Page-based anomaly detection in large scale web clusters using adaptive MapReduce

Junsup Lee; Sungdeok Cha

doi:10.1007/978-3-540-87403-4_28

Page-based anomaly detection in large scale web clusters using adaptive MapReduce

Junsup Lee, Sungdeok Cha

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

While anomaly detection systems typically work on single server, most commercial web sites operate cluster environments, and user queries trigger transactions scattered through multiple servers. For this reason, anomaly detectors in a same server farm should communicate with each other to integrate their partial profile. In this paper, we describe a real-time distributed anomaly detection system that can deal with over one billion transactions per day. In our system, base on Google MapReduce algorithm, an anomaly detector in each node shares profiles of user behaviors and propagates intruder information to reduce false alarms. We evaluated our system using web log data from www.microsoft.com. The web log data, about 250GB in size, contains over one billion transactions recorded in a day.

Original language	English
Title of host publication	Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings
Pages	404-405
Number of pages	2
DOIs	https://doi.org/10.1007/978-3-540-87403-4_28
Publication status	Published - 2008
Event	Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings - Cambridge, MA, United States Duration: 2008 Sept 15 → 2008 Sept 17

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5230 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings
Country/Territory	United States
City	Cambridge, MA
Period	08/9/15 → 08/9/17

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-87403-4_28

Cite this

Lee, J., & Cha, S. (2008). Page-based anomaly detection in large scale web clusters using adaptive MapReduce. In Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings (pp. 404-405). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5230 LNCS). https://doi.org/10.1007/978-3-540-87403-4_28

Page-based anomaly detection in large scale web clusters using adaptive MapReduce. / Lee, Junsup; Cha, Sungdeok.
Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings. 2008. p. 404-405 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5230 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, J & Cha, S 2008, Page-based anomaly detection in large scale web clusters using adaptive MapReduce. in Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5230 LNCS, pp. 404-405, Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings, Cambridge, MA, United States, 08/9/15. https://doi.org/10.1007/978-3-540-87403-4_28

Lee J, Cha S. Page-based anomaly detection in large scale web clusters using adaptive MapReduce. In Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings. 2008. p. 404-405. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-87403-4_28

@inproceedings{b5e8637d6ba84e4f8807516df286b6fa,

title = "Page-based anomaly detection in large scale web clusters using adaptive MapReduce",

abstract = "While anomaly detection systems typically work on single server, most commercial web sites operate cluster environments, and user queries trigger transactions scattered through multiple servers. For this reason, anomaly detectors in a same server farm should communicate with each other to integrate their partial profile. In this paper, we describe a real-time distributed anomaly detection system that can deal with over one billion transactions per day. In our system, base on Google MapReduce algorithm, an anomaly detector in each node shares profiles of user behaviors and propagates intruder information to reduce false alarms. We evaluated our system using web log data from www.microsoft.com. The web log data, about 250GB in size, contains over one billion transactions recorded in a day.",

author = "Junsup Lee and Sungdeok Cha",

year = "2008",

doi = "10.1007/978-3-540-87403-4_28",

language = "English",

isbn = "354087402X",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "404--405",

booktitle = "Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings",

note = "Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings ; Conference date: 15-09-2008 Through 17-09-2008",

}

TY - GEN

T1 - Page-based anomaly detection in large scale web clusters using adaptive MapReduce

AU - Lee, Junsup

AU - Cha, Sungdeok

PY - 2008

Y1 - 2008

N2 - While anomaly detection systems typically work on single server, most commercial web sites operate cluster environments, and user queries trigger transactions scattered through multiple servers. For this reason, anomaly detectors in a same server farm should communicate with each other to integrate their partial profile. In this paper, we describe a real-time distributed anomaly detection system that can deal with over one billion transactions per day. In our system, base on Google MapReduce algorithm, an anomaly detector in each node shares profiles of user behaviors and propagates intruder information to reduce false alarms. We evaluated our system using web log data from www.microsoft.com. The web log data, about 250GB in size, contains over one billion transactions recorded in a day.

AB - While anomaly detection systems typically work on single server, most commercial web sites operate cluster environments, and user queries trigger transactions scattered through multiple servers. For this reason, anomaly detectors in a same server farm should communicate with each other to integrate their partial profile. In this paper, we describe a real-time distributed anomaly detection system that can deal with over one billion transactions per day. In our system, base on Google MapReduce algorithm, an anomaly detector in each node shares profiles of user behaviors and propagates intruder information to reduce false alarms. We evaluated our system using web log data from www.microsoft.com. The web log data, about 250GB in size, contains over one billion transactions recorded in a day.

UR - http://www.scopus.com/inward/record.url?scp=56749160523&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=56749160523&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-87403-4_28

DO - 10.1007/978-3-540-87403-4_28

M3 - Conference contribution

AN - SCOPUS:56749160523

SN - 354087402X

SN - 9783540874027

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 404

EP - 405

BT - Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings

T2 - Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings

Y2 - 15 September 2008 through 17 September 2008

ER -

Page-based anomaly detection in large scale web clusters using adaptive MapReduce

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this