TY - JOUR
T1 - SigML++
T2 - Supervised Log Anomaly with Probabilistic Polynomial Approximation†
AU - Trivedi, Devharsh
AU - Boudguiga, Aymen
AU - Kaaniche, Nesrine
AU - Triandopoulos, Nikos
N1 - Publisher Copyright:
© 2023 by the authors.
PY - 2023/12
Y1 - 2023/12
N2 - Security log collection and storage are essential for organizations worldwide. Log analysis can help recognize probable security breaches and is often required by law. However, many organizations commission log management to Cloud Service Providers (CSPs), where the logs are collected, processed, and stored. Existing methods for log anomaly detection rely on unencrypted (plaintext) data, which can be a security risk. Logs often contain sensitive information about an organization or its customers. A more secure approach is always to keep logs encrypted (ciphertext). This paper presents “SigML++”, an extension of “SigML” for supervised log anomaly detection on encrypted data. SigML++ uses Fully Homomorphic Encryption (FHE) according to the Cheon–Kim–Kim–Song (CKKS) scheme to encrypt the logs and then uses an Artificial Neural Network (ANN) to approximate the sigmoid ((Formula presented.)) activation function probabilistically for the intervals (Formula presented.) and (Formula presented.). This allows SigML++ to perform log anomaly detection without decrypting the logs. Experiments show that SigML++ can achieve better low-order polynomial approximations for Logistic Regression (LR) and Support Vector Machine (SVM) than existing methods. This makes SigML++ a promising new approach for secure log anomaly detection.
AB - Security log collection and storage are essential for organizations worldwide. Log analysis can help recognize probable security breaches and is often required by law. However, many organizations commission log management to Cloud Service Providers (CSPs), where the logs are collected, processed, and stored. Existing methods for log anomaly detection rely on unencrypted (plaintext) data, which can be a security risk. Logs often contain sensitive information about an organization or its customers. A more secure approach is always to keep logs encrypted (ciphertext). This paper presents “SigML++”, an extension of “SigML” for supervised log anomaly detection on encrypted data. SigML++ uses Fully Homomorphic Encryption (FHE) according to the Cheon–Kim–Kim–Song (CKKS) scheme to encrypt the logs and then uses an Artificial Neural Network (ANN) to approximate the sigmoid ((Formula presented.)) activation function probabilistically for the intervals (Formula presented.) and (Formula presented.). This allows SigML++ to perform log anomaly detection without decrypting the logs. Experiments show that SigML++ can achieve better low-order polynomial approximations for Logistic Regression (LR) and Support Vector Machine (SVM) than existing methods. This makes SigML++ a promising new approach for secure log anomaly detection.
KW - fully homomorphic encryption
KW - log anomaly detection
KW - private machine learning
KW - probabilistic polynomial approximation
KW - sigmoid function approximation
KW - supervised machine learning
UR - http://www.scopus.com/inward/record.url?scp=85180442294&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85180442294&partnerID=8YFLogxK
U2 - 10.3390/cryptography7040052
DO - 10.3390/cryptography7040052
M3 - Article
AN - SCOPUS:85180442294
VL - 7
JO - Cryptography
JF - Cryptography
IS - 4
M1 - 52
ER -