Abstract
Security logs in cloud environment like intrusion detection system (IDS) logs, firewall logs, and system logs provide historical information describing potential security risks. However, the use of logs for cyber intrusion detection relies heavily on expert knowledge. It is very difficult for the non-expert to identify these intrusion behaviors. This paper proposes a new method for mining association rules from multi-source logs to detect various intrusion behaviors in the cloud computing platform. In this method, a rule base is constructed to detect cyber intrusion. An adaptive approach is used to speed up the calculation of the association rule mining, in which the decision depends on the time complexity of the algorithm. Various cyber-attacks are simulated in the verification experiments which show the calculation speed of the proposed method is faster than other algorithms. Furthermore, compared with other methods, the performance of the proposed intrusion detection method is better than others in term of precision, recall, and f-measure.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Agrawal R, Srikant R, et al. (1994) Fast algorithms for mining association rules. In Proc. 20th int. conf. very large data bases. VLDB 1215:487–499
Ashfaq RAR, Wang X-Z, Huang JZ, Abbas H, He Y-L (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci 378:484–497
Bao L, Li Q, Lu P, Lu J, Ruan T, Ke Z (2018) Execution anomaly detection in large-scale systems through console log analysis. J Syst Softw 143:172–186
Bhati BS, Rai C S, Balamurugan B, Al-Turjman F (2020) An intrusion detection scheme based on the ensemble of discriminant classifiers. Comput Electr Eng 86:106742
Brahmi H, Brahmi I, Yahia SB (2012) Omc-ids: at the cross-roads of olap mining and intrusion detection. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining. Springer, pp 13–24
Buczak AL (2015) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18(2):1153–1176
Caminero G, Lopez-Martin M, Carro B (2019) Adversarial environment reinforcement learning algorithm for intrusion detection. Comput Netw 159:96–109
Ċavuṡoġlu Ü (2019) A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49(7):2735–2761
Chen L, Leneutre J (2009) A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Trans Inf Forens Secur 4(2):165–178
Dean J, Ghemawat S (2008) Mapreduce: simplified data processing on large clusters. Commun ACM 51(1):107–113
Dutkevych T, Piskozub A, Tymoshyk N (2007) Real-time intrusion prevention and anomaly analyze system for corporate networks. In: 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. IEEE, pp 599–602
Duy PH, Diep NN (2017) Intrusion detection using deep neural network. South Asian J Sci 5(2):111–125
Fu Q, Lou J-G, Wang Y, Li J (2009) Execution anomaly detection in distributed systems through unstructured log analysis. In: 2009 ninth IEEE international conference on data mining. IEEE, pp 149–158
Husák M, Komárková J, Bou-Harb E, Čeleda P (2018) Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun Surv Tutorials 21(1):640–660
Jiang C-B, Liu I-H, Chung Y-N, Li J-S (2016) Novel intrusion prediction mechanism based on honeypot log similarity. Int J Netw Manag 26(3):156–175
Khan S, Parkinson S (2018) Eliciting and utilising knowledge for security event log analysis: An association rule mining and automated planning approach. Expert Syst Appl 113:116–127
Kim H, Kim J, Kim Y, Kim I, Kim KJ (2019) Design of network threat detection and classification based on machine learning on cloud computing. Clust Comput 22(1):2341– 2350
Kim Y-H, Park WH (2014) A study on cyber threat prediction based on intrusion detection event for apt attack detection. Multimed Tools Appl 71(2):685–698
Kumar G (2020) An improved ensemble approach for effective intrusion detection. J Supercomput 76(1):275–291
Lee W, Stolfo S (1998) Data mining approaches for intrusion detection
Li W (2004) Using genetic algorithm for network intrusion detection. Proc U S Depart Energy Cyber Secur Group 1:1–8
Lu S, Wei X, Rao B, Tak B, Wang L, Wang L (2019) Ladra: Log-based abnormal task detection and root-cause analysis in big data processing with spark. Futur Gener Comput Syst 95:392–403
Lu X, Han J, Ren Q, Dai H, Li J, Ou J (2018) Network threat detection based on correlation analysis of multi-platform multi-source alert data. Multimed Tools Appl:1–15
Mahdavifar S, Ghorbani AA (2019) Application of deep learning to cybersecurity A survey. Neurocomputing 347:149–176
Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182
Naseer S, Saleem Y (2018) Enhanced network intrusion detection using deep convolutional neural networks. KSII Trans Internet Inf Syst 12(10):5159–5178
Padillo F, Luna JM, Herrera F, Ventura S (2018) Mining association rules on big data through mapreduce genetic programming. Integr Comput-Aided Eng 25(1):31–48
Rathee S, Kashyap A (2018) Adaptive-miner: an efficient distributed association rule mining algorithm on spark. J Big Data 5(1):1–17
Selvakumar B, Muneeswaran K (2019) Firefly algorithm based feature selection for network intrusion detection. Comput Secur 81:148–155
Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of ip flow-based intrusion detection. IEEE commun Surv Tutorials 12(3):343–356
Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: International Workshop on Recent Advances in Intrusion Detection. Springer, pp 203–222
Wang M, Zheng K, Yang Y, Wang X (2020) An explainable machine learning framework for intrusion detection systems. IEEE Access 8:73127–73141
Wattanapongsakorn N, Charnsripinyo C (2015) Web-based monitoring approach for network-based intrusion detection and prevention. Multimed Tools Appl 74(16):6391–6411
Xia D, Lu X, Li H, Wang W, Li Y, Zhang Z (2018) A mapreduce-based parallel frequent pattern growth algorithm for spatiotemporal association analysis of mobile trajectory big data. Complexity:1–16
Yang J, Deng J, Li S, Hao Y (2017) Improved traffic detection with support vector machine based on restricted boltzmann machine. Soft Comput 21(11):3101–3112
Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961
Acknowledgements
The authors would like to acknowledge funding support from the National Natural Science Foundation Committee (NSFC) of China (grant no. 51905397) and The Fundamental Research Funds for the Central Universities and (WUT:2018III069GX), (WUT:2019III071GX), as well as the contributions from all collaborators with in the projects mentioned.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Lou, P., Lu, G., Jiang, X. et al. Cyber intrusion detection through association rule mining on multi-source logs. Appl Intell 51, 4043–4057 (2021). https://doi.org/10.1007/s10489-020-02007-5
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-020-02007-5