Abstract
As businesses embrace digitization, the Internet of Everything (IoE) begins to take shape and the Cloud continues to empower new innovations for big data -at the heart, Cloud analytic applications gain increasing momentum. Such applications have remarkable benefits for big data processing, making it easy, fast, scalable, and cost-effective; albeit, they pose many security risks. Security breaches causing anomalous activities due to malicious, vulnerable, or misconfigured analytic applications are considered the top security risks to big “sensitive” data. The risk is further expanded from the coupling of data analytics with the Cloud. Towards maintaining secure and trustworthy applications, effective anomaly detection and prediction become crucial tasks to be offered by Cloud providers. This paper presents, PredictDeep, a novel security analytics framework for anomaly detection and prediction. The proposed framework leverages log data collected from monitoring systems with graph analytics and deep learning techniques to add intelligence for detecting and predicting known and unknown patterns of security anomalies. It represents the collected data and transforms them into a graph model. The graph model captures the analytical activities as well as their interrelation. In this sense, such a model provides informed insight of the monitored application, understanding its behavior, and revealing anomalous patterns. Different from existing traditional rule-based machine learning and statistics-based approaches, our solution takes the benefits of incorporating not only available node attributes but also graph structure and context information to extract rich features that boost the anomaly classification and prediction. We leverage graph embeddings to represent the nodes and relationships in the graph model as feature vectors to learn and predict anomalies in an inductive way utilizing recent advanced deep graph neural network techniques. This design augments our solution with robustness and computational efficiency. Extensive experiments are conducted over an open-source Hadoop log dataset. The evaluation results demonstrate that PredictDeep is a viable solution and very effective.
Highlights
Recent reports reveal that the security front line represents an ever-expanding surface for potential attacks [1]
THE PredictDeep OPERATIONAL OVERVIEW The Cloud service model considered for this work consists of three main entities: 1) Cloud analytics provider offering analytics technologies (e.g., Hadoop) which can range from basic services (e.g., IaaS, PaaS) for building analytics clusters, to tailored services (e.g., Data Analytics as a Service) for performing specific analytical tasks; 2) Trusted party offering various security services (e.g., Security Monitoring as a Service (SMaaS) and PredictDeep); and 3) Cloud consumers running their analytic applications over the provided cluster in the Cloud
The PredictDeep framework is offered as an advanced security analytics service from a trusted party to the consumers of Cloud analytics providers
Summary
Recent reports reveal that the security front line represents an ever-expanding surface for potential attacks [1]. The distinct features of executed computations and processed data in distributed large-scale dynamic analytic systems arise several challenges to develop an effective machine learning-based log analysis for anomaly detection and prediction solution. Our overall contributions are as follows: 1) We propose PredictDeep, a novel framework of Security Analytics as a Service for anomaly detection and prediction; 2) We introduce an advanced approach that leverages streaming data analytics with graph analysis and deep learning to add intelligence for predicting unseen patterns of anomalies; and 3) We demonstrate the prediction effectiveness and performance efficiency of our framework through a set of experiments over benchmark dataset.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
