Online anomaly detection using dimensionality reduction techniques for HTTP log analysis
| dc.contributor.author | Juvonen, Antti | |
| dc.contributor.author | Sipola, Tuomo | |
| dc.contributor.author | Hämäläinen, Timo | |
| dc.date.accessioned | 2020-11-23T08:36:05Z | |
| dc.date.available | 2020-11-23T08:36:05Z | |
| dc.date.issued | 2015 | |
| dc.identifier.citation | Juvonen, A., Sipola, T., & Hämäläinen, T. (2015). Online anomaly detection using dimensionality reduction techniques for HTTP log analysis. <i>Computer Networks</i>, <i>91</i>, 46-56. <a href="https://doi.org/10.1016/j.comnet.2015.07.019" target="_blank">https://doi.org/10.1016/j.comnet.2015.07.019</a> | |
| dc.identifier.other | CONVID_24884430 | |
| dc.identifier.other | TUTKAID_67119 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/72722 | |
| dc.description.abstract | Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often differs from the normal web traffic. This paper proposes a framework to find abnormal behavior from these logs. We compare random projection, principal component analysis and diffusion map for anomaly detection. In addition, the framework has online capabilities. The first two methods have intuitive extensions while diffusion map uses the Nyström extension. This fast out-of-sample extension enables real-time analysis of web server traffic. The framework is demonstrated using real-world network log data. Actual abnormalities are found from the dataset and the capabilities of the system are evaluated and discussed. These results are useful when designing next generation intrusion detection systems. The presented approach finds intrusions from high-dimensional datasets in real time. | fi |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | |
| dc.publisher | Elsevier BV * North-Holland; International Council for Computer Communications | |
| dc.relation.ispartofseries | Computer Networks | |
| dc.rights | CC BY-NC-ND 4.0 | |
| dc.subject.other | Anomaly detection | |
| dc.subject.other | Diffusion map | |
| dc.subject.other | Intrusion detection | |
| dc.subject.other | Principal component analysis | |
| dc.subject.other | Random projection | |
| dc.title | Online anomaly detection using dimensionality reduction techniques for HTTP log analysis | |
| dc.type | article | |
| dc.identifier.urn | URN:NBN:fi:jyu-202011236716 | |
| dc.contributor.laitos | Tietotekniikan laitos | fi |
| dc.contributor.laitos | Department of Mathematical Information Technology | en |
| dc.contributor.oppiaine | Tietotekniikka | fi |
| dc.contributor.oppiaine | Mathematical Information Technology | en |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | |
| dc.date.updated | 2020-11-23T07:15:10Z | |
| dc.type.coar | http://purl.org/coar/resource_type/c_2df8fbb1 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.format.pagerange | 46–56 | |
| dc.relation.issn | 1389-1286 | |
| dc.relation.numberinseries | 0 | |
| dc.relation.volume | 91 | |
| dc.type.version | acceptedVersion | |
| dc.rights.copyright | © 2015 Elsevier | |
| dc.rights.accesslevel | openAccess | fi |
| dc.subject.yso | kyberturvallisuus | |
| dc.format.content | fulltext | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p26189 | |
| dc.rights.url | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.relation.doi | 10.1016/j.comnet.2015.07.019 | |
| dc.type.okm | A1 |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as CC BY-NC-ND 4.0