Abstract
The intrusion prevention system (IPS) is a widely used security system which generates logs for the attacks blocked by it for management personnel to review and conduct further processing. However, most of the entries in the actual IPS logs are not attack entries, which makes it impossible for us to obtain the attacker’s IP through simple log analysis. The traditional log analysis methods rely on the administrator to manually analyze the log text. So it is necessary to use anomaly detection methods for analysis. The majority of existing log data-based automatic detection methods for anomalies cannot get an satisfying result while ensuring computational requirements and the interpretability of the model. This paper chose the Gaussian Mixture Model (GMM) to detect abnormal IP on the log dataset. The GMM method provides better detection results while ensuring relatively low computational requirements, and maintains the interpretability of the model. Experiments show that the ability of GMM method to detect abnormal IP is strong and the GMM is a suitable log data-based automatic detection method for detecting abnormal IP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhao, Y., Wang, X., Xiao, H., Chi, X.: Improvement of log pattern extracting algorithm using text similarity. In: International Parallel and Distributed Processing Symposium Workshops, Vancouver Canada, pp. 507–514. IEEE (2018)
Xu, K.Y., Gong, X.R., Cheng, M.C.: Audit log association rule mining based on improved apriori algorithm. Comput. Appl. 36(7), 1847–1851 (2016)
Tuor, A., Baerwolf, R., Knowles, N., et al.: Recurrent neural network language models for open vocabulary event-level cyber anomaly detection (2017)
Liu, F., Wen, Y., Zhang, D., Jiang, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: ACM SIGSAC Conference (2019)
W. Contributors. Maximum Likelihood Estimation. Internet (2015)
Gai, K., Qiu, M., Zhao, H.: Security-aware efficient mass distributed storage approach for cloud systems in big data. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (2016)
Qiu, M., Jia, Z., Xue, C., Shao, Z., Sha, E.H.M.: Voltage assignment with guaranteed probability satisfying timing constraint for real-time multiproceesor DSP. J. VLSI Sig. Process. Syst. Sig. Image Video Technol. 46, 55–73 (2007)
Zhang, Q., Huang, T., Zhu, Y., Qiu, M.: A case study of sensor data collection and analysis in smart city: provenance in smart food supply chain. Int. J. Distrib. Sens. Netw. 9(11), 382132 (2013)
Chen, M., Zhang, Y., Qiu, M., Guizani, N., Hao, Y.: SPHA Smart personal health advisor based on deep analytics. IEEE Commun. Mag. 56(3), 164–169 (2018)
Zhu, M., et al.: Public vehicles for future urban transportation. IEEE Trans. Intell. Transp. Syst. 17(12), 3344–3353 (2016)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhou, F., Qu, H. (2021). A GMM-Based Anomaly IP Detection Model from Security Logs. In: Qiu, M. (eds) Smart Computing and Communication. SmartCom 2020. Lecture Notes in Computer Science(), vol 12608. Springer, Cham. https://doi.org/10.1007/978-3-030-74717-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-74717-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-74716-9
Online ISBN: 978-3-030-74717-6
eBook Packages: Computer ScienceComputer Science (R0)