Potential threats mining methods based on correlation analysis of multi‐type logs

Potential threats mining methods based on correlation analysis of multi‐type logs

Log analysis is an efficiency way to detect threats by scrutinizing the events recorded by the operating systems and devices. However, it is more and more difficult to discover threats accurately due to the massive amount of logs and their various formats. Focusing on this problem, the authors propo...

Full description

Bibliographic Details
Main Authors: Tao Qin, Yuli Gao, Lingyan Wei, Zhaoli Liu, Chenxu Wang
Format: Article
Language:English
Published: Wiley 2018-09-01
Series:IET Networks
Subjects:
correlation analysis
potential attacks
heterogeneous features
feature normalisation
anomaly detection platform
massive logs
Online Access:https://doi.org/10.1049/iet-net.2017.0188
id doaj-b7758bcd289940a78bf5d7eabf97fb12
record_format Article
spelling doaj-b7758bcd289940a78bf5d7eabf97fb122021-09-08T13:49:13ZengWileyIET Networks2047-49542047-49622018-09-017529930510.1049/iet-net.2017.0188Potential threats mining methods based on correlation analysis of multi‐type logsTao Qin0Yuli Gao1Lingyan Wei2Zhaoli Liu3Chenxu Wang4Ministry of Education Key Lab for Intelligent Networks and Network SecurityXi'an Jiaotong UniversityXi'anPeople's Republic of ChinaMinistry of Education Key Lab for Intelligent Networks and Network SecurityXi'an Jiaotong UniversityXi'anPeople's Republic of ChinaMinistry of Education Key Lab for Intelligent Networks and Network SecurityXi'an Jiaotong UniversityXi'anPeople's Republic of ChinaMinistry of Education Key Lab for Intelligent Networks and Network SecurityXi'an Jiaotong UniversityXi'anPeople's Republic of ChinaMinistry of Education Key Lab for Intelligent Networks and Network SecurityXi'an Jiaotong UniversityXi'anPeople's Republic of ChinaLog analysis is an efficiency way to detect threats by scrutinizing the events recorded by the operating systems and devices. However, it is more and more difficult to discover threats accurately due to the massive amount of logs and their various formats. Focusing on this problem, the authors propose a method for potential threats mining based on the correlation analysis of multi‐type logs. Firstly, they extract 12 features, including behavior‐related, attribute‐related and measurable features, from multi‐type logs based on the characteristics of known and potential attacks. They also propose normalization method to deal with these heterogeneous features. Secondly, focusing on solving the problem that analyzing a single type of log can only detect some specific attacks, they employ the logistic regression model to perform correlation analysis on multi‐type logs. Finally, they construct an anomaly detection platform integrated with parallel processing mechanism to process the massive records. The experimental results based on logs collected show that the proposed method has high detection accuracy and low computational complexity, which can be applied to mine potential threats and abnormal users from the massive logs in an actual network environment.https://doi.org/10.1049/iet-net.2017.0188correlation analysispotential attacksheterogeneous featuresfeature normalisationanomaly detection platformmassive logs
collection DOAJ
language English
format Article
sources DOAJ
author Tao Qin
Yuli Gao
Lingyan Wei
Zhaoli Liu
Chenxu Wang
spellingShingle Tao Qin
Yuli Gao
Lingyan Wei
Zhaoli Liu
Chenxu Wang
Potential threats mining methods based on correlation analysis of multi‐type logs
IET Networks
correlation analysis
potential attacks
heterogeneous features
feature normalisation
anomaly detection platform
massive logs
author_facet Tao Qin
Yuli Gao
Lingyan Wei
Zhaoli Liu
Chenxu Wang
author_sort Tao Qin
title Potential threats mining methods based on correlation analysis of multi‐type logs
title_short Potential threats mining methods based on correlation analysis of multi‐type logs
title_full Potential threats mining methods based on correlation analysis of multi‐type logs
title_fullStr Potential threats mining methods based on correlation analysis of multi‐type logs
title_full_unstemmed Potential threats mining methods based on correlation analysis of multi‐type logs
title_sort potential threats mining methods based on correlation analysis of multi‐type logs
publisher Wiley
series IET Networks
issn 2047-4954
2047-4962
publishDate 2018-09-01
description Log analysis is an efficiency way to detect threats by scrutinizing the events recorded by the operating systems and devices. However, it is more and more difficult to discover threats accurately due to the massive amount of logs and their various formats. Focusing on this problem, the authors propose a method for potential threats mining based on the correlation analysis of multi‐type logs. Firstly, they extract 12 features, including behavior‐related, attribute‐related and measurable features, from multi‐type logs based on the characteristics of known and potential attacks. They also propose normalization method to deal with these heterogeneous features. Secondly, focusing on solving the problem that analyzing a single type of log can only detect some specific attacks, they employ the logistic regression model to perform correlation analysis on multi‐type logs. Finally, they construct an anomaly detection platform integrated with parallel processing mechanism to process the massive records. The experimental results based on logs collected show that the proposed method has high detection accuracy and low computational complexity, which can be applied to mine potential threats and abnormal users from the massive logs in an actual network environment.
topic correlation analysis
potential attacks
heterogeneous features
feature normalisation
anomaly detection platform
massive logs
url https://doi.org/10.1049/iet-net.2017.0188
work_keys_str_mv AT taoqin potentialthreatsminingmethodsbasedoncorrelationanalysisofmultitypelogs
AT yuligao potentialthreatsminingmethodsbasedoncorrelationanalysisofmultitypelogs
AT lingyanwei potentialthreatsminingmethodsbasedoncorrelationanalysisofmultitypelogs
AT zhaoliliu potentialthreatsminingmethodsbasedoncorrelationanalysisofmultitypelogs
AT chenxuwang potentialthreatsminingmethodsbasedoncorrelationanalysisofmultitypelogs
_version_ 1717762406858358784

Similar Items