TY - GEN
T1 - Automatic Graph-Based Clustering for Security Logs
AU - Studiawan, Hudan
AU - Payne, Christian
AU - Sohel, Ferdous
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Computer security events are recorded in several log files. It is necessary to cluster these logs to discover security threats, detect anomalies, or identify a particular error. A problem arises when large quantities of security log data need to be checked as existing tools do not provide sufficiently sophisticated grouping results. In addition, existing methods need user input parameters and it is not trivial to find optimal values for these. Therefore, we propose a method for the automatic clustering of security logs. First, we present a new graph-theoretic approach for security log clustering based on maximal clique percolation. Second, we add an intensity threshold to the obtained maximal clique to consider the edge weight before proceeds to the percolations. Third, we use the simulated annealing algorithm to optimize the number of percolations and intensity threshold for maximal clique percolation. The entire process is automatic and does not need any user input. Experimental results on various real-world datasets show that the proposed method achieves superior clustering results compared to other methods.
AB - Computer security events are recorded in several log files. It is necessary to cluster these logs to discover security threats, detect anomalies, or identify a particular error. A problem arises when large quantities of security log data need to be checked as existing tools do not provide sufficiently sophisticated grouping results. In addition, existing methods need user input parameters and it is not trivial to find optimal values for these. Therefore, we propose a method for the automatic clustering of security logs. First, we present a new graph-theoretic approach for security log clustering based on maximal clique percolation. Second, we add an intensity threshold to the obtained maximal clique to consider the edge weight before proceeds to the percolations. Third, we use the simulated annealing algorithm to optimize the number of percolations and intensity threshold for maximal clique percolation. The entire process is automatic and does not need any user input. Experimental results on various real-world datasets show that the proposed method achieves superior clustering results compared to other methods.
UR - http://www.scopus.com/inward/record.url?scp=85063989018&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-15032-7_77
DO - 10.1007/978-3-030-15032-7_77
M3 - Conference contribution
AN - SCOPUS:85063989018
SN - 9783030150310
T3 - Advances in Intelligent Systems and Computing
SP - 914
EP - 926
BT - Advanced Information Networking and Applications - Proceedings of the 33rd International Conference on Advanced Information Networking and Applications AINA-2019
A2 - Enokido, Tomoya
A2 - Barolli, Leonard
A2 - Takizawa, Makoto
A2 - Xhafa, Fatos
PB - Springer Verlag
T2 - 33rd International Conference on Advanced Information Networking and Applications, AINA-2019
Y2 - 27 March 2019 through 29 March 2019
ER -