Access Log Anomaly Detection

Abstract

Maintaining network security is very important and tedious in today's world. Since web applications are not built on sound security methodology, they are the major target for the attackers. Analyzing access logs for detecting anomalous activities is a form of defense achieved in this paper. Anomaly detection is important because if the anomalies are not detected apriori, it may lead to hacking of the entire system. This paper is based on analyzing the stored access logs and detecting the anomalous events. Our experiment evaluates both static and dynamic logs. In dynamic implementation, the pattern matching approach is used to detect the anomalies from access logs. In Weka, the supervised neural network approach gives better anomaly prediction than unsupervised neural network approach for static logs. Maximum prediction accuracy is achieved in supervised neural networks by using Naive Bayes Multinomial Text Algorithm. Since the input attributes (logs) are strings, the use of Bayes classifier gives us a better accuracy rate while compared to other classifier algorithms. The proposed approach identifies the suspicious activities and serious anomalies that may be one of the way for the hackers to hack our system. Overall error rate of our supervised method is less than 10% and unsupervised method is approximately 30%.