Abstract
The emergence of technological innovations brings sophisticated threats. Cyberattacks are increasing day by day aligned with these innovations and entails rapid solutions for defense mechanisms. These attacks may hinder enterprise operations or more importantly, interrupt critical infrastructure systems, that are essential to safety, security, and well-being of a society. Anomaly detection, as a protection step, is significant for ensuring a system security. Logs, which are accepted sources universally, are utilized in system health monitoring and intrusion detection systems. Recent developments in Natural Language Processing (NLP) studies show that contextual information decreases false-positives yield in detecting anomalous behaviors. Transformers and their adaptations to various language understanding tasks exemplify the enhanced ability to extract this information. Deep network based anomaly detection solutions use generally feature-based transfer learning methods. This type of learning presents a new set of weights for each log type. It is unfeasible and a redundant way considering various log sources. Also, a vague representation of model decisions prevents learning from threat data and improving model capability. In this paper, we propose AnomalyAdapters (AAs) which is an extensible multi-anomaly task detection model. It uses pretrained transformers’ variant to encode a log sequences and utilizes adapters to learn a log structure and anomaly types. Adapter-based approach collects contextual information, eliminates information loss in learning, and learns anomaly detection tasks from different log sources without overuse of parameters. Lastly, our work elucidates the decision making process of the proposed model on different log datasets to emphasize extraction of threat data via explainability experiments.
Highlights
System security poses a big step for enterprises, governments, and safety critical systems
Detection systems are a part of Intrusion Detection or Prevention Systems (IDS/IPS), which are connected to different sources
In log key-based approaches, we compared with two studies, PCA [9] which analyzes log representation as count vectors, DeepLog [12] which uses long shortterm memory (LSTM) model to predict log key in workflow
Summary
System security poses a big step for enterprises, governments, and safety critical systems. Detection is the activity to distinguish unmatched, peculiar, or unknown examples from the data [2]. This type of detection techniques are used in different applications such as; fraud detection in finance, intrusion detection in cyber security, fault detection in safety critical systems, and access control models [20] in critical infrastructures. These defense applications have a system-wide priority, since it is crucial to maintain their services. Key components of anomaly detection are detection techniques, problem characteristics, and the application source [19]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
