Applying Information Retrieval Techniques to Event Log Analysis for Intrusion Detection
نویسنده
چکیده
This paper explores the application of probabilistic information retrieval theories to the field of log analysis and host-based intrusion detection. Strong similarities exist between intrusion detection and information retrieval. Using information retrieval techniques may yield significant improvements to the performance of intrusion detection systems. This paper provides a brief review of current relevant research in intrusion detection and log analysis, introduces information retrieval methods appropriate for intrusion detection, and proposes a framework for an experimental log analysis system. The proposed system is based on Bayesian probability theory and uses a term frequency-inverse document frequency (TF-IDF) measure to identify anomalies.
منابع مشابه
Concept drift detection in event logs using statistical information of variants
In recent years, business process management (BPM) has been highly regarded as an improvement in the efficiency and effectiveness of organizations. Extracting and analyzing information on business processes is an important part of this structure. But these processes are not sustainable over time and may change for a variety of reasons, such as the environment and human resources. These changes ...
متن کاملIntrusion Detection System Using Data Mining Technique
This paper analysis and criticizes the way of using, functioning the intrusion detection system in data mining. Understanding the techniques. data mining approach such as intrusion detection system using association datasets where as in event correlation data mining method we will maintain. traffic analysis and anomaly intrusion detection systems are needed. log data by using a knowledge discov...
متن کاملTools and algorithms to advance interactive intrusion analysis via Machine Learning and Information Retrieval
We consider typical tasks that arise in the intrusion analysis of log data from the perspectives of Machine Learning and Information Retrieval, and we study a number of data organization and interactive learning techniques to improve the analyst’s efficiency. In doing so, we attempt to translate intrusion analysis problems into the language of the abovementioned disciplines and to offer metrics...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملA hybridization of evolutionary fuzzy systems and ant Colony optimization for intrusion detection
A hybrid approach for intrusion detection in computer networks is presented in this paper. The proposed approach combines an evolutionary-based fuzzy system with an Ant Colony Optimization procedure to generate high-quality fuzzy-classification rules. We applied our hybrid learning approach to network security and validated it using the DARPA KDD-Cup99 benchmark data set. The results indicate t...
متن کامل