Abstract
In this paper, we propose a set of algorithms to automate the detection of anomalous frequent episodes. The algorithms make use of the hierarchy and frequency of episodes present in an examined sequence of log data and in a history preceding it. The algorithms identify changes in a set of frequent episodes and their frequencies. We evaluate the algorithms and describe tests made using live computer system log data.
Chapter PDF
Similar content being viewed by others
References
R. Agrawal et al. Fast discovery of association rules. In U.M. Fayyad et al., editors, Adv. in knowl. discovery and data mining, pages 307–328. AAAI, Menlo Park, CA, USA, 1996.
J. Boulicaut and A. Bykowski. Frequent closures as a concise representation for binary data mining. In Proc. PAKDD′00, volume 1805 of LNAI, pages 62–73, Kyoto, Japan, April 2000. Springer.
S. Forrest et al. Self-nonself discrimination in a computer. In Proc. of the 1994 IEEE Symp. on Research in Security and Privacy, Los Alamos, CA, pages 202–212. IEEE Computer Society Press, 1994.
C. Ko et al. Execution monitoring of security-critical programs in distributed systems: a specification-based approach. 1997 IEEE Symp. on Security and Privacy, 00:175–187, 1997.
T. Lane and C.E. Brodley. Sequence matching and learning in anomaly detection for computer security. In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, pages 43–49, July 1997.
H. Mannila et al. Discovering frequent episodes in sequences. In Proc. of the First Int. Conf. on Knowledge Discovery and Data Mining (KDD'95), pages 210–215, Montreal, Canada, August 1995. AAAI Press.
H. Mannila and H. Toivonen. Discovering generalized episodes using minimal occurrences. In E. Simoudis et al., editors, Proc. of the Second Int. Conf. on Knowledge Discovery and Data Mining (KDD'96), pages 146–151, Portland, Oregon, August 1996. AAAI Press.
N. Pasquier et al. Discovering frequent closed itemsets for association rules. LNCS, 1540:398– 416, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Halonen, P., Miettinen, M., Hätönen, K. (2009). Computer Log Anomaly Detection Using Frequent Episodes. In: Iliadis, Maglogiann, Tsoumakasis, Vlahavas, Bramer (eds) Artificial Intelligence Applications and Innovations III. AIAI 2009. IFIP International Federation for Information Processing, vol 296. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0221-4_49
Download citation
DOI: https://doi.org/10.1007/978-1-4419-0221-4_49
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-0220-7
Online ISBN: 978-1-4419-0221-4
eBook Packages: Computer ScienceComputer Science (R0)