ConAnomaly: Content-Based Anomaly Detection for System Logs

Lv, Dan; Luktarhan, Nurbol; Chen, Yiyong

doi:10.3390/s21186125

Cited by 12 publications

(4 citation statements)

References 33 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It turns out that data instability, i.e., the appearance of previously unknown events, is one of the main issues addressed by the reviewed approaches. The key idea to resolving this problem is currently to represent logs as semantic vectors so that new or changed events can still be compared to known events by measuring their similarities [17], [28], [41], [46], [48], [50], [57], [65], [69], [73]. There are many techniques for generating numeric vectors to represent log events (cf.…”

Section: Discussionmentioning

confidence: 99%

“…comp. Failures [1], [17], [20], [22], [23], [25], [27], [29]- [31], [33], [37]- [40], [42], [44], [46]- [48], [51], [52], [55], [56], [58], [59], [61], [62], [65]- [74], [76]- [78] BlueGene/L (BGL) [89] 2007 High-perf. comp.…”

Section: Data Setmentioning

confidence: 99%

“…-Failures [1], [20], [22], [24], [25], [28], [30], [33]- [37], [39]- [44], [46]- [48], [54], [55], [59], [61], [62], [64]- [66], [69], [73], [74] Thunderbird [89] 2007 High-perf. comp.…”

Section: Data Setmentioning

confidence: 99%

See 2 more Smart Citations

Deep Learning for Anomaly Detection in Log Data: A Survey

Landauer¹,

Onder²,

Skopik³

et al. 2022

Preprint

View full text Add to dashboard Cite

Automatic log file analysis enables early detection of relevant incidents such as system failures. In particular, selflearning anomaly detection techniques capture patterns in log data and subsequently report unexpected log event occurrences to system operators without the need to provide or manually model anomalous scenarios in advance. Recently, an increasing number of approaches leveraging deep learning neural networks for this purpose have been presented. These approaches have demonstrated superior detection performance in comparison to conventional machine learning techniques and simultaneously resolve issues with unstable data formats. However, there exist many different architectures for deep learning and it is nontrivial to encode raw and unstructured log data to be analyzed by neural networks. We therefore carry out a systematic literature review that provides an overview of deployed models, data pre-processing mechanisms, anomaly detection techniques, and evaluations. The survey does not quantitatively compare existing approaches but instead aims to help readers understand relevant aspects of different model architectures and emphasizes open issues for future work.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Data Setmentioning

confidence: 99%

See 1 more Smart Citation

Deep Learning for Anomaly Detection in Log Data: A Survey

Landauer¹,

Onder²,

Skopik³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…DL techniques commonly employed for IDSs include convolutional neural networks for spatial pattern recognition in network traffic [8], recurrent neural networks such as LSTMs for analyzing sequential data such as system logs [9], and autoencoders for anomaly detection by learning compressed representations of normal behavior [10]. While these techniques offer solutions for detecting various cyberthreats and anomalies in diverse network environments, they often require fixed training datasets and may lack the ability to adapt dynamically to new threats.…”

Section: Dl-based Ids Researchmentioning

confidence: 99%

DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection

Strickland,

Zakar,

Saha

et al. 2024

Sensors

View full text Add to dashboard Cite

Our increasingly connected world continues to face an ever-growing number of network-based attacks. An Intrusion Detection System (IDS) is an essential security technology used for detecting these attacks. Although numerous Machine Learning-based IDSs have been proposed for the detection of malicious network traffic, the majority have difficulty properly detecting and classifying the more uncommon attack types. In this paper, we implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our GAN model is trained on the NSL-KDD dataset, a publicly available collection of labeled network traffic data specifically designed to support the evaluation and benchmarking of IDSs. Ultimately, our findings demonstrate that training the DRL model on synthetic datasets generated by specific GAN models can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.

show abstract