Abstract
Intrusion detection systems utilize the analysis of log data to effectively detect anomalies. However, detecting anomalies quickly and effectively in large and heterogeneous log data can be challenging. To address this difficulty, this study proposes the GLSTM (Graph-based Long Short-Term Memory) framework, a graph-based deep learning model that analyzes log data to detect cyber-attacks rapidly and effectively. The framework involves standardizing the complex and diverse log data, training this data on an artificial intelligence model, and detecting anomalies. Initially, the complex and diverse log data is transformed into graph data using Node2Vec, enabling efficient and rapid analysis on the artificial intelligence model. Subsequently, these graph data are trained using LSTM (Long Short-Term Memory), Bi-LSTM, and GRU(Gated Recurrent Unit) deep learning algorithms. The proposed framework is tested using Hadoop’s HDFS dataset, collected from different systems and heterogeneous sources, as well as the BGL and IMDB datasets. Experimental results on the selected datasets demonstrate high levels of success.
Subject
Mechanical Engineering,Electrical and Electronic Engineering,Biomedical Engineering,Engineering (miscellaneous)
Reference29 articles.
1. Ahmed, M., A. N. Mahmood, and M. R. Islam, 2016 A survey
of anomaly detection techniques in financial domain. Future
Generation Computer Systems 55: 278–288.
2. Alaca, Y. and Y. Çelik, 2023 Cyber attack detection with qr code
images using lightweight deep learning models. Computers &
Security 126: 103065.
3. Church, K. W., 2017 Word2Vec. Natural Language Engineering 23:
155–162.
4. CSIRO’s Data61, 2018 StellarGraph Machine Learning Library.
Demeester, T., T. Rocktäschel, and S. Riedel, 2016 Lifted rule injection
for relation embeddings. EMNLP 2016 - Conference on
Empirical Methods in Natural Language Processing, Proceedings
pp. 1389–1399.
5. Du, M., F. Li, G. Zheng, and V. Srikumar, 2017 DeepLog: Anomaly
detection and diagnosis from system logs through deep learning.
Proceedings of the ACM Conference on Computer and Communications
Security pp. 1285–1298.