{"title":"Anomaly Detection on Real-time Security Log using Stream Processing","authors":"W. Limprasert, P. Jantana, Avirut Liangsiri","doi":"10.1109/iSAI-NLP56921.2022.9960280","DOIUrl":null,"url":null,"abstract":"Many critical tasks such as document approval and banking services, which are now hosted on cloud infrastructure. This transformation introduces stress on cloud security from the physical layer of the data center to the application layer of web application. All data access and service access need to be monitored and responded to in real-time. In this paper, we study methods to detect anomaly incidents such as spikes from network volume, malicious incidents from API scanning, error messages from internal systems and timeout from Slowloris attack[l]. We select machine learning based anomaly detection algorithms, such as LOF, Isolation Forest and Elliptic Envelope, to find suitable methods to detect incidents in real-time using stream processing tools including Kafka and message ingression. The result shows that LOF is fast and robust in most of the cases. However, when log messages have unseen words, which normally need to be hashed to preprocess, the Isolation Forest shows better results. This study shows the possibility of applying stream processing with machine learning to detect anomaly behavior for cloud services.","PeriodicalId":399019,"journal":{"name":"2022 17th International Joint Symposium on Artificial Intelligence and Natural Language Processing (iSAI-NLP)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 17th International Joint Symposium on Artificial Intelligence and Natural Language Processing (iSAI-NLP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iSAI-NLP56921.2022.9960280","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Many critical tasks such as document approval and banking services, which are now hosted on cloud infrastructure. This transformation introduces stress on cloud security from the physical layer of the data center to the application layer of web application. All data access and service access need to be monitored and responded to in real-time. In this paper, we study methods to detect anomaly incidents such as spikes from network volume, malicious incidents from API scanning, error messages from internal systems and timeout from Slowloris attack[l]. We select machine learning based anomaly detection algorithms, such as LOF, Isolation Forest and Elliptic Envelope, to find suitable methods to detect incidents in real-time using stream processing tools including Kafka and message ingression. The result shows that LOF is fast and robust in most of the cases. However, when log messages have unseen words, which normally need to be hashed to preprocess, the Isolation Forest shows better results. This study shows the possibility of applying stream processing with machine learning to detect anomaly behavior for cloud services.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
