Anomaly Detection Using Data Mining Methods in IT Systems: A Decision Support Application

Although there are variousstudies on anomaly detection, simple and effective anomaly detection approachesare still necessary due to the lack of appropriate approaches for large-scalenetwork environments. In the existing analysis methods, it is seen that themethods of preliminary analysis are general...

Full description

Saved in:
Bibliographic Details
Published in:Sakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi 2018-08, Vol.22 (4), p.1-1
Main Authors: Sönmez, Ferdi, Zontul, Metin, Kaynar, Oğuz, Tutar, Hayati
Format: Article
Language:English
Subjects:
anomali tespiti
anomaly detection
artificial neural networks
bellek i̇çi veritabanı sistemleri
data analysis
in-memory database systems
self-organizing maps
som
veri analizi
yapay sinir ağları
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Although there are variousstudies on anomaly detection, simple and effective anomaly detection approachesare still necessary due to the lack of appropriate approaches for large-scalenetwork environments. In the existing analysis methods, it is seen that themethods of preliminary analysis are generally used, the extrapolations and probabilitiesare not taken into account and the unsupervised neural network (NN) methods arenot used enough. As an alternative, the use of the Self-Organizing Maps hasbeen preferred in the study. In other studies, analysis of data obtained fromnetwork traffic is analyzed, here, analysis of other information systems dataand suggestions for alternative solutions are given, too. In addition,in-memory database systems have been used in practice in order to enable fasterprocessing in analysis studies, due to the large size of data to be analyzed inlarge-scale network environments. An analysis of the application log dataobtained from the management tools in the information systems was carried out.After anomaly detection results obtained and the verification test results arecompared, it is found out that anomaly detection process is successful by 96%.The advantage offered for the company and users at IT and security monitoringprocesses is to eliminate the need for pre-qualification and to reduce the heavyworkload. By this way, it is thought that a significant cost item iseliminated. It is also contemplated that the security vulnerabilities andproblems associated with unpredictable issues will be detected through practiceand thus many attacks and problems will be prevented in advance.
ISSN:1301-4048
2147-835X
DOI:10.16984/saufenbilder.365931