Home > Research > Publications & Outputs > Event pattern discovery on IDS traces of cloud ...

Links

Text available via DOI:

View graph of relations

Event pattern discovery on IDS traces of cloud services

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Event pattern discovery on IDS traces of cloud services. / Huang, S.-Y.; Huang, Y.; Suri, Neeraj.

2014 IEEE Fourth International Conference on Big Data and Cloud Computing. IEEE, 2014. p. 25-32.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Huang, S-Y, Huang, Y & Suri, N 2014, Event pattern discovery on IDS traces of cloud services. in 2014 IEEE Fourth International Conference on Big Data and Cloud Computing. IEEE, pp. 25-32. https://doi.org/10.1109/BDCloud.2014.92

APA

Huang, S-Y., Huang, Y., & Suri, N. (2014). Event pattern discovery on IDS traces of cloud services. In 2014 IEEE Fourth International Conference on Big Data and Cloud Computing (pp. 25-32). IEEE. https://doi.org/10.1109/BDCloud.2014.92

Vancouver

Huang S-Y, Huang Y, Suri N. Event pattern discovery on IDS traces of cloud services. In 2014 IEEE Fourth International Conference on Big Data and Cloud Computing. IEEE. 2014. p. 25-32 doi: 10.1109/BDCloud.2014.92

Author

Huang, S.-Y. ; Huang, Y. ; Suri, Neeraj. / Event pattern discovery on IDS traces of cloud services. 2014 IEEE Fourth International Conference on Big Data and Cloud Computing. IEEE, 2014. pp. 25-32

Bibtex

@inproceedings{214d957481a440daad0740e78c5014ab,
title = "Event pattern discovery on IDS traces of cloud services",
abstract = "The value of Intrusion Detection System (IDS) traces is based on being able to meaningfully parse the complex data patterns appearing therein as based on the pre-defined intrusion 'detection' rule sets. As IDS traces monitor large groups of servers, large amounts of network data and also spanning a variety of patterns, efficient analytical approaches are needed to address this big heterogeneous data analysis problem. We believe that using unsupervised learning methods can help to classify data that allows analysts to find out meaningful insights and extract the value of the collected data more precisely and efficiently. This study demonstrates how the technique of growing hierarchical self-organizing maps (GHSOM) can be utilized to facilitate efficient event data analysis. For the collected IDS traces, GHSOM is used to cluster data and reveal the geometric distances between each cluster in a topological space such that the attack signatures for each cluster can be easily identified. The experimental results from a real-world IDS traces show that our proposed approach can efficiently discover several critical attack patterns and significantly reduce the size of IDS trace log which needs to be further analyzed. The proposed approach can help internet security administrators/analysts to conduct network forensics analysis, discover suspicious attack sources, and set up recovery processes to prevent previously unknown security threats such as zero-day attacks. {\textcopyright} 2014 IEEE.",
keywords = "cloud services, forensic analysis, growing hierarchical self-organizing map, internet security, intrusion detection system, Big data, Complex networks, Computer aided network analysis, Computer crime, Conformal mapping, Data handling, Distributed database systems, Information analysis, Internet, Intrusion detection, Mobile security, Network security, Self organizing maps, Unsupervised learning, Weather satellites, Web services, Cloud services, Forensic analysis, Growing hierarchical self-organizing maps, Internet security, Intrusion Detection Systems, Security of data",
author = "S.-Y. Huang and Y. Huang and Neeraj Suri",
year = "2014",
month = dec,
day = "3",
doi = "10.1109/BDCloud.2014.92",
language = "English",
pages = "25--32",
booktitle = "2014 IEEE Fourth International Conference on Big Data and Cloud Computing",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - Event pattern discovery on IDS traces of cloud services

AU - Huang, S.-Y.

AU - Huang, Y.

AU - Suri, Neeraj

PY - 2014/12/3

Y1 - 2014/12/3

N2 - The value of Intrusion Detection System (IDS) traces is based on being able to meaningfully parse the complex data patterns appearing therein as based on the pre-defined intrusion 'detection' rule sets. As IDS traces monitor large groups of servers, large amounts of network data and also spanning a variety of patterns, efficient analytical approaches are needed to address this big heterogeneous data analysis problem. We believe that using unsupervised learning methods can help to classify data that allows analysts to find out meaningful insights and extract the value of the collected data more precisely and efficiently. This study demonstrates how the technique of growing hierarchical self-organizing maps (GHSOM) can be utilized to facilitate efficient event data analysis. For the collected IDS traces, GHSOM is used to cluster data and reveal the geometric distances between each cluster in a topological space such that the attack signatures for each cluster can be easily identified. The experimental results from a real-world IDS traces show that our proposed approach can efficiently discover several critical attack patterns and significantly reduce the size of IDS trace log which needs to be further analyzed. The proposed approach can help internet security administrators/analysts to conduct network forensics analysis, discover suspicious attack sources, and set up recovery processes to prevent previously unknown security threats such as zero-day attacks. © 2014 IEEE.

AB - The value of Intrusion Detection System (IDS) traces is based on being able to meaningfully parse the complex data patterns appearing therein as based on the pre-defined intrusion 'detection' rule sets. As IDS traces monitor large groups of servers, large amounts of network data and also spanning a variety of patterns, efficient analytical approaches are needed to address this big heterogeneous data analysis problem. We believe that using unsupervised learning methods can help to classify data that allows analysts to find out meaningful insights and extract the value of the collected data more precisely and efficiently. This study demonstrates how the technique of growing hierarchical self-organizing maps (GHSOM) can be utilized to facilitate efficient event data analysis. For the collected IDS traces, GHSOM is used to cluster data and reveal the geometric distances between each cluster in a topological space such that the attack signatures for each cluster can be easily identified. The experimental results from a real-world IDS traces show that our proposed approach can efficiently discover several critical attack patterns and significantly reduce the size of IDS trace log which needs to be further analyzed. The proposed approach can help internet security administrators/analysts to conduct network forensics analysis, discover suspicious attack sources, and set up recovery processes to prevent previously unknown security threats such as zero-day attacks. © 2014 IEEE.

KW - cloud services

KW - forensic analysis

KW - growing hierarchical self-organizing map

KW - internet security

KW - intrusion detection system

KW - Big data

KW - Complex networks

KW - Computer aided network analysis

KW - Computer crime

KW - Conformal mapping

KW - Data handling

KW - Distributed database systems

KW - Information analysis

KW - Internet

KW - Intrusion detection

KW - Mobile security

KW - Network security

KW - Self organizing maps

KW - Unsupervised learning

KW - Weather satellites

KW - Web services

KW - Cloud services

KW - Forensic analysis

KW - Growing hierarchical self-organizing maps

KW - Internet security

KW - Intrusion Detection Systems

KW - Security of data

U2 - 10.1109/BDCloud.2014.92

DO - 10.1109/BDCloud.2014.92

M3 - Conference contribution/Paper

SP - 25

EP - 32

BT - 2014 IEEE Fourth International Conference on Big Data and Cloud Computing

PB - IEEE

ER -