Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis

Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis

Intrusion detection systems utilize the analysis of log data to effectively detect anomalies. However, detecting anomalies quickly and effectively in large and heterogeneous log data can be challenging. To address this difficulty, this study proposes the GLSTM (Graph-based Long Short-Term Memory) fr...

Full description

Bibliographic Details
Main Authors: Yuksel Celık, Yusuf Alaca, Sanjay Goel
Format: Article
Language:English
Published: Akif AKGUL 2023-11-01
Series:Chaos Theory and Applications
Subjects:
anomaly detection
graph
node2vec
deep learning
cyber security
hdfs
Online Access:https://dergipark.org.tr/en/download/article-file/3355185
Description
Summary:Intrusion detection systems utilize the analysis of log data to effectively detect anomalies. However, detecting anomalies quickly and effectively in large and heterogeneous log data can be challenging. To address this difficulty, this study proposes the GLSTM (Graph-based Long Short-Term Memory) framework, a graph-based deep learning model that analyzes log data to detect cyber-attacks rapidly and effectively. The framework involves standardizing the complex and diverse log data, training this data on an artificial intelligence model, and detecting anomalies. Initially, the complex and diverse log data is transformed into graph data using Node2Vec, enabling efficient and rapid analysis on the artificial intelligence model. Subsequently, these graph data are trained using LSTM (Long Short-Term Memory), Bi-LSTM, and GRU(Gated Recurrent Unit) deep learning algorithms. The proposed framework is tested using Hadoop’s HDFS dataset, collected from different systems and heterogeneous sources, as well as the BGL and IMDB datasets. Experimental results on the selected datasets demonstrate high levels of success.
ISSN:2687-4539

Similar Items