nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management

nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management

For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the...

Full description

Bibliographic Details
Main Authors: Ruipeng Yang, Dan Qu, Ying Gao, Yekui Qian, Yongwang Tang
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Log sequence anomaly detection
intelligent transportation system
self attention
word embedding
LSTM
Online Access:https://ieeexplore.ieee.org/document/8903291/
id doaj-8af84541df7f4244811f33a1711bbfaf
record_format Article
spelling doaj-8af84541df7f4244811f33a1711bbfaf2021-03-29T21:59:18ZengIEEEIEEE Access2169-35362019-01-01718115218116410.1109/ACCESS.2019.29539818903291nLSALog: An Anomaly Detection Framework for Log Sequence in Security ManagementRuipeng Yang0https://orcid.org/0000-0002-7373-393XDan Qu1Ying Gao2Yekui Qian3Yongwang Tang4Department of Information System Engineering, PLA Strategic Support Force Information Engineering University, Zhengzhou, ChinaDepartment of Information System Engineering, PLA Strategic Support Force Information Engineering University, Zhengzhou, ChinaDepartment of Computer Science and Engineering, South China University of Technology, Guangzhou, ChinaNetwork Security Laboratory, PLA Army Academy of Artillery and Air Defense, Zhengzhou, ChinaDepartment of Information System Engineering, PLA Strategic Support Force Information Engineering University, Zhengzhou, ChinaFor the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the log template sequence as a natural language sequence and using the stacked Long Short-Term Memory (LSTM) with self-attention mechanism, the framework can effectively extract the hidden pattern of the log template sequence, and well express the dependencies inside the log template sequence. The experimental results show that the overall accuracy of log sequence anomaly detection of the detection framework is better than that of existing methods and the time cost is lower.https://ieeexplore.ieee.org/document/8903291/Log sequence anomaly detectionintelligent transportation systemself attentionword embeddingLSTM
collection DOAJ
language English
format Article
sources DOAJ
author Ruipeng Yang
Dan Qu
Ying Gao
Yekui Qian
Yongwang Tang
spellingShingle Ruipeng Yang
Dan Qu
Ying Gao
Yekui Qian
Yongwang Tang
nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
IEEE Access
Log sequence anomaly detection
intelligent transportation system
self attention
word embedding
LSTM
author_facet Ruipeng Yang
Dan Qu
Ying Gao
Yekui Qian
Yongwang Tang
author_sort Ruipeng Yang
title nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
title_short nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
title_full nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
title_fullStr nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
title_full_unstemmed nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management
title_sort nlsalog: an anomaly detection framework for log sequence in security management
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the log template sequence as a natural language sequence and using the stacked Long Short-Term Memory (LSTM) with self-attention mechanism, the framework can effectively extract the hidden pattern of the log template sequence, and well express the dependencies inside the log template sequence. The experimental results show that the overall accuracy of log sequence anomaly detection of the detection framework is better than that of existing methods and the time cost is lower.
topic Log sequence anomaly detection
intelligent transportation system
self attention
word embedding
LSTM
url https://ieeexplore.ieee.org/document/8903291/
work_keys_str_mv AT ruipengyang nlsalogananomalydetectionframeworkforlogsequenceinsecuritymanagement
AT danqu nlsalogananomalydetectionframeworkforlogsequenceinsecuritymanagement
AT yinggao nlsalogananomalydetectionframeworkforlogsequenceinsecuritymanagement
AT yekuiqian nlsalogananomalydetectionframeworkforlogsequenceinsecuritymanagement
AT yongwangtang nlsalogananomalydetectionframeworkforlogsequenceinsecuritymanagement
_version_ 1724192382999592960

Similar Items