Litcius/Paper detail

Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis

Yusuf Alaca, Yüksel Çelik, Sanjay Goel

2023Chaos Theory and Applications16 citationsDOIOpen Access PDF

Abstract

Intrusion detection systems utilize the analysis of log data to effectively detect anomalies. However, detecting anomalies quickly and effectively in large and heterogeneous log data can be challenging. To address this difficulty, this study proposes the GLSTM (Graph-based Long Short-Term Memory) framework, a graph-based deep learning model that analyzes log data to detect cyber-attacks rapidly and effectively. The framework involves standardizing the complex and diverse log data, training this data on an artificial intelligence model, and detecting anomalies. Initially, the complex and diverse log data is transformed into graph data using Node2Vec, enabling efficient and rapid analysis on the artificial intelligence model. Subsequently, these graph data are trained using LSTM (Long Short-Term Memory), Bi-LSTM, and GRU(Gated Recurrent Unit) deep learning algorithms. The proposed framework is tested using Hadoop’s HDFS dataset, collected from different systems and heterogeneous sources, as well as the BGL and IMDB datasets. Experimental results on the selected datasets demonstrate high levels of success.

Topics & Concepts

Computer scienceGraphAnomaly detectionIntrusion detection systemArtificial intelligenceLong short term memoryData miningDeep learningData modelingPattern recognition (psychology)Machine learningRecurrent neural networkArtificial neural networkTheoretical computer scienceDatabaseSoftware System Performance and ReliabilityNetwork Security and Intrusion DetectionAnomaly Detection Techniques and Applications
Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis | Litcius