Advertisement

Computer Log Anomaly Detection Using Frequent Episodes

  • Perttu Halonen
  • Markus Miettinen
  • Kimmo Hätönen
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 296)

Abstract

In this paper, we propose a set of algorithms to automate the detection of anomalous frequent episodes. The algorithms make use of the hierarchy and frequency of episodes present in an examined sequence of log data and in a history preceding it. The algorithms identify changes in a set of frequent episodes and their frequencies. We evaluate the algorithms and describe tests made using live computer system log data.

References

  1. 1.
    R. Agrawal et al. Fast discovery of association rules. In U.M. Fayyad et al., editors, Adv. in knowl. discovery and data mining, pages 307–328. AAAI, Menlo Park, CA, USA, 1996.Google Scholar
  2. 2.
    J. Boulicaut and A. Bykowski. Frequent closures as a concise representation for binary data mining. In Proc. PAKDD′00, volume 1805 of LNAI, pages 62–73, Kyoto, Japan, April 2000. Springer.Google Scholar
  3. 3.
    S. Forrest et al. Self-nonself discrimination in a computer. In Proc. of the 1994 IEEE Symp. on Research in Security and Privacy, Los Alamos, CA, pages 202–212. IEEE Computer Society Press, 1994.Google Scholar
  4. 4.
    C. Ko et al. Execution monitoring of security-critical programs in distributed systems: a specification-based approach. 1997 IEEE Symp. on Security and Privacy, 00:175–187, 1997.CrossRefGoogle Scholar
  5. 5.
    T. Lane and C.E. Brodley. Sequence matching and learning in anomaly detection for computer security. In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, pages 43–49, July 1997.Google Scholar
  6. 6.
    H. Mannila et al. Discovering frequent episodes in sequences. In Proc. of the First Int. Conf. on Knowledge Discovery and Data Mining (KDD'95), pages 210–215, Montreal, Canada, August 1995. AAAI Press.Google Scholar
  7. 7.
    H. Mannila and H. Toivonen. Discovering generalized episodes using minimal occurrences. In E. Simoudis et al., editors, Proc. of the Second Int. Conf. on Knowledge Discovery and Data Mining (KDD'96), pages 146–151, Portland, Oregon, August 1996. AAAI Press.Google Scholar
  8. 8.
    N. Pasquier et al. Discovering frequent closed itemsets for association rules. LNCS, 1540:398– 416, 1999.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Perttu Halonen
    • 1
  • Markus Miettinen
    • 2
  • Kimmo Hätönen
    • 1
  1. 1.Nokia Siemens NetworksFinland
  2. 2.Nokia Research CenterHelsinkiFinland

Personalised recommendations