Deep Learning-based Anomaly Detection and Log Analysis for Computer Networks

• URL: http://arxiv.org/abs/2407.05639v2
• Date: Sat, 14 Sep 2024 06:14:01 GMT
• Title: Deep Learning-based Anomaly Detection and Log Analysis for Computer Networks
• Authors: Shuzhan Wang, Ruxue Jiang, Zhaoqi Wang, Yan Zhou,
• Abstract summary: We propose an innovative fusion model that integrates Isolation Forest, GAN, and Transformer. The model significantly improves the accuracy of anomaly detection while reducing the false alarm rate. It also performs well in the log analysis task and is able to quickly identify anomalous behaviors.
• Score: 5.809158072574843
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Computer network anomaly detection and log analysis, as an important topic in the field of network security, has been a key task to ensure network security and system reliability. First, existing network anomaly detection and log analysis methods are often challenged by high-dimensional data and complex network topologies, resulting in unstable performance and high false-positive rates. In addition, traditional methods are usually difficult to handle time-series data, which is crucial for anomaly detection and log analysis. Therefore, we need a more efficient and accurate method to cope with these problems. To compensate for the shortcomings of current methods, we propose an innovative fusion model that integrates Isolation Forest, GAN (Generative Adversarial Network), and Transformer with each other, and each of them plays a unique role. Isolation Forest is used to quickly identify anomalous data points, and GAN is used to generate synthetic data with the real data distribution characteristics to augment the training dataset, while the Transformer is used for modeling and context extraction on time series data. The synergy of these three components makes our model more accurate and robust in anomaly detection and log analysis tasks. We validate the effectiveness of this fusion model in an extensive experimental evaluation. Experimental results show that our model significantly improves the accuracy of anomaly detection while reducing the false alarm rate, which helps to detect potential network problems in advance. The model also performs well in the log analysis task and is able to quickly identify anomalous behaviors, which helps to improve the stability of the system. The significance of this study is that it introduces advanced deep learning techniques, which work anomaly detection and log analysis.

Related papers

• Explainable Online Unsupervised Anomaly Detection for Cyber-Physical Systems via Causal Discovery from Time Series [1.223779595809275]
  State-of-the-art approaches based on deep learning via neural networks achieve outstanding performance at anomaly recognition. We show that our method has higher training efficiency, outperforms the accuracy of state-of-the-art neural architectures.
  arXiv  Detail & Related papers  (2024-04-15T15:42:12Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning [58.85063149619348]
  We propose PULL, an iterative log analysis method for reactive anomaly detection based on estimated failure time windows. Our evaluation shows that PULL consistently outperforms ten benchmark baselines across three different datasets.
  arXiv  Detail & Related papers  (2023-01-25T16:34:43Z)
• A Robust and Explainable Data-Driven Anomaly Detection Approach For Power Electronics [56.86150790999639]
  We present two anomaly detection and classification approaches, namely the Matrix Profile algorithm and anomaly transformer. The Matrix Profile algorithm is shown to be well suited as a generalizable approach for detecting real-time anomalies in streaming time-series data. A series of custom filters is created and added to the detector to tune its sensitivity, recall, and detection accuracy.
  arXiv  Detail & Related papers  (2022-09-23T06:09:35Z)
• TranAD: Deep Transformer Networks for Anomaly Detection in Multivariate Time Series Data [13.864161788250856]
  TranAD is a deep transformer network based anomaly detection and diagnosis model. It uses attention-based sequence encoders to swiftly perform inference with the knowledge of the broader temporal trends in the data. TranAD can outperform state-of-the-art baseline methods in detection and diagnosis performance with data and time-efficient training.
  arXiv  Detail & Related papers  (2022-01-18T19:41:29Z)
• Convolutional generative adversarial imputation networks for spatio-temporal missing data in storm surge simulations [86.5302150777089]
  Generative Adversarial Imputation Nets (GANs) and GAN-based techniques have attracted attention as unsupervised machine learning methods. We name our proposed method as Con Conval Generative Adversarial Imputation Nets (Conv-GAIN)
  arXiv  Detail & Related papers  (2021-11-03T03:50:48Z)
• Fast Wireless Sensor Anomaly Detection based on Data Stream in Edge Computing Enabled Smart Greenhouse [5.716360276016705]
  Edge computing enabled smart greenhouse is a representative application of Internet of Things technology. Traditional anomaly detection algorithms have not properly considered the inherent characteristics of data stream produced by wireless sensor.
  arXiv  Detail & Related papers  (2021-07-28T13:32:12Z)
• A Survey on Anomaly Detection for Technical Systems using LSTM Networks [0.0]
  Anomalies represent deviations from the intended system operation and can lead to decreased efficiency as well as partial or complete system failure. In this article, a survey on state-of-the-art anomaly detection using deep neural and especially long short-term memory networks is conducted. The investigated approaches are evaluated based on the application scenario, data and anomaly types as well as further metrics.
  arXiv  Detail & Related papers  (2021-05-28T13:24:40Z)
• Including Sparse Production Knowledge into Variational Autoencoders to Increase Anomaly Detection Reliability [3.867363075280544]
  We study using rarely occurring information about labeled anomalies into Variational Autoencoder neural network structures. This method outperforms all other models in terms of accuracy, precision, and recall.
  arXiv  Detail & Related papers  (2021-03-24T05:54:12Z)
• Robust and Transferable Anomaly Detection in Log Data using Pre-Trained Language Models [59.04636530383049]
  Anomalies or failures in large computer systems, such as the cloud, have an impact on a large number of users. We propose a framework for anomaly detection in log data, as a major troubleshooting source of system information.
  arXiv  Detail & Related papers  (2021-02-23T09:17:05Z)
• TadGAN: Time Series Anomaly Detection Using Generative Adversarial Networks [73.01104041298031]
  TadGAN is an unsupervised anomaly detection approach built on Generative Adversarial Networks (GANs) To capture the temporal correlations of time series, we use LSTM Recurrent Neural Networks as base models for Generators and Critics. To demonstrate the performance and generalizability of our approach, we test several anomaly scoring techniques and report the best-suited one.
  arXiv  Detail & Related papers  (2020-09-16T15:52:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.