Abstract
An intrusion can be defined as a group of actions or events that try to compromise the confidentiality, integrity, and availability of a computer system. An intrusion detection system records information about certain events and produces reports for the administrators in the real time by analyzing the data obtained from the events. The objective of this paper is to find abnormal activity patterns of users from a huge amount of semi-structured server log file. The system analyzes the log data by using an open-source framework named Hadoop. At the end, results will be visualized using RStudio. The output plots will help in differentiating between the normal users and the intruders in a particular network. After getting the intruders’ data, the network administrators can observe and react accordingly to minimize the further loss in that network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Naorem, S., Sharma, A.: An overview of intrsuion detection system. Int. J. Res. Appl. Sci. Eng. Tech. (IJRASET) 3(VI), (2015)
Jyothsna, V., Prasad, V.V.R.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. (0975–8887) 28(7), 26–35 (2011)
Neville, S.W. : A research facility for evaluating cyber-security approaches within corporate-scale networks and under operational conditions. In: IEEE Pacific Rim Conference on Communications, Computers and signal Processing, pp. 466–469 (2005)
Messaoud, B.I.D.,Karim G., Wahbi, M., Sadik1, M.: Advanced Persistent Threat - new analysis driven by life cycle phases and their challenges. In: International Conference on Advanced Communication Systems and Information Security (ACOSIS), pp. 1–6 (2016)
Subramaniyaswamy, V., Vijayakumar, V., Logesh, R., Indragandhi, V.: Unstructured data analysis on big data using map reduce. In: 2nd International Symposium on Big Data and Cloud Computing (ISBCC–15), pp. 456–465 (2015)
Jin, H., Xiangn, G., Zou, D. et al.: A VMM-based intrusion prevention system in cloud computing environment. J. Supercomput. pp. 1–19 (2011)
Salek, Z., Madani, F.M.: Multi-level Intrusion detection system in cloud environment based on trust level. In: 6th International Conference on Computer and Knowledge Engineering (ICCKE 2016), pp. 94–99 (2016)
Anuraj, S., Premalatha, P., Gireesh Kumar, T.: High speed network intrusion detection system using FPGA. In: Proceedings of the Second International Conference on Computer and Communication Technologies: IC3T 2015, vol. 1, pp. 187–194 (2016)
Jose, A.E., Gireesh kumar, T.: Gigabit network intrusion detection system using extended bloom filter in reconfigurable hardware. In: Proceedings of the Second International Conference on Computer and Communication Technologies, pp. 11–19 (2016)
Das, V., Pathak, V., Sharma, S., Srikanth, M.V.V.N.S., Gireesh, K.T.: Network intrusion detection system based on machine learning algorithms. Int. J. Comput. Sci. Inf. Tech. (IJCSIT) 2, (2010)
Abzetdin, A.: Data mining and analysis in depth. case study of Qafqaz university HTTP server log analysis. In: IEEE 8th International Conference on Application of Information and Communication Technologies (AICT), pp. 1–4 (2014)
SayaJee, N., Baraskar, T., Mukhopadhyay, D.: Analyzing web application log files to find hit count through the utilization of hadoop map reduce in cloud computing environment. In: IT in Business, Industry and Government (CSIBIG), pp. 1–7 (2014)
Modern cyber attacks. https://www.wired.com/story/2017-biggest-hacks-so-far/
Mohurle, S., Patil, M.: A brief study of wannacry threat: ransomware attack. Int. J. 8(5), (2017)
Vukalović, J., Delija, D.: Advanced persistent threats – detection and defense. In: 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1324–1330 (2015)
White, T.: Hadoop the definitive guide. O’Reilly media (2015)
Apache log file structure. https://httpd.apache.org/docs/1.3/logs.html
Hadoop single node cluster. https://www.dezyre.com/article/hadoop-2-0-yarn-framework-the-gateway-to-easier-programming-for-hadoop-users/84
R-studio cheatsheet for sample plot visualization. https://www.rstudio.com/wp-content/uploads/2015/03/ggplot2-cheatsheet.pdf
Honeypot. https://ru.wikipedia.org/wiki/Honeypot
Egupov, A.A., Zareshin, S.V., Yadikin, I.M., Silnov, D.S.: Development and implementation of a honeypot trap. In: IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 382–385 (2017)
Albashir, A.A.A.N.: Detecting unknown vulnerabilities using honeynet. In: First International Conference on Anti-Cybercrime (ICACC), pp. 1–4 (2015)
Aathira, K.S., Nath, H.V., Kutty, T.N., Gireesh, K.T.: Low budget honeynet creation and implementation for Nids and Nips. Int. J. Comput. Netw. Secur. (IJCNS) 2(8), 27–32 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sai Charan, P. (2019). Abnormal User Pattern Detection Using Semi-structured Server Log File Analysis. In: Satapathy, S., Bhateja, V., Das, S. (eds) Smart Intelligent Computing and Applications . Smart Innovation, Systems and Technologies, vol 104. Springer, Singapore. https://doi.org/10.1007/978-981-13-1921-1_10
Download citation
DOI: https://doi.org/10.1007/978-981-13-1921-1_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1920-4
Online ISBN: 978-981-13-1921-1
eBook Packages: EngineeringEngineering (R0)