Automatic Graph-Based Clustering for Security Logs

Hudan Studiawan*, Christian Payne, Ferdous Sohel

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Citations (Scopus)

Abstract

Computer security events are recorded in several log files. It is necessary to cluster these logs to discover security threats, detect anomalies, or identify a particular error. A problem arises when large quantities of security log data need to be checked as existing tools do not provide sufficiently sophisticated grouping results. In addition, existing methods need user input parameters and it is not trivial to find optimal values for these. Therefore, we propose a method for the automatic clustering of security logs. First, we present a new graph-theoretic approach for security log clustering based on maximal clique percolation. Second, we add an intensity threshold to the obtained maximal clique to consider the edge weight before proceeds to the percolations. Third, we use the simulated annealing algorithm to optimize the number of percolations and intensity threshold for maximal clique percolation. The entire process is automatic and does not need any user input. Experimental results on various real-world datasets show that the proposed method achieves superior clustering results compared to other methods.

Original languageEnglish
Title of host publicationAdvanced Information Networking and Applications - Proceedings of the 33rd International Conference on Advanced Information Networking and Applications AINA-2019
EditorsTomoya Enokido, Leonard Barolli, Makoto Takizawa, Fatos Xhafa
PublisherSpringer Verlag
Pages914-926
Number of pages13
ISBN (Print)9783030150310
DOIs
Publication statusPublished - 2020
Externally publishedYes
Event33rd International Conference on Advanced Information Networking and Applications, AINA-2019 - Matsue, Japan
Duration: 27 Mar 201929 Mar 2019

Publication series

NameAdvances in Intelligent Systems and Computing
Volume926
ISSN (Print)2194-5357

Conference

Conference33rd International Conference on Advanced Information Networking and Applications, AINA-2019
Country/TerritoryJapan
CityMatsue
Period27/03/1929/03/19

Fingerprint

Dive into the research topics of 'Automatic Graph-Based Clustering for Security Logs'. Together they form a unique fingerprint.

Cite this