Anomaly Detection from Network Logs Using Diffusion Maps

  • Tuomo Sipola
  • Antti Juvonen
  • Joel Lehtonen
Conference paper

DOI: 10.1007/978-3-642-23957-1_20

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 363)
Cite this paper as:
Sipola T., Juvonen A., Lehtonen J. (2011) Anomaly Detection from Network Logs Using Diffusion Maps. In: Iliadis L., Jayne C. (eds) Engineering Applications of Neural Networks. IFIP Advances in Information and Communication Technology, vol 363. Springer, Berlin, Heidelberg

Abstract

The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done by applying diffusion maps. The method is adaptive and thus does not need training before analysis. We tested the method with data that includes normal and intrusive traffic to a web server. This approach finds all intrusions in the dataset.

Keywords

intrusion detection anomaly detection n-grams diffusion map data mining machine learning 
Download to read the full conference paper text

Copyright information

© International Federation for Information Processing 2011

Authors and Affiliations

  • Tuomo Sipola
    • 1
  • Antti Juvonen
    • 1
  • Joel Lehtonen
    • 1
  1. 1.Department of Mathematical Information TechnologyUniversity of JyväskyläFinland

Personalised recommendations