AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models

Markus Wurzenberger, Florian Skopik, Giuseppe Settanni, Roman Fiedler

Abstract

In recent years, new forms of cyber attacks with an unprecedented sophistication level have emerged. Additionally, systems have grown to a size and complexity so that their mode of operation is barely understandable any more, especially for chronically understaffed security teams. The combination of ever increasing exploitation of zero day vulnerabilities, malware auto-generated from tool kits with varying signatures, and the still problematic lack of user awareness is alarming. As a consequence signature-based intrusion detection systems, which look for signatures of known malware or malicious behavior studied in labs, do not seem fit for future challenges. New, flexibly adaptable forms of intrusion detection systems (IDS), which require just minimal maintenance and human intervention, and rather learn themselves what is considered normal in an infrastructure, are a promising means to tackle today’s serious security situation. This paper introduces ÆCID, a new anomaly-based IDS approach, that incorporates many features motivated by recent research results, including the automatic classification of events in a network, their correlation, evaluation, and interpretation up to a dynamically-configurable alerting system. Eventually, we foresee ÆCID to be a smart sensor for established SIEM solutions. Parts of ÆCID are open source and already included in Debian Linux and Ubuntu. This paper provides vital information on its basic design, deployment scenarios and application cases to support the research community as well as early adopters of the software package.

References

Download


Paper Citation


in Harvard Style

Wurzenberger M., Skopik F., Settanni G. and Fiedler R. (2018). AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 386-397. DOI: 10.5220/0006643003860397


in Bibtex Style

@conference{icissp18,
author={Markus Wurzenberger and Florian Skopik and Giuseppe Settanni and Roman Fiedler},
title={AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={386-397},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006643003860397},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models
SN - 978-989-758-282-0
AU - Wurzenberger M.
AU - Skopik F.
AU - Settanni G.
AU - Fiedler R.
PY - 2018
SP - 386
EP - 397
DO - 10.5220/0006643003860397