nLSALog: An Anomaly Detection Framework for Log Sequence in Security Management

For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2019, Vol.7, p.181152-181164
Main Authors: Yang, Ruipeng, Qu, Dan, Gao, Ying, Qian, Yekui, Tang, Yongwang
Format: Article
Language:English
Subjects:
Anomalies
Anomaly detection
Cybersecurity
Data analysis
intelligent transportation system
Intelligent transportation systems
Log sequence anomaly detection
LSTM
Machine learning
Malware
Markov processes
Security management
self attention
Task analysis
Training
word embedding
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:For the security defense in the current Intelligent Transportation System (ITS), malware is often used as the security analysis data source, but only the known attack type can be detected. A general anomaly detection framework is proposed, using log data as the analysis data source. By modeling the log template sequence as a natural language sequence and using the stacked Long Short-Term Memory (LSTM) with self-attention mechanism, the framework can effectively extract the hidden pattern of the log template sequence, and well express the dependencies inside the log template sequence. The experimental results show that the overall accuracy of log sequence anomaly detection of the detection framework is better than that of existing methods and the time cost is lower.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2953981