Performance evaluation of anomaly detection in imbalanced system log data

Hudan Studiawan, Ferdous Sohel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Citations (Scopus)

Abstract

An administrator needs to examine operating system log files for any anomalous events. In real-life log data, the number of anomalies is often smaller than the normal ones. This imbalance situation affects the performance of the anomaly detectors because a large number of normal events feed the training of the classifier. In this paper, we evaluate popular machine learning methods and consider this problem of data imbalance. We compare data oversampling and undersampling approaches before inputting them to the classifier. Experimental results demonstrate that by taking data imbalance into consideration, there is an improvement in the method performance in terms of precision and recall scores.

Original languageEnglish
Title of host publicationProceedings of the World Conference on Smart Trends in Systems, Security and Sustainability, WS4 2020
EditorsXin-She Yang, Simon James Fong, Segundo Moises Toapanta, Ion Andronache, Niko Phillips
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages239-246
Number of pages8
ISBN (Electronic)9781728168234
DOIs
Publication statusPublished - Jul 2020
Event2020 World Conference on Smart Trends in Systems, Security and Sustainability, WS4 2020 - Virtual, London, United Kingdom
Duration: 27 Jul 202028 Jul 2020

Publication series

NameProceedings of the World Conference on Smart Trends in Systems, Security and Sustainability, WS4 2020

Conference

Conference2020 World Conference on Smart Trends in Systems, Security and Sustainability, WS4 2020
Country/TerritoryUnited Kingdom
CityVirtual, London
Period27/07/2028/07/20

Keywords

  • Anomaly detection
  • Imbalanced data
  • Machine learning
  • System logs

Fingerprint

Dive into the research topics of 'Performance evaluation of anomaly detection in imbalanced system log data'. Together they form a unique fingerprint.

Cite this