Affiliation:
1. Austrian Institute of Technology, Giefinggasse, Vienna, Austria
Abstract
Cyber attacks are omnipresent and their rapid detection is crucial for system security. Signature-based intrusion detection monitors systems for attack indicators and plays an important role in recognizing and preventing such attacks. Unfortunately, it is unable to detect new attack vectors and may be evaded by attack variants. As a solution, anomaly detection employs techniques from machine learning to detect suspicious log events without relying on predefined signatures. While visibility of attacks in network traffic is limited due to encryption of network packets, system log data is available in raw format and thus allows fine-granular analysis. However, system log processing is difficult as it involves different formats and heterogeneous events. To ease log-based anomaly detection, we present the AMiner, an open-source tool in the AECID toolbox that enables fast log parsing, analysis, and alerting. In this article, we outline the AMiner’s modular architecture and demonstrate its applicability in three use-cases.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software
Reference30 articles.
1. A survey of network anomaly detection techniques
2. A survey of intrusion detection systems leveraging host data;Bridges Robert A.;ACM Comput. Surv.,2019
3. Anomaly detection: A survey;Chandola Varun;ACM Comput. Surv.,2009
4. Anton Chuvakin, Kevin Schmidt, and Chris Phillips. 2012. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Newnes.
5. CrowdStrike. 2021. Global Threat Report. Retrieved from https://www.crowdstrike.com/resources/reports/global-threat-report/.
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献