Top

Wireless Personal Communications

Published in:

16-11-2015

A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records

Authors: Jakub Breier, Jana Branišová

Published in: Wireless Personal Communications | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Evidence of security breaches can be found in log files, created by various network devices in order to provide information about their operation. Huge amount of data contained within these files usually prevents to analyze them manually, therefore it is necessary to utilize automatic methods capable of revealing potential attacks. In this paper we propose a method for anomaly detection in log files, based on data mining techniques for dynamic rule creation. To support parallel processing, we employ Apache Hadoop framework, providing distributed storage and distributed processing of data. Outcomes of our testing show potential to discover new types of breaches and plausible error rates below 10 %. Also, rule generation and anomaly detection speeds are competitive to currently used algorithms, such as FP-growth and apriori.

previous article Energy-Efficient Power Control Scheme for Device-to-Device Communications

next article Design and Deployment of Low-Delay Hybrid CDN–P2P Architecture for Live Video Streaming Over the Web

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

http://www.sans.edu/research/security-laboratory/article/sixtoplogcategories.

https://www.owasp.org.

http://hadoop.apache.org/.

https://hadoop.apache.org/docs/r2.2.0/api/org/apache/hadoop/filecache/DistributedCache.html.

http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/.

https://www.snort.org.

http://www.cs.waikato.ac.nz/ml/weka/.

Dean, J., & Ghemawat, S. (2008). MapReduce: Simplified data processing on large clusters. Communications of the ACM, 51(1), 107–113. doi:10.1145/1327452.1327492.CrossRef

Fayyad, U. M., Piatetsky-Shapiro, G., & Smyth, P. (1996). Advances in knowledge discovery and data mining. From data mining to knowledge discovery: An overview (pp. 1–34). Menlo Park, CA: American Association for Artificial Intelligence. http://dl.acm.org/citation.cfm?id=257938.257942.

Frei, A., & Rennhard, M. (2008). Histogram matrix: Log file visualization for anomaly detection. In Third international conference on availability, reliability and security. ARES 08 (pp. 610–617). doi:10.1109/ARES.2008.148.

Fu, Q., Lou, J. G., Wang, Y., & Li, J. (2009). Execution anomaly detection in distributed systems through unstructured log analysis. In Proceedings of the 2009 ninth IEEE international conference on data mining, ICDM ’09, (pp. 149–158). Washington, DC: IEEE Computer Society. doi:10.1109/ICDM.2009.60.

Grace, L., Maheswari, V., & Nagamalai, D. (2011). Web log data analysis and mining. In N. Meghanathan, B. Kaushik, & D. Nagamalai (Eds.), Advanced computing, communications in computer and information science (Vol. 133, pp. 459–469). Berlin: Springer.

Kent, K., & Souppaya, M. P. (2006). Sp 800-92. guide to computer security log management. Tech. rep., Gaithersburg, MD.

Lee, W., & Stolfo, S. J. (1998). Data mining approaches for intrusion detection. In Proceedings of the 7th Conference on USENIX Security Symposium-Volume 7 (SSYM'98) (Vol. 7, pp. 6-6). Berkeley: USENIX Association.

Makanju, A., Zincir-Heywood, A., & Milios, E. (2013). Investigating event log analysis with minimum apriori information. In 2013 IFIP/IEEE international symposium on, integrated network management (IM 2013), (pp. 962–968).

Schultz, M., Eskin, E., Zadok, E., & Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceedings 2001 IEEE symposium on security and privacy, 2001. S P 2001 (pp. 38–49). doi:10.1109/SECPRI.2001.924286.

10.

Siddiqui, M. A. (2011). Data mining methods for malware detection. Ann Arbor: ProQuest.

11.

Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In Proceedings of the second IEEE international conference on computational intelligence for security and defense applications, CISDA’09 (pp. 53–58). Piscataway, NJ: IEEE Press. http://dl.acm.org/citation.cfm?id=1736481.1736489.

12.

Venkatesan, R. (2012). A survey on intrusion detection using data mining techniques. International Journal of Computers & Distributed Systems, 2(1). http://cirworld.org/journals/index.php/ijcds/article/view/IJCD2000.

13.

Winding, R., Wright, T., & Chapple, M. (2006). System anomaly detection: Mining firewall logs. Securecomm and Workshops, 2006, 1–5. doi:10.1109/SECCOMW.2006.359572.

Title: A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records
Authors: Jakub Breier
Jana Branišová
Publication date: 16-11-2015
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2017
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-015-3128-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2017

Dynamically Selective Performance Optimization Method for Mobile 3D Graphics Application with N-Screen Service

Performance Analysis of Repeat Accumulate Channel Code in MIMO Two Way Relay Channel with Physical Layer Network Coding

Modeling the Channel Time Variation Inside Moving Vehicle

Comprehensive Evaluation of the Localized Certificate Revocation in Mobile Ad Hoc Network

Energy-Efficient Power Control Scheme for Device-to-Device Communications

Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks