Towards Detecting Anomalies in Log-Event Sequences with Deep Learning: Open Research Challenges

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung

Abstract

Anomaly Detection (AD) is an important area to reliably detect malicious behavior and attacks on computer systems. Log data is a rich source of information about systems and thus provides a suitable input for AD. With the sheer amount of log data available today, Machine Learning (ML) and its further development Deep Learning (DL) have been applied for years to create models for AD. Especially when processing complex log data, DL is often able to achieve better performance than ML. To detect anomalous patterns that span over multiple log lines, it is necessary to group these log lines into log-event sequences. This work uses a Long Short-Term Memory (LSTM) model for AD which is one of the most important approaches to represent long-range temporal dependencies in log-event sequences of arbitrary length. This means that we use past information to predict whether future events are normal or anomalous. For the LSTM model we adapt a state of the art open source implementation called LogDeep. For the evaluation, we use a Hadoop Distributed File System (HDFS) data set, which is well studied in current research, and an open source Audit data set provided by the Austrian Institute of Technology (AIT). In this paper we show that without padding, a common preprocessing step used that strongly influences the AD process and artificially improves detection results and thus accuracy in lab testing, it is not possible to achieve the same high quality of results shown in literature. Furthermore, we analyze limitations of DL approaches applied for AD and list future research priorities and design challenges.
OriginalspracheEnglisch
TitelEICC 2023: European Interdisciplinary Cybersecurity Conference
Redakteure/-innenAleksandra Mileva, Steffen Wendzel, Virginia Franqueira
Seiten71-77
Seitenumfang7
PublikationsstatusVeröffentlicht - 14 Juni 2023
VeranstaltungEICC 2023: European Interdisciplinary Cybersecurity Conference - Stavanger, Norwegen
Dauer: 14 Juni 202315 Juni 2023

Konferenz

KonferenzEICC 2023: European Interdisciplinary Cybersecurity Conference
Land/GebietNorwegen
StadtStavanger
Zeitraum14/06/2315/06/23

Research Field

  • Cyber Security

Fingerprint

Untersuchen Sie die Forschungsthemen von „Towards Detecting Anomalies in Log-Event Sequences with Deep Learning: Open Research Challenges“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren