Monitoring Network Logs for Anomalous Activity
نویسندگان
چکیده
We report on the progress of the VenusDB active-database system as driven by WatchDog, an application in network intrusion detection. The application is typical of a class of problems we coin monotonic log monitoring systems. These are systems where real-time data sources are logged to a database for transactional assurances and the database further provides services for decision support. Milestones comprise the successful layering of a Venus language executable with Oracle through the use of the Venus Abstract Machine Interface (AMI, a data abstraction interface) and Oracle’s native trigger mechanism. The identification of monotonic-logging systems as an interesting application class enables us to limit coupling modes and to identify an effective layered architecture.
منابع مشابه
Recurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection
Automated analysis methods are crucial aids for monitoring and defending a network to protect the sensitive or confidential data it hosts. This work introduces a flexible, powerful, and unsupervised approach to detecting anomalous behavior in computer and network logs; one that largely eliminates domain-dependent feature engineering employed by existing methods. By treating system logs as threa...
متن کاملExploratory Machine Learning Analysis of Real Network Log Data
Intrusion detection systems often rely on hard checks of incoming requests to identify whether traffic is safe or malicious. Various machine learning approaches have been developed to mine large-scale network logs and help to identify anomalous traffic patterns. In this paper, we apply several machine learning approaches to real data from the MIT network. We describe how these methods could be ...
متن کاملA Data Clustering Algorithm for Mining Patterns From Event Logs
Today, event logs contain vast amounts of data that can easily overwhelm a human. Therefore, mining patterns from event logs is an important system management task. This paper presents a novel clustering algorithm for log file data sets which helps one to detect frequent patterns from log files, to build log file profiles, and to identify anomalous log file lines. Keywords—system monitoring, da...
متن کاملA Visual Approach for Monitoring Logs
Analyzing and monitoring logs that portray system, user, and network activity is essential to meet the requirements of high security and optimal resource availability. While most systems now possess satisfactory logging facilities, the tools to monitor and interpret such event logs are still in their infancy. This paper describes an approach to relieve system and network administrators from man...
متن کاملLocal Anomaly Detection for Network System Log Monitoring
Huge amounts of operation data, including system logs, are being collected from communication networks. System operators and developers need easy to use and robust decision support tools based on these data. One of their key applications is to detect anomalous phenomena of the network. We present an anomaly detection method that describes the normal states of the system with a self organizing m...
متن کاملUnsupervised Anomaly Detection in Noisy Business Process Event Logs Using Denoising Autoencoders
Business processes are prone to subtle changes over time, as unwanted behavior manifests in the execution over time. This problem is related to anomaly detection, as these subtle changes start of as anomalies at first, and thus it is important to detect them early. However, the necessary process documentation is often outdated, and thus not usable. Moreover, the only way of analyzing a process ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998