Back close

Long Short-term Memory based Operation log Anomaly Detection

Publication Type : Conference Paper

Authors : Dr. Soman K. P., R. Vinayakumar; P. Poornachandran

Source : 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (2017)

Keywords : Anomaly detection, arbitrary length sequences, Computer architecture, Cyber Security Data Mining Competition, Data mining, Data models, deep learning: Recurrent neural network (RNN), events classification, events detection, hidden layer, Hidden Markov models, learning (artificial intelligence), Logic gates, Long short-term memory (LSTM) and Stacked-long short-term memory (S-LSTM), long short-term memory architecture, long-range temporal dependencies, LSTM network, operation log anomaly detection, Operation logs, Pattern classification, recurrent LSTM layer, recurrent neural nets, Recurrent neural networks, S-LSTM network architecture, Security of data, sparse representations, temporal behaviors learning, Time series, Time-series

Campus : Coimbatore

School : School of Engineering

Center : Computational Engineering and Networking

Department : Computer Science

Year : 2017

Abstract : Long short-term memory (LSTM) architecture is an important approach for capturing long-range temporal dependencies in sequences of arbitrary length. Moreover, stacked-LSTM (S-LSTM: formed by adding recurrent LSTM layer to the existing LSTM network in hidden layer) has capability to learn temporal behaviors quickly with sparse representations. To apply this to anomaly detection, we model the operation log samples of normal and anomalous events occurred in 1 minute time interval as time-series with the aim to detect and classify the events as either normal or anomalous. To select an appropriate LSTM network, experiments are conducted for various network parameters and network structures with the dataset provided by Cyber Security Data Mining Competition (CDMC2016). The experiments are run up to 1000 epochs with learning rate in the range [0.01-05]. S-LSTM network architecture has showed its strength by achieving the highest accuracy 0.996 with false positive rate 0.02 on the provided real-world test data by CDMC2016.

Cite this Research Publication : R. Vinayakumar, Dr. Soman K. P., and Poornachandran, P., “Long Short-term Memory based Operation log Anomaly Detection”, in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017.

Admissions Apply Now