Author:
Zhao Zhijun,Xu Chen,Li Bo
Abstract
AbstractSecurity devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.
Publisher
Springer Science and Business Media LLC
Subject
Hardware and Architecture,Modelling and Simulation,Information Systems,Signal Processing,Theoretical Computer Science,Control and Systems Engineering
Reference12 articles.
1. Y. Zhao, X. Wang, H. Xiao and X. Chi, Improvement of the Log Pattern Extracting Algorithm Using Text Similarity, 2018 IEEE International Parallel And Distributed Processing Symposium Workshops (IPDPSW), Vancouver, BC, 2018, pp. 507–514.
2. Xu, K. Y., Gong, X. R., & Cheng, M. C. (2016). Audit log association rule mining based on improved Apriori algorithm. Computer Application, 36(7), 1847–1851.
3. Y. Zhao and H. Xiao, Extracting Log Patterns from System Logs in LARGE, 2016 IEEE international parallel and distributed processing symposium workshops (IPDPSW), Chicago, IL, 2016, pp. 1645–1652.
4. Seker, S. E., Altun, O., Ayan, U., & Mert, C. (2014). A novel string distance function based on Most frequent K characters. International Journal of Machine Learning & Computing, 4(2), 177–183.
5. Tuor A, Baerwolf R, Knowles N, et al. Recurrent neural network language models for open vocabulary event-level cyber anomaly detection. 2017.
Cited by
18 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献