{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T17:26:52Z","timestamp":1783099612628,"version":"3.54.6"},"reference-count":12,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2021,2,5]],"date-time":"2021-02-05T00:00:00Z","timestamp":1612483200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,2,5]],"date-time":"2021-02-05T00:00:00Z","timestamp":1612483200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Sign Process Syst"],"published-print":{"date-parts":[[2021,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Security devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.<\/jats:p>","DOI":"10.1007\/s11265-021-01644-4","type":"journal-article","created":{"date-parts":[[2021,2,5]],"date-time":"2021-02-05T03:08:02Z","timestamp":1612494482000},"page":"745-751","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":41,"title":["A LSTM-Based Anomaly Detection Model for Log Analysis"],"prefix":"10.1007","volume":"93","author":[{"given":"Zhijun","family":"Zhao","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chen","family":"Xu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bo","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,2,5]]},"reference":[{"key":"1644_CR1","doi-asserted-by":"crossref","unstructured":"Y. Zhao, X. Wang, H. Xiao and X. Chi, Improvement of the Log Pattern Extracting Algorithm Using Text Similarity, 2018 IEEE International Parallel And Distributed Processing Symposium Workshops (IPDPSW), Vancouver, BC, 2018, pp. 507\u2013514.","DOI":"10.1109\/IPDPSW.2018.00087"},{"issue":"7","key":"1644_CR2","first-page":"1847","volume":"36","author":"KY Xu","year":"2016","unstructured":"Xu, K. Y., Gong, X. R., & Cheng, M. C. (2016). Audit log association rule mining based on improved Apriori algorithm. Computer Application, 36(7), 1847\u20131851.","journal-title":"Computer Application"},{"key":"1644_CR3","doi-asserted-by":"crossref","unstructured":"Y. Zhao and H. Xiao, Extracting Log Patterns from System Logs in LARGE, 2016 IEEE international parallel and distributed processing symposium workshops (IPDPSW), Chicago, IL, 2016, pp. 1645\u20131652.","DOI":"10.1109\/IPDPSW.2016.110"},{"issue":"2","key":"1644_CR4","doi-asserted-by":"publisher","first-page":"177","DOI":"10.7763\/IJMLC.2014.V4.408","volume":"4","author":"SE Seker","year":"2014","unstructured":"Seker, S. E., Altun, O., Ayan, U., & Mert, C. (2014). A novel string distance function based on Most frequent K characters. International Journal of Machine Learning & Computing, 4(2), 177\u2013183.","journal-title":"International Journal of Machine Learning & Computing"},{"key":"1644_CR5","volume-title":"Recurrent neural network language models for open vocabulary event-level cyber anomaly detection","author":"A Tuor","year":"2017","unstructured":"Tuor A, Baerwolf R, Knowles N, et al. Recurrent neural network language models for open vocabulary event-level cyber anomaly detection. 2017."},{"key":"1644_CR6","doi-asserted-by":"crossref","unstructured":"Kent and Alexander D. Cyber security data sources for dynamic network research, Dynamic Networks and Cyber-Security. 2016.","DOI":"10.1142\/9781786340757_0002"},{"key":"1644_CR7","doi-asserted-by":"crossref","unstructured":"Hochreiter S. and Schmidhuber J.. Long Short-Term Memory, Neural computation 9(8):1735\u20131780.","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"1644_CR8","doi-asserted-by":"crossref","unstructured":"Rose S, Engel D, Cramer N, et al. Automatic keyword extraction from individual documents, Text Mining: Applications and Theory. John Wiley & Sons, Ltd, 2010, Automatic Keyword Extraction from Individual Documents.","DOI":"10.1002\/9780470689646.ch1"},{"key":"1644_CR9","unstructured":"W. Contributors. Maximum Likelihood Estimation, available: https:\/\/en.wikipedia.org\/w\/index.php?title=Maximum_likelihood_estimation&oldid=857905834, (2015)."},{"issue":"4","key":"1644_CR10","first-page":"47","volume":"6","author":"G Gavai","year":"2015","unstructured":"Gavai, G., Sricharan, K., Gunning, D., Hanley, J., Singhal, M., & Rolleston, R. (2015). Supervised and unsupervised methods to detect insider threat from en-terprise social and online activity data. Journal Of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6(4), 47\u201363.","journal-title":"Journal Of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications"},{"key":"1644_CR11","doi-asserted-by":"crossref","unstructured":"Du M, Li F, Zheng G, et al. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning, Acm Sigsac Conference on Computer & Communications Security ACM, 2017.","DOI":"10.1145\/3133956.3134015"},{"key":"1644_CR12","volume-title":"Drain: An online log parsing approach with fixed depth tree, 2017 IEEE international conference on web services (ICWS)","author":"P He","year":"2017","unstructured":"He P, Zhu J, Zheng Z, et al. Drain: An online log parsing approach with fixed depth tree, 2017 IEEE international conference on web services (ICWS). IEEE, 2017."}],"container-title":["Journal of Signal Processing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11265-021-01644-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11265-021-01644-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11265-021-01644-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,14]],"date-time":"2021-06-14T17:09:18Z","timestamp":1623690558000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11265-021-01644-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,5]]},"references-count":12,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2021,7]]}},"alternative-id":["1644"],"URL":"https:\/\/doi.org\/10.1007\/s11265-021-01644-4","relation":{},"ISSN":["1939-8018","1939-8115"],"issn-type":[{"value":"1939-8018","type":"print"},{"value":"1939-8115","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,5]]},"assertion":[{"value":"22 October 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 January 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 January 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 February 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}