{"title":"针对恶意用户活动的在线日志分析","authors":"Poongkuyil Muse, M. S., Hamil Stanly","doi":"10.1109/PCEMS58491.2023.10136101","DOIUrl":null,"url":null,"abstract":"Efficient log analysis involves collecting, evaluating, and managing raw data from computer-generated records. As security vulnerabilities increase, the analysis of logs has become vital and crucial in multidisciplinary domains. Maintaining and analyzing the log is a pivotal part of every organization as tons of logs are generated every millisecond. However, anomaly detection and log parsing addressed so far, rely on a time-consuming training algorithm based on a Machine Learning framework. The proposed method detects anomalies from real-time data generated from the data centre without the need for a training algorithm. Detection and visualization of malicious activities are done by Elasticsearch, Logstash, and Kibana (ELK) framework. The process of shipping, parsing, indexing, and anomaly detection is carried out using an unsupervised machine learning algorithm which gives a clear inference to detect bots and perform unique log session classification. A real-time Apache HTTP Server log is accessed and anomalous behavior is identified based on the incoming requests. Experiments on real-time data show that 13.76% of anomalies are detected on per weekly basis.","PeriodicalId":330870,"journal":{"name":"2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Online Log Analysis(OLA) for Malicious User Activities\",\"authors\":\"Poongkuyil Muse, M. S., Hamil Stanly\",\"doi\":\"10.1109/PCEMS58491.2023.10136101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Efficient log analysis involves collecting, evaluating, and managing raw data from computer-generated records. As security vulnerabilities increase, the analysis of logs has become vital and crucial in multidisciplinary domains. Maintaining and analyzing the log is a pivotal part of every organization as tons of logs are generated every millisecond. However, anomaly detection and log parsing addressed so far, rely on a time-consuming training algorithm based on a Machine Learning framework. The proposed method detects anomalies from real-time data generated from the data centre without the need for a training algorithm. Detection and visualization of malicious activities are done by Elasticsearch, Logstash, and Kibana (ELK) framework. The process of shipping, parsing, indexing, and anomaly detection is carried out using an unsupervised machine learning algorithm which gives a clear inference to detect bots and perform unique log session classification. A real-time Apache HTTP Server log is accessed and anomalous behavior is identified based on the incoming requests. Experiments on real-time data show that 13.76% of anomalies are detected on per weekly basis.\",\"PeriodicalId\":330870,\"journal\":{\"name\":\"2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PCEMS58491.2023.10136101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 2nd International Conference on Paradigm Shifts in Communications Embedded Systems, Machine Learning and Signal Processing (PCEMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PCEMS58491.2023.10136101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Online Log Analysis(OLA) for Malicious User Activities
Efficient log analysis involves collecting, evaluating, and managing raw data from computer-generated records. As security vulnerabilities increase, the analysis of logs has become vital and crucial in multidisciplinary domains. Maintaining and analyzing the log is a pivotal part of every organization as tons of logs are generated every millisecond. However, anomaly detection and log parsing addressed so far, rely on a time-consuming training algorithm based on a Machine Learning framework. The proposed method detects anomalies from real-time data generated from the data centre without the need for a training algorithm. Detection and visualization of malicious activities are done by Elasticsearch, Logstash, and Kibana (ELK) framework. The process of shipping, parsing, indexing, and anomaly detection is carried out using an unsupervised machine learning algorithm which gives a clear inference to detect bots and perform unique log session classification. A real-time Apache HTTP Server log is accessed and anomalous behavior is identified based on the incoming requests. Experiments on real-time data show that 13.76% of anomalies are detected on per weekly basis.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
