Exploring syntactical features for anomaly detection in application logs

In this research, we analyze the effect of lightweight syntactical feature extraction techniques from the field of information retrieval for log abstraction in information security. To this end, we evaluate three feature extraction techniques and three clustering algorithms on four different security datasets for anomaly detection. Results demonstrate that these techniques have a role to play for log abstraction in the form of extracting syntactic features which improves the identification of anomalous minority classes, specifically in homogeneous security datasets.

Copstein, Rafael; Karlsen, Egil; Schwartzentruber, Jeff; Zincir-Heywood, Nur; Heywood, Malcolm (2022): Exploring syntactical features for anomaly detection in application logs. it - Information Technology: Vol. 64, No. 1-2. DOI: 10.1515/itit-2021-0064. Berlin: De Gruyter. PISSN: 2196-7032. pp. 15-27. Article

Schlagwörter

information security , log abstraction , syntactic features , clustering

DOI

10.1515/itit-2021-0064

Sammlungen

it - Information Technology 64(1-2) - April 2022

Komplettanzeige

Exploring syntactical features for anomaly detection in application logs

Volltext URI

Dokumententyp

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen