Big-data analysis of multi-source logs for anomaly detection on network-based system

Jia, Zhanpei; Shen, Chao; Xiao, Yi; Chen, Yufei; Yu, Tianwen; Guan, Xiaohong

doi:10.1109/coase.2017.8256257

Cited by 19 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The idea of using system log information for security auditing was first introduced by James P. Anderson in 1980 [14], and it was not until 1995 that the first practical network security vulnerability auditing software, SATAN, was released, but SATAN is technically demanding and very inconvenient to use [15]. In recent years, many tools have emerged in this area, but most are system user-based audit tools, such as SCE (Security Configuration Editor) in Windows NT 5.0 or the audit tools that come with Unix, which has limited ability to audit security events in the entire network.…”

Section: Current Developments In Audit Technologymentioning

confidence: 99%

Design of a Network Security Audit System Based on Log Data Mining

Xing

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The purpose of network security auditing is to safeguard network and information security through the assessment of network security vulnerabilities. Data mining is mainly used to mine potential information from massive amounts of log data, which can provide both accurate and valuable auxiliary data for network security auditing and relevant information for monitoring and management of terminals in different network environments. Firstly, the theory of data mining technology is explained, secondly, some data mining algorithms applied to network security audit are discussed, and finally, the design difficulties and functions of the network security audit system based on data mining are studied, aiming to provide reference for securing network and identifying hidden risks.

show abstract

Section: Current Developments In Audit Technologymentioning

confidence: 99%

Design of a Network Security Audit System Based on Log Data Mining

Xing

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…to be devised in order to analyze this heterogeneous and multi-sourced data [35]. Analysis of such big data enables us to effectively keep track of occurred events, identify similarities from incidents, deploy resources and make quick decisions accordingly [36].…”

Section: Introductionmentioning

confidence: 99%

Big Data Analytics and Mining for Effective Visualization and Trends Forecasting of Crime Data

et al. 2019

View full text Add to dashboard Cite

Big data analytics (BDA) is a systematic approach for analyzing and identifying different patterns, relations, and trends within a large volume of data. In this paper, we apply BDA to criminal data where exploratory data analysis is conducted for visualization and trends prediction. Several the state-of-theart data mining and deep learning techniques are used. Following statistical analysis and visualization, some interesting facts and patterns are discovered from criminal data in San Francisco, Chicago, and Philadelphia. The predictive results show that the Prophet model and Keras stateful LSTM perform better than neural network models, where the optimal size of the training data is found to be three years. These promising outcomes will benefit for police departments and law enforcement organizations to better understand crime issues and provide insights that will enable them to track activities, predict the likelihood of incidents, effectively deploy resources and optimize the decision making process. INDEX TERMS Big data analytics (BDA), data mining, data visualization, neural network, time series forecasting.

show abstract

“…These classifiers were applied to the network log records to identify different types of network activity and detect any anomalies or suspicious behavior. Jia et al [16] proposed a data security platform based on Spark, which is designed to identify abnormal network behavior. The platform utilizes Spark's distributed computing capabilities to analyze large volumes of network data in real time and identify any suspicious activity.…”

Section: Literature Reviewmentioning

confidence: 99%

Firewall Log Classification: Leveraging Feature Selection and Stacking Ensemble

Monfared,

Borna

2024

Preprint

View full text Add to dashboard Cite

Firewall logs can provide valuable information about attempted security breaches and attacks. By classifying these logs, security teams can more easily identify patterns and potential threats, allowing them to take proactive measures to protect their systems. This paper presents a thorough analysis of the various features found in firewall log data. It focuses on selecting the most crucial features using feature selection techniques. The recommended feature sets are then assessed using stacking ensemble XGBoost to demonstrate their suitability. In order to compare the effectiveness of different feature selection techniques, we evaluated at least one member from each technique family using the proposed method. The experimental findings indicate that when Feature Shuffle Random Forest is used in conjunction with the proposed approach, the resulting model is the most accurate, achieving a performance evaluation metric of 99.93\%, signifying exceptional accuracy.

show abstract

Big-data analysis of multi-source logs for anomaly detection on network-based system

Cited by 19 publications

References 10 publications

Design of a Network Security Audit System Based on Log Data Mining

Design of a Network Security Audit System Based on Log Data Mining

Big Data Analytics and Mining for Effective Visualization and Trends Forecasting of Crime Data

Firewall Log Classification: Leveraging Feature Selection and Stacking Ensemble

Contact Info

Product

Resources

About