PPT-Experience Report: System Log Analysis for Anomaly Detection

Shilin He Jieming Zhu Pinjia He and Michael R Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Hong Kong 20161026 Background amp Motivation. -. Traffic Video Surveillance. Ziming. Zhang, . Yucheng. Zhao and . Yiwen. Wan. Outline. Introduction. &Motivation. Problem Statement. Paper Summeries. Discussion and Conclusions. What are . Anomalies?. Introduction and Use Cases. Derick . Winkworth. , Ed Henry and David Meyer. Agenda. Introduction and a Bit of History. So What Are Anomalies?. Anomaly Detection Schemes. Use Cases. Current Events. Q&A. 2. /86. Contents. Statistical . methods. parametric. non-parametric (clustering). Systems with learning. 3. /86. Anomaly detection. Establishes . profiles of normal . user/network behaviour . Compares . Problem motivation. Machine Learning. Anomaly detection example. Aircraft engine features:. . = heat generated. = vibration intensity. …. (vibration). (heat). Dataset:. New engine:. Density estimation. Craig Buchanan. University of Illinois at Urbana-Champaign. CS 598 MCC. 4/30/13. Outline. K-Nearest Neighbor. Neural Networks. Support Vector Machines. Lightweight Network Intrusion Detection (LNID). Anomaly-based . Network Intrusion . Detection (A-NIDS). by Nitish Bahadur, Gulsher Kooner, . Caitlin Kuhlman. 1. PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management [Online]. Available: . &. Intrusion . Detection Systems. 1. Intruders. Three classes of intruders:. Examples of Intrusion. Performing a remote root compromise of an e-mail server. Defacing a Web server. Guessing and cracking passwords. Detection. Carolina . Ruiz. Department of Computer Science. WPI. Slides based on . Chapter 10 of. “Introduction to Data Mining”. textbook . by Tan, Steinbach, Kumar. (all figures and some slides taken from this chapter. DETECTION. Scholar: . Andrew . Emmott. Focus: . Machine Learning. Advisors: . Tom . Dietterich. , Prasad . Tadepalli. Donors: . Leslie and Mark Workman. Acknowledgements:. Funding for my research is . System Log Analysis for Anomaly Detection. Shilin . He. ,. . Jieming. Zhu, . Pinjia. . He,. and Michael R. . Lyu. Department of Computer Science and Engineering, . The Chinese University of Hong Kong, Hong . Project Lead: . Farokh. . Bastani. , I-Ling Yen, . Latifur. Khan. Date: April 7, 2011. 2010/Current Project Overview. Self-Detection of Abnormal Event Sequences. 2. Tasks:. Prepare Cisco event sequence data for analysis tools.. 14. . World-Leading Research with Real-World Impact!. CS 5323. Outline. Anomaly detection. Facts and figures. Application. Challenges. Classification. Anomaly in Wireless.  . 2. Recent News. Hacking of Government Computers Exposed 21.5 Million People. Marek . Pawłowski. , Gerard . Frankowski. , . Marcin. . Jerzak. , . Maciej. . Miłostan. , Tomasz Nowak. Poznań. Supercomputing and Networking Center. Agenda. Introduction . System Architecture . Institute of High Energy Physics, CAS. Wang Lu (Lu.Wang@ihep.ac.cn). Agenda. Introduction. Challenges and requirements of anomaly detection in large scale storage systems . Definition and category of anomaly.