SigML++: Supervised Log Anomaly with Probabilistic Polynomial Approximation

IF 1.8 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Cryptography Pub Date : 2023-10-19 DOI:10.3390/cryptography7040052

Devharsh Trivedi, Aymen Boudguiga, Nesrine Kaaniche, Nikos Triandopoulos

{"title":"SigML++: Supervised Log Anomaly with Probabilistic Polynomial Approximation","authors":"Devharsh Trivedi, Aymen Boudguiga, Nesrine Kaaniche, Nikos Triandopoulos","doi":"10.3390/cryptography7040052","DOIUrl":null,"url":null,"abstract":"Security log collection and storage are essential for organizations worldwide. Log analysis can help recognize probable security breaches and is often required by law. However, many organizations commission log management to Cloud Service Providers (CSPs), where the logs are collected, processed, and stored. Existing methods for log anomaly detection rely on unencrypted (plaintext) data, which can be a security risk. Logs often contain sensitive information about an organization or its customers. A more secure approach is always to keep logs encrypted (ciphertext). This paper presents “SigML++”, an extension of “SigML” for supervised log anomaly detection on encrypted data. SigML++ uses Fully Homomorphic Encryption (FHE) according to the Cheon–Kim–Kim–Song (CKKS) scheme to encrypt the logs and then uses an Artificial Neural Network (ANN) to approximate the sigmoid (σ(x)) activation function probabilistically for the intervals [−10,10] and [−50,50]. This allows SigML++ to perform log anomaly detection without decrypting the logs. Experiments show that SigML++ can achieve better low-order polynomial approximations for Logistic Regression (LR) and Support Vector Machine (SVM) than existing methods. This makes SigML++ a promising new approach for secure log anomaly detection.","PeriodicalId":36072,"journal":{"name":"Cryptography","volume":null,"pages":null},"PeriodicalIF":1.8000,"publicationDate":"2023-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/cryptography7040052","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Security log collection and storage are essential for organizations worldwide. Log analysis can help recognize probable security breaches and is often required by law. However, many organizations commission log management to Cloud Service Providers (CSPs), where the logs are collected, processed, and stored. Existing methods for log anomaly detection rely on unencrypted (plaintext) data, which can be a security risk. Logs often contain sensitive information about an organization or its customers. A more secure approach is always to keep logs encrypted (ciphertext). This paper presents “SigML++”, an extension of “SigML” for supervised log anomaly detection on encrypted data. SigML++ uses Fully Homomorphic Encryption (FHE) according to the Cheon–Kim–Kim–Song (CKKS) scheme to encrypt the logs and then uses an Artificial Neural Network (ANN) to approximate the sigmoid (σ(x)) activation function probabilistically for the intervals [−10,10] and [−50,50]. This allows SigML++ to perform log anomaly detection without decrypting the logs. Experiments show that SigML++ can achieve better low-order polynomial approximations for Logistic Regression (LR) and Support Vector Machine (SVM) than existing methods. This makes SigML++ a promising new approach for secure log anomaly detection.

查看原文本刊更多论文

基于概率多项式逼近的有监督日志异常

安全日志收集和存储对于世界各地的组织都是必不可少的。日志分析可以帮助识别可能的安全漏洞，并且通常是法律所要求的。但是，许多组织将日志管理委托给云服务提供商(csp)，由csp收集、处理和存储日志。现有的日志异常检测方法依赖于未加密的(明文)数据，这可能存在安全风险。日志通常包含有关组织或其客户的敏感信息。更安全的方法是始终对日志进行加密(密文)。本文提出了“SigML++”，这是对“SigML”的扩展，用于对加密数据进行监督日志异常检测。SigML++使用完全同态加密(FHE)根据Cheon-Kim-Kim-Song (CKKS)方案对日志进行加密，然后使用人工神经网络(ANN)对区间[−10,10]和[−50,50]的sigmoid (σ(x))激活函数进行概率近似。这允许SigML++在不解密日志的情况下执行日志异常检测。实验表明，与现有方法相比，SigML++可以更好地实现逻辑回归(LR)和支持向量机(SVM)的低阶多项式逼近。这使得SigML++成为安全日志异常检测的一种很有前途的新方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cryptography Mathematics-Applied Mathematics

CiteScore

3.80

自引率

6.20%

发文量

审稿时长

11 weeks