User Tools

Site Tools

Action unknown: copypageplugin__copy

6a.010.DU - Log-Based Anomaly Detection Through Correlation & Behavior Analysis for Cybersecurity

Project - Summary

Anomaly correlation analysis for cybersecurity aims to discover correlated cyber activity patterns that exhibit notable departure from common patterns. For example, botnet is a distributed software that runs coordinated programs over target websites to perform malicious tasks like skewing website statistics, price scraping, spam distribution, DOS attack, etc. Discovering bot activities can help prevent significant economic losses for many enterprises that rely their business on websites. Although log data have been commonly leveraged for cyber anomaly detection, current methods are typically batch-based and not able to perform real-time detection on large-volume streaming data. Moreover, low-level or hardware-related information is usually part of the analysis, where such information is sometimes sensitive and needs additional effort to collect and pre-process. To overcome these limitations, our project aims to formulate general methods that discover anomalies based on application-level logs, such like Apache logs for website servers. The application-level logs are provided by applications that host certain network services, usually nearly structured and readily available for data analysis. The objectives of this project mainly include: 1) design novel methods to discover correlated anomalies from large-volume streaming log data; 2) design methods to understand the purpose of those anomalies, providing rich information for better management decision.

Project - Team

Team Member Role Email Phone Number Academic Site/IAB
Xiaohua Tony Hu PI Not available (215) 895-0551 Drexel University
Zheng Chen Student Researcher (215) 939-5997 Drexel University
Chris Page Project Mentor GlaxoSmithKline (GSK)

Project - Deliverables

1 A software that simulates bot/botnet visits on a website.
2 A novel Lanczos-iteration based algorithm to detect correlated anomalies from streaming server log data.
3 A novel Markov-chain based behavior model to detect single anomalies from streaming server log data.
4 Scientific publication.

Project - Presentation Video

Project - Documents

FilenameFilesizeLast modified
6a.010.du_ppt_presentation.pptx2.5 MiB2019/08/14 15:32
6a.010.du_executive_summary_revised.docx51.9 KiB2019/08/14 15:32
6a.010.du_poster_ppt.pptx259.9 KiB2019/08/14 15:32
6a.010.du_confluence_project_page.pdf151.0 KiB2019/08/14 15:32
6a.010.du_quad_chart.pptx673.5 KiB2019/08/14 15:32
6a.010.du_log-based_anomaly_detection_poster_2017_fall_meeting.pptx150.8 KiB2019/08/14 15:32
6a.010.du_poster_pdf.pdf423.7 KiB2019/08/14 15:32
6a.010.du_cvdi_mid-year_report.docx234.8 KiB2019/08/14 15:32
6a.010.du_executive_summary_original.docx51.8 KiB2019/08/14 15:32
projects/year6/6a.010.du.txt · Last modified: 2019/08/14 16:10 by sally.johnson