2011
DOI: 10.1007/978-3-642-23957-1_20
|View full text |Cite
|
Sign up to set email alerts
|

Anomaly Detection from Network Logs Using Diffusion Maps

Abstract: Abstract. The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done by applying diffusion maps. The method is adaptive and thus does not need training before analysis. We tested the method with data that includes normal and intrusive traffic to a web server. This approach finds all intrusions in the dataset.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
13
0

Year Published

2012
2012
2020
2020

Publication Types

Select...
5
3

Relationship

5
3

Authors

Journals

citations
Cited by 24 publications
(13 citation statements)
references
References 17 publications
0
13
0
Order By: Relevance
“…The authors have already been involved in developing several network anomaly detection systems [17], [18], [19]. These papers mainly focus on diffusion map (DM) methodology for dimensionality reduction.…”
Section: Related Researchmentioning
confidence: 99%
“…The authors have already been involved in developing several network anomaly detection systems [17], [18], [19]. These papers mainly focus on diffusion map (DM) methodology for dimensionality reduction.…”
Section: Related Researchmentioning
confidence: 99%
“…A distributed environment has been proposed where intelligent agents analyze the network connections using data mining with association rule mining [13]. Moreover, in our previous work we have researched intrusion detection using dimensionality reduction and clustering to find anomalies from network traffic [14], [15].…”
Section: Anomaly-based Intrusion Detection Systemmentioning
confidence: 99%
“…Our study uses 2-gram features generated from the network logs. This approach produces a rather sparse feature matrix [14]. The rule extraction algorithm works with symbolic conjunctive rules.…”
Section: A Feature Extractionmentioning
confidence: 99%
“…Let us call this dataset "A". This case has been presented in an earlier publication [33]. The log files contain mostly normal traffic, but they also include anomalities and actual intrusions.…”
Section: Case 1: Validation With Labeled Data 41 Data Acquisitionmentioning
confidence: 99%