Landauer et al., 2018 - Google Patents
Time series analysis: unsupervised anomaly detection beyond outlier detectionLandauer et al., 2018
View PDF- Document ID
- 2551612640942300615
- Author
- Landauer M
- Wurzenberger M
- Skopik F
- Settanni G
- Filzmoser P
- Publication year
- Publication venue
- Information Security Practice and Experience: 14th International Conference, ISPEC 2018, Tokyo, Japan, September 25-27, 2018, Proceedings 14
External Links
Snippet
Anomaly detection on log data is an important security mechanism that allows the detection of unknown attacks. Self-learning algorithms capture the behavior of a system over time and are able to identify deviations from the learned normal behavior online. The introduction of …
- 238000001514 detection method 0 title abstract description 49
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Landauer et al. | Dynamic log file analysis: An unsupervised cluster evolution approach for anomaly detection | |
| Hassan et al. | Tactical provenance analysis for endpoint detection and response systems | |
| Moustafa et al. | Big data analytics for intrusion detection system: Statistical decision-making using finite dirichlet mixture models | |
| Liu et al. | Host-based intrusion detection system with system calls: Review and future trends | |
| US10909241B2 (en) | Event anomaly analysis and prediction | |
| Deshpande et al. | HIDS: A host based intrusion detection system for cloud computing environment | |
| Landauer et al. | Time series analysis: unsupervised anomaly detection beyond outlier detection | |
| Khraisat et al. | An anomaly intrusion detection system using C5 decision tree classifier | |
| US20220263860A1 (en) | Advanced cybersecurity threat hunting using behavioral and deep analytics | |
| US20200160230A1 (en) | Tool-specific alerting rules based on abnormal and normal patterns obtained from history logs | |
| Al-Ghuwairi et al. | Intrusion detection in cloud computing based on time series anomalies utilizing machine learning | |
| Elsayed et al. | PredictDeep: security analytics as a service for anomaly detection and prediction | |
| Lin et al. | Collaborative alert ranking for anomaly detection | |
| Al-Utaibi et al. | Intrusion detection taxonomy and data preprocessing mechanisms | |
| Skopik et al. | Smart Log Data Analytics | |
| Negoita et al. | Enhanced security using elasticsearch and machine learning | |
| Rehman et al. | FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning | |
| US20230344842A1 (en) | Detection of user anomalies for software as a service application traffic with high and low variance feature modeling | |
| Yang et al. | RShield: A refined shield for complex multi-step attack detection based on temporal graph network | |
| Xuan et al. | New approach for APT malware detection on the workstation based on process profile | |
| Sallay et al. | Intrusion detection alert management for high‐speed networks: current researches and applications | |
| Vinutha et al. | Analysis of NSL-KDD dataset using K-means and canopy clustering algorithms based on distance metrics | |
| Heine | Outlier detection in data streams using OLAP cubes | |
| Isaksson | New outlier detection techniques for data streams | |
| Behera et al. | Anomaly detection of unstructured logs generated from complex micro-service based architecture using one-class SVM |