Big-data analysis of multi-source logs for anomaly detection on network-based system

Zhanpei Jia; Chao Shen; Xiao Yi; Yufei Chen; Tianwen Yu; Xiaohong Guan

doi:10.1109/COASE.2017.8256257

Big-data analysis of multi-source logs for anomaly detection on network-based system

Zhanpei Jia
, Chao Shen
, Xiao Yi
, Yufei Chen
, Tianwen Yu
, Xiaohong Guan

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

20 Citations (Scopus)

Abstract

Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios. © 2017 IEEE.

Original language	English
Title of host publication	2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017
Publisher	IEEE Computer Society
Pages	1136-1141
Volume	2017-August
ISBN (Print)	9781509067800
DOIs	https://doi.org/10.1109/COASE.2017.8256257
Publication status	Published - 1 Jul 2017
Externally published	Yes
Event	13th IEEE Conference on Automation Science and Engineering, CASE 2017 - Xi'an, China Duration: 20 Aug 2017 → 23 Aug 2017

Publication series

Name	IEEE International Conference on Automation Science and Engineering
Volume	2017-August
ISSN (Print)	2161-8070
ISSN (Electronic)	2161-8089

Conference

Conference	13th IEEE Conference on Automation Science and Engineering, CASE 2017
Place	China
City	Xi'an
Period	20/08/17 → 23/08/17

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

Funding

*This research is supported in part by National Natural Science Foundation of China (61403301, 61221063), China Postdoctoral Science Foundation (2014M560783, 2015T81032), Natural Science Foundation of Shaanxi Province (2015JQ6216), Open Project Program of the National Laboratory of Pattern Recognition (NLPR), and Fundamental Research Funds for the Central Universities (xjj2015115).

Access Output

10.1109/COASE.2017.8256257

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Jia, Z., Shen, C., Yi, X., Chen, Y., Yu, T., & Guan, X. (2017). Big-data analysis of multi-source logs for anomaly detection on network-based system. In 2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017 (Vol. 2017-August, pp. 1136-1141). (IEEE International Conference on Automation Science and Engineering; Vol. 2017-August). IEEE Computer Society. https://doi.org/10.1109/COASE.2017.8256257

@inproceedings{93aacdc9c5f246d7ba20ef2448c1eed5,

title = "Big-data analysis of multi-source logs for anomaly detection on network-based system",

abstract = "Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios. {\textcopyright} 2017 IEEE.",

author = "Zhanpei Jia and Chao Shen and Xiao Yi and Yufei Chen and Tianwen Yu and Xiaohong Guan",

note = "Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].; 13th IEEE Conference on Automation Science and Engineering, CASE 2017 ; Conference date: 20-08-2017 Through 23-08-2017",

year = "2017",

month = jul,

day = "1",

doi = "10.1109/COASE.2017.8256257",

language = "English",

isbn = "9781509067800",

volume = "2017-August",

series = "IEEE International Conference on Automation Science and Engineering",

publisher = "IEEE Computer Society",

pages = "1136--1141",

booktitle = "2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017",

address = "United States",

}

Jia, Z, Shen, C, Yi, X, Chen, Y, Yu, T & Guan, X 2017, Big-data analysis of multi-source logs for anomaly detection on network-based system. in 2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017. vol. 2017-August, IEEE International Conference on Automation Science and Engineering, vol. 2017-August, IEEE Computer Society, pp. 1136-1141, 13th IEEE Conference on Automation Science and Engineering, CASE 2017, Xi'an, China, 20/08/17. https://doi.org/10.1109/COASE.2017.8256257

Big-data analysis of multi-source logs for anomaly detection on network-based system. / Jia, Zhanpei; Shen, Chao; Yi, Xiao et al.
2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017. Vol. 2017-August IEEE Computer Society, 2017. p. 1136-1141 (IEEE International Conference on Automation Science and Engineering; Vol. 2017-August).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Big-data analysis of multi-source logs for anomaly detection on network-based system

AU - Jia, Zhanpei

AU - Shen, Chao

AU - Yi, Xiao

AU - Chen, Yufei

AU - Yu, Tianwen

AU - Guan, Xiaohong

N1 - Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

PY - 2017/7/1

Y1 - 2017/7/1

N2 - Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios. © 2017 IEEE.

AB - Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios. © 2017 IEEE.

UR - https://www.scopus.com/pages/publications/85044955840

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85044955840&origin=recordpage

U2 - 10.1109/COASE.2017.8256257

DO - 10.1109/COASE.2017.8256257

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9781509067800

VL - 2017-August

T3 - IEEE International Conference on Automation Science and Engineering

SP - 1136

EP - 1141

BT - 2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017

PB - IEEE Computer Society

T2 - 13th IEEE Conference on Automation Science and Engineering, CASE 2017

Y2 - 20 August 2017 through 23 August 2017

ER -

Jia Z, Shen C, Yi X, Chen Y, Yu T, Guan X. Big-data analysis of multi-source logs for anomaly detection on network-based system. In 2017 13th IEEE Conference on Automation Science and Engineering, CASE 2017. Vol. 2017-August. IEEE Computer Society. 2017. p. 1136-1141. (IEEE International Conference on Automation Science and Engineering). doi: 10.1109/COASE.2017.8256257

Big-data analysis of multi-source logs for anomaly detection on network-based system

Abstract

Publication series

Conference

Bibliographical note

Funding

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this