TY - JOUR
T1 - AMiner: A Modular Log Data Analysis Pipeline for Anomaly-based Intrusion Detection
AU - Landauer, Max
AU - Wurzenberger, Markus
AU - Skopik, Florian
AU - Hotwagner, Wolfgang
AU - Höld, Georg
PY - 2023/3/31
Y1 - 2023/3/31
N2 - Cyber attacks are omnipresent and their rapid detection is crucial for system security. Signature-based intrusion detection monitors systems for attack indicators and plays an important role in recognizing and preventing such attacks. Unfortunately, it is unable to detect new attack vectors and may be evaded by attack variants. As a solution, anomaly detection employs techniques from machine learning to detect suspicious log events without relying on predefined signatures. While visibility of attacks in network traffic is limited due to encryption of network packets, system log data is available in raw format and thus allows fine-granular analysis. However, system log processing is difficult as it involves different formats and heterogeneous events. To ease log-based anomaly detection, we present the AMiner, an open-source tool in the AECID toolbox that enables fast log parsing, analysis, and alerting. In this article, we outline the AMiner’s modular architecture and demonstrate its applicability in three use-cases.
AB - Cyber attacks are omnipresent and their rapid detection is crucial for system security. Signature-based intrusion detection monitors systems for attack indicators and plays an important role in recognizing and preventing such attacks. Unfortunately, it is unable to detect new attack vectors and may be evaded by attack variants. As a solution, anomaly detection employs techniques from machine learning to detect suspicious log events without relying on predefined signatures. While visibility of attacks in network traffic is limited due to encryption of network packets, system log data is available in raw format and thus allows fine-granular analysis. However, system log processing is difficult as it involves different formats and heterogeneous events. To ease log-based anomaly detection, we present the AMiner, an open-source tool in the AECID toolbox that enables fast log parsing, analysis, and alerting. In this article, we outline the AMiner’s modular architecture and demonstrate its applicability in three use-cases.
KW - Additional Key Words and PhrasesLog data analysis
KW - anomaly detection
KW - intrusion detection systems
UR - https://doi.org/10.1145/3567675
U2 - 10.1145/3567675
DO - 10.1145/3567675
M3 - Article
SN - 2576-5337
VL - 4
SP - 1
EP - 16
JO - Digital Threats: Research and Practice
JF - Digital Threats: Research and Practice
IS - 1
M1 - 12
ER -