SVM algorithm-based anomaly detection in network logs and firewall logs

Abstract

The purpose of many advanced forms of cyberattack is to deceive the monitors, and as a result, these attacks often involve several kinds, levels, and stages. Existing anomaly detection systems often examine logs or traffic for indications of attacks, ignoring any additional analysis regarding attack procedures. This is done to save time. For example, traffic detection technologies can only identify the attack flows in a general sense. Still, they cannot reconstruct the attack event process or expose the present condition of the network node. In addition, the logs kept by the firewall are significant sources of evidence; nevertheless, they are still challenging to decipher. This paper introduces support vector machine algorithm-based Anomaly detection (SVMA) in network logs and firewall logs to provide robust security against cyberattacks. This mechanism consists of three modules: preprocessing, feature selection and anomaly detection. The genetic algorithm (GA) selects the better feature from the input. Finally, the support vector machine (SVM) isolates an anomaly powerfully. The investigational outcomes illustrate that the SVMA minimizes the required time to select the features and enhances the detection accuracy.