nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management

nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management

For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the...

Full description

Bibliographic Details
Main Authors: Ruipeng Yang, Dan Qu, Ying Gao, Yekui Qian, Yongwang Tang
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Log sequence anomaly detection
intelligent transportation system
self attention
word embedding
LSTM
Online Access:https://ieeexplore.ieee.org/document/8903291/
Description
Summary:For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the log template sequence as a natural language sequence and using the stacked Long Short-Term Memory (LSTM) with self-attention mechanism, the framework can effectively extract the hidden pattern of the log template sequence, and well express the dependencies inside the log template sequence. The experimental results show that the overall accuracy of log sequence anomaly detection of the detection framework is better than that of existing methods and the time cost is lower.
ISSN:2169-3536

Similar Items