A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records

A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records

Evidence of security breaches can be found in log files, created by various network devices in order to provide information about their operation. Huge amount of data contained within these files usually prevents to analyze them manually, therefore it is necessary to utilize automatic methods capabl...

Full description

Saved in:
Bibliographic Details
Main Authors: Breier, Jakub, Branišová, Jana
Other Authors: Temasek Laboratories
Format: Article
Language:English
Published: 2016
Subjects:
Network security
Log analysis
Online Access:https://hdl.handle.net/10356/83422
http://hdl.handle.net/10220/41427
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-83422
record_format dspace
spelling sg-ntu-dr.10356-834222020-09-26T22:16:39Z A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records Breier, Jakub Branišová, Jana Temasek Laboratories Network security Log analysis Evidence of security breaches can be found in log files, created by various network devices in order to provide information about their operation. Huge amount of data contained within these files usually prevents to analyze them manually, therefore it is necessary to utilize automatic methods capable of revealing potential attacks. In this paper we propose a method for anomaly detection in log files, based on data mining techniques for dynamic rule creation. To support parallel processing, we employ Apache Hadoop framework, providing distributed storage and distributed processing of data. Outcomes of our testing show potential to discover new types of breaches and plausible error rates below 10 %. Also, rule generation and anomaly detection speeds are competitive to currently used algorithms, such as FP-growth and apriori. Accepted version 2016-09-06T08:45:18Z 2019-12-06T15:22:09Z 2016-09-06T08:45:18Z 2019-12-06T15:22:09Z 2015 Journal Article Breier, J., & Branišová, J. (2015). A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records. Wireless Personal Communications, in press. 0929-6212 https://hdl.handle.net/10356/83422 http://hdl.handle.net/10220/41427 10.1007/s11277-015-3128-1 en Wireless Personal Communications © 2015 Springer Science+Business Media New York. This is the author created version of a work that has been peer reviewed and accepted for publication by Wireless Personal Communications, Springer Science+Business Media New York. It incorporates referee’s comments but changes resulting from the publishing process, such as copyediting, structural formatting, may not be reflected in this document. The published version is available at: [http://dx.doi.org/10.1007/s11277-015-3128-1]. 18 p. application/pdf
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic Network security
Log analysis
spellingShingle Network security
Log analysis
Breier, Jakub
Branišová, Jana
A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
description Evidence of security breaches can be found in log files, created by various network devices in order to provide information about their operation. Huge amount of data contained within these files usually prevents to analyze them manually, therefore it is necessary to utilize automatic methods capable of revealing potential attacks. In this paper we propose a method for anomaly detection in log files, based on data mining techniques for dynamic rule creation. To support parallel processing, we employ Apache Hadoop framework, providing distributed storage and distributed processing of data. Outcomes of our testing show potential to discover new types of breaches and plausible error rates below 10 %. Also, rule generation and anomaly detection speeds are competitive to currently used algorithms, such as FP-growth and apriori.
author2 Temasek Laboratories
author_facet Temasek Laboratories
Breier, Jakub
Branišová, Jana
format Article
author Breier, Jakub
Branišová, Jana
author_sort Breier, Jakub
title A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
title_short A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
title_full A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
title_fullStr A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
title_full_unstemmed A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
title_sort dynamic rule creation based anomaly detection method for identifying security breaches in log records
publishDate 2016
url https://hdl.handle.net/10356/83422
http://hdl.handle.net/10220/41427
_version_ 1681056424601321472

Similar Items