Anomaly Detection for Web Log Data Analysis: A Review

Main Article Content

Meena Siwach, Dr. Suman Mann

Abstract

Many methods have been developed to protect web servers against attacks. Anomaly detection methods rely on generic user models and application behaviour, which interpret departures as indications of potentially dangerous behavior from the established pattern. In this paper, we conducted the use of a systematic review of the anomaly detection methods to prevent and identify web assaults; in particular, we utilised Kitchenham's standard approach for conducting a organized analysis of literature in the computer science area. There are 8041 peer-reviewed publications published in major journals. This technique is used to 88 articles. This page outlines the processes taken to perform this systematic review, as well as the findings and conclusions made. The majority of logs are utilised for anonymous detection and recording system runtime data. Developers (or operators) used to manually examine logs by looking for keywords and matching rules. However, as the size and complexity of contemporary systems grows, the number of logs grows exponentially, making manual testing unfeasible. Many techniques of anomaly identification for automated log analysis have been suggested to minimise manual work. However, due to a lack of evaluations and comparisons of various anomaly detection techniques, engineers may still decide which detection methods should not be used. Furthermore, even if engineers use an unusual detection technique, re-implementation will take a lifetime. We offer a comprehensive analysis and evaluation of six existing log-based detection techniques, including three monitored and three unchecked modes, as well as an open toolkit that allows for simple reuse, to address these problems. These techniques were evaluated on two production log databases produced by the public, with a total of 15,923,592 log messages and 365,298 anomaly cases. We think that our work, as well as the testing results and associated discoveries, may be used as guidelines for adopting these strategies and as a source of inspiration for future research.

Article Details

Section
Articles