Log-Based Anomaly Detection with the Improved K-Nearest Neighbor

Wang, Bingming; Song, Ying; Cheng, Guoli; Wang, Rui; Yang, Zhe; Dong, Bo

doi:10.1142/s0218194020500114

Cited by 25 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The results with Auto-LSTM, IKNN and nLSALog for the BGL data set are given in Table 2 a. The precision, recall and F-measure results for negative logs are better than the 92%, 91% and 92%, respectively, with the improved K-nearest neighbors (IKNN) supervised algorithm [ 36 ]. The precision, recall and F-measure results for negative logs are also better than the 82.5%, 94.7% and 88.2%, respectively, with the nLSALog algorithm [ 40 ].…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Two Class Pruned Log Message Anomaly Detection

Farzad

Gulliver

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

Log messages are widely used in cloud servers and other systems. Millions of logs are generated each day which makes them important for anomaly detection. However, they are complex unstructured text messages which makes this task difficult. In this paper, a hybrid log message anomaly detection technique is proposed which employs pruning of positive and negative logs. Reliable positive log messages are first selected using a Gaussian mixture model algorithm. Then reliable negative logs are selected using the K-means, Gaussian mixture model and Dirichlet process Gaussian mixture model methods iteratively. It is shown that the precision for positive and negative logs with pruning is high. Anomaly detection is done using a deep learning long short-term memory network. The proposed model is evaluated using the well-known BGL, Openstack, and Thunderbird data sets. The results obtained indicate that the proposed model performs better than several well-known algorithms.

show abstract

Section: Resultsmentioning

confidence: 99%

“…A decision tree model was considered in [32] to detect faults using log messages. An improved supervised K-nearest neighbors (IKNN) method was employed in [36] to detect anomalies in log messages. However, using supervised methods is not always possible because of the lack of labeled data.…”

Section: Introductionmentioning

confidence: 99%

Two Class Pruned Log Message Anomaly Detection

Farzad

Gulliver

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

show abstract

“…The F-measure is 99.6% for both negative and positive logs. The precision, recall, and F-measure with oversampling for negative logs are better than the 96%, 96%, and 96%, respectively, with the Improved K-Nearest Neighbor algorithm [23].…”

Section: Thunderbirdmentioning

confidence: 87%

Log Message Anomaly Detection with Oversampling

Farzad¹,

Gulliver²

2020

IJAIA

View full text Add to dashboard Cite

Imbalanced data is a significant challenge in classification with machine learning algorithms. This is particularly important with log message data as negative logs are sparse so this data is typically imbalanced. In this paper, a model to generate text log messages is proposed which employs a SeqGAN network. An Autoencoder is used for feature extraction and anomaly detection is done using a GRU network. The proposed model is evaluated with three imbalanced log data sets, namely BGL, OpenStack, and Thunderbird. Results are presented which show that appropriate oversampling and data balancing improves anomaly detection accuracy.

show abstract

“…Liberty veri setinin K-en yakın komşular makine öğrenimi algoritması ile log tabanlı anomali tespiti için 2020 yılına ait bir çalışma kullanıldığı görülmektedir [15]. 2021 yılında gerçekleştirilen başka bir araştırmada log verisindeki anomalilerin taksonomisi konusu araştırılmış ve Thunderbird, Spirit ve BGL veri setlerinin kullanıldığı görülmüştür [16]. Blue Gene/L, Thunderbird, Redstorm, Liberty ve Spirit veri setlerinin oluşturulmaya başlanma tarihleri oldukça eskidir [17].…”

Section: İlgili çAlışmalarunclassified

Big Data Visualization for Cyber Security: BETH Dataset

DOĞANAY

Orman

Dener

2022

ECJSE

View full text Add to dashboard Cite

In this study, the literature on big data visualization for cyber security purposes was scanned and a purposeful data visualization study was carried out on a sample data set. When the visualization study carried out is compared with its counterpart in the literature, it reveals that if the visualization with the criteria suggested in this study is applied, the user (human) can read the graphics much more easily and it will be a facilitating way for attack detection. The criteria in the study are based on the use of current data sets such as BETH and the use of methods such as Principle Component Analysis (PCA).

show abstract

Log-Based Anomaly Detection with the Improved K-Nearest Neighbor

Cited by 25 publications

References 18 publications

Two Class Pruned Log Message Anomaly Detection

Two Class Pruned Log Message Anomaly Detection

Log Message Anomaly Detection with Oversampling

Big Data Visualization for Cyber Security: BETH Dataset

Contact Info

Product

Resources

About