Federated anomaly detection for log-based defense systems

dc.contributor.advisorDAĞ, HASANen_US
dc.contributor.authorÜNAL, UĞUR
dc.contributor.authorDağ, Hasan
dc.date2022-04
dc.date.accessioned2023-07-27T08:54:05Z
dc.date.available2023-07-27T08:54:05Z
dc.date.issued2022
dc.departmentEnstitüler, Lisansüstü Eğitim Enstitüsü, İşletme Ana Bilim Dalıen_US
dc.description.abstractThe adaptation of Industry 4.0 and IoT creates a vast network which opens up various new vulnerabilities to systems. Increasing number of cyber attacks becomes more sophisticated which impedes functionality of enterprises and critical infrastructures. Malfunctioning of the services of these systems can cause catastrophic results considering wealth and well-being of a society. Organizations need an intelligent defense system which is adaptable to newer threats to create rapid solutions. Anomaly detection is widely adopted protection step and is significant for ensuring a system security. Logs, which are accepted sources universally, are utilized in debugging, system health monitoring, user authorization and access control systems and intrusion detection systems. Recent developments in Deep Learning (DL) and Natural Language Processing (NLP) show that contextual information decreases false-positives yield in detection of anomalous behaviors. Additionally, decentralization and exponentially increased number of data sources make traditional machine learning algorithms impractical. Federated Learning (FL) brings a solution to overcome decentralization and privacy issues. It aims to employ participating devices to learn from own data and sending local models for global convergence over secure communication. FL provides data security and decreases communication cost greatly, since local data is not transported to a central server. In a volatile cyber domain, it is a necessity to take a quick precautions for potential threats. The benefits of FL ensure building a defense system which provides realtime detection of cyber attacks. In this thesis, we propose a novel anomaly detection model and risk-adaptive feder ated approach. First, AnomalyAdapters (AAs) which is an extensible multi-anomaly task detection model. It uses pretrained transformers’ variant to encode log sequences and utilizes adapters to learn a log structure and anomaly types. Adapterbased approach collects contextual information, eliminates information loss in learn ing, and learns anomaly detection tasks from different log sources without overuse of parameters. Moreover, evaluation of this work elucidates the decision making process of the proposed model on different log datasets to emphasize extraction of threat data via explainability experiments. Lastly, Risk-adaptive anomaly detection with federated learning (FedRA) which is based on the idea of Spreading Phenomena. It decentralizes the aforementioned detection approach and adapts weighting of shared parameters to ensure capturing incoming cyber attacks in a timely manner.en_US
dc.identifier.urihttps://hdl.handle.net/20.500.12469/4408
dc.identifier.yoktezid740901en_US
dc.language.isoenen_US
dc.publisherKadir Has Üniversitesien_US
dc.relation.publicationcategoryTezen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectSystem Logsen_US
dc.subjectNatural Language Processingen_US
dc.subjectAnomaly Detectionen_US
dc.titleFederated anomaly detection for log-based defense systemsen_US
dc.typeDoctoral Thesisen_US
dspace.entity.typePublication
relation.isAuthorOfPublicatione02bc683-b72e-4da4-a5db-ddebeb21e8e7
relation.isAuthorOfPublication.latestForDiscoverye02bc683-b72e-4da4-a5db-ddebeb21e8e7

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Uğur_Ünal.pdf
Size:
1 MB
Format:
Adobe Portable Document Format
Description:
Federated Anomaly Detection for Log-Based Defense Systems

Collections