The extraction of security situation in heterogeneous log based on Str-FSFDP density peak cluster. (28th November 2019)
- Record Type:
- Journal Article
- Title:
- The extraction of security situation in heterogeneous log based on Str-FSFDP density peak cluster. (28th November 2019)
- Main Title:
- The extraction of security situation in heterogeneous log based on Str-FSFDP density peak cluster
- Authors:
- Wang, Chundong
Zhao, Tong
Mo, Xiuliang - Abstract:
- In order to reduce the false alarm rate in the process of security events extraction and discover a wide range of anomalies by scrutinising various logs, an improvement of Str-FSFDP (a fast search and find of peak density based data stream) clustering algorithm in heterogeneous log analysis is presented. Because of the advantages in data attribute relationship analysis for mixed attributes data, this algorithm can classify log data into two types whose corresponding distance measure metrics are designed. Twelve attributes are defined in the unified XML format for clustering in this paper. These attributes are divided by the characteristics of each type of log and the importance of expressing a security event. To match the new micro cluster characteristic vector mentioned in the Str-FSFDP algorithm, this paper uses time gap to improve the UHAD (unsupervised anomaly detection model) framework. The time gap is designed as a threshold value based on micro cluster strategy. Experimental results reveal that the framework using Str-FSFDP clustering algorithm with time threshold can improve the aggregation rate of the log events and reduce the false alarm rate.
- Is Part Of:
- International journal of computational science and engineering. Volume 20:Number 3(2019)
- Journal:
- International journal of computational science and engineering
- Issue:
- Volume 20:Number 3(2019)
- Issue Display:
- Volume 20, Issue 3 (2019)
- Year:
- 2019
- Volume:
- 20
- Issue:
- 3
- Issue Sort Value:
- 2019-0020-0003-0000
- Page Start:
- 387
- Page End:
- 396
- Publication Date:
- 2019-11-28
- Subjects:
- heterogeneous log -- micro cluster -- mixed attributes -- unsupervised anomaly detection
Computer science -- Mathematics -- Periodicals
Computer simulation -- Mathematical aspects -- Periodicals
Computational intelligence -- Periodicals
004.015105 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijcse ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1742-7185
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 11962.xml