Anomaly detection in operating system logs with deep Learning-based sentiment analysis

H. Studiawan; F. Sohel; C. Payne

doi:10.1109/TDSC.2020.3037903

Back

Anomaly detection in operating system logs with deep Learning-based sentiment analysis

Journal article

Peer reviewed

Anomaly detection in operating system logs with deep Learning-based sentiment analysis

H. Studiawan, F. Sohel and C. Payne

IEEE Transactions on Dependable and Secure Computing, Vol.18(5), pp.2136-2148

2020

DOI: https://doi.org/10.1109/TDSC.2020.3037903

Files and links (1)

url

Link to Published Version *Subscription may be requiredView

Abstract

The purpose of sentiment analysis is to detect an opinion or polarity in text data. We can apply such an analysis to detect negative sentiment, which represents the anomalous activities in operating system (OS) logs. Existing methods involve manual searching, predefined rules, or traditional machine learning techniques to detect such suspicious events. In this work, we propose a novel deep learning-based sentiment analysis technique to check whether there are anomalous activities in OS logs. Log messages are modeled as sentences and we identify the sentiments using the gated recurrent unit (GRU) networks. OS log datasets inherently have a class imbalance in the sense that the number of negative sentiment is much lower than that of the number of positive ones. In order to address the class imbalance, we build a GRU layer on top of a class imbalance solver using the Tomek link method. Experimental results demonstrate that the proposed method can detect anomalous events in OS logs with an overall F1 and accuracy of 99.84% and 99.93%, respectively.

Details

Title: Anomaly detection in operating system logs with deep Learning-based sentiment analysis
Authors/Creators: H. Studiawan (Author/Creator) - Murdoch University
F. Sohel (Author/Creator) - Sepuluh Nopember Institute of Technology
C. Payne (Author/Creator) - Sepuluh Nopember Institute of Technology
Publication Details: IEEE Transactions on Dependable and Secure Computing, Vol.18(5), pp.2136-2148
Publisher: IEEE
Identifiers: 991005541861407891
Murdoch Affiliation: Information Technology, Mathematics and Statistics
Language: English
Resource Type: Journal article

Metrics

100 Record Views

44 Times Cited - Web of Science

InCites Highlights

These are selected metrics from InCites Benchmarking & Analytics tool, related to this output

Collaboration types: Domestic collaboration; International collaboration
Citation topics: 4 Electrical Engineering, Electronics & Computer Science; 4.47 Software Engineering; 4.47.2804 Microservices Diagnostics
Web Of Science research areas: Computer Science, Hardware & Architecture; Computer Science, Information Systems; Computer Science, Software Engineering
ESI research areas: Computer Science