Anomaly Detection in System Event Logs

Simple item page
dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorKallunki, Jouni
dc.contributor.authorLomagin, Egor
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorIlin, Alexander
dc.date.accessioned2019-10-27T19:47:14Z
dc.date.available2019-10-27T19:47:14Z
dc.date.issued2019-10-21
dc.description.abstractIn this work, we explore approaches for detecting anomalies in system event logs. We define the system log anomaly detection problem and research existing methods. We apply the methods to a practical task of detecting anomalous events in logs of file behavior analysis sandbox. To validate results and compare methods we calculate quality metrics on a manually labeled dataset. First, we try an approach based on calculating event document frequency and use it as a baseline. We improve it by creating an event normalization algorithm and significantly reducing the number of false positives. After that, we implement a different approach that involves extracting event features and training random forest and logistic regression models to model a probability of an event belonging to a clean or anomalous log. Finally, we create a sequence model based on a recurrent neural network and use it to detect anomalies in event sequences.en
dc.format.extent46 + 8
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/40868
dc.identifier.urnURN:NBN:fi:aalto-201910275872
dc.language.isoenen
dc.programmeMaster's Programme in ICT Innovationfi
dc.programme.majorData sciencefi
dc.programme.mcodeSCI3095fi
dc.subject.keywordanomaly detectionen
dc.subject.keywordevent logsen
dc.subject.keywordmachine learningen
dc.subject.keyworddeep learningen
dc.titleAnomaly Detection in System Event Logsen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessno

Files

Collections

[dipl] Perustieteiden korkeakoulu / SCI