality Reduction Juvonen, Antti; Hämäläinen, Timo (IEEE, 2014)Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find ...
Adaptive framework for network traffic classification using dimensionality reduction and clustering Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ...
Juvonen, Antti; Sipola, Tuomo (IEEE, 2013)Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown ...
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ...