Engineering Applications of Neural Networks pp 172-181
Anomaly Detection from Network Logs Using Diffusion Maps
- Cite this paper as:
- Sipola T., Juvonen A., Lehtonen J. (2011) Anomaly Detection from Network Logs Using Diffusion Maps. In: Iliadis L., Jayne C. (eds) Engineering Applications of Neural Networks. IFIP Advances in Information and Communication Technology, vol 363. Springer, Berlin, Heidelberg
The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done by applying diffusion maps. The method is adaptive and thus does not need training before analysis. We tested the method with data that includes normal and intrusive traffic to a web server. This approach finds all intrusions in the dataset.