TY - JOUR
T1 - Anomalous Event Sequence Detection
AU - Dong, Boxiang
AU - Chen, Zhengzhang
AU - Tang, Lu An
AU - Chen, Haifeng
AU - Wang, Hui
AU - Zhang, Kai
AU - Lin, Ying
AU - Li, Zhichun
N1 - Publisher Copyright:
© 2001-2011 IEEE.
PY - 2021/5/1
Y1 - 2021/5/1
N2 - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.
AB - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.
KW - anomaly detection
KW - graph mining
KW - intrusion detection
KW - sequence discovery
UR - http://www.scopus.com/inward/record.url?scp=85097391093&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097391093&partnerID=8YFLogxK
U2 - 10.1109/MIS.2020.3041174
DO - 10.1109/MIS.2020.3041174
M3 - Article
AN - SCOPUS:85097391093
SN - 1541-1672
VL - 36
SP - 5
EP - 13
JO - IEEE Intelligent Systems
JF - IEEE Intelligent Systems
IS - 3
M1 - 9272840
ER -