The ISC International Journal of Information Security

Abstract With the increasing prevalence of online services, big data systems, and Internet of Things (IoT) devices, detecting anomalies in large system logs has become a significant concern. This study presents a systematic literature review of automated log analysis for anomaly detection from January 2017 to October 2024. The study classifies existing approaches into five types: hybrid, supervised, unsupervised, semi-supervised, and self-supervised. Each technique is analysed based on its assumptions, benefits, limitations, computational complexity, and performance in practical applications. Additionally, it addresses the challenges and concerns associated with developing anomaly detection systems for real-life applications using deep neural networks. The survey's objective is not to perform a statistical analysis of the published methodologies but to classify them, highlight the key features of various deployed architectures, and focus on unresolved issues that require further investigation in this domain. The study offers valuable direction for researchers, emphasising the need for scalable, robust, and interpretable anomaly detection systems. This survey advances the understanding of current capabilities and highlights future directions for enhancing the reliability of complex systems.

Abstract Recent advances in Machine Learning and Deep Learning have significantly expanded their applications in various domains. The resource-intensive process of training deep neural networks, in terms of substantial labeled data acquisition and computational power, makes these models valuable intellectual property for organizations, hence rising an increasingly crucial need for securing them. A major security threat to deep neural networks is the adversarial examples problem, specifically the black-box type. In these attacks, adversaries generate inputs with often imperceptible crafted perturbations to deceive the model into incorrect classifications, all with no access to the model internals and solely by interacting with it via queries and responses. Among the two primary methods for creating black-box adversarial examples i.e. model extraction-based and query-based approaches, this research focuses on the query-based type, and it explores a novel defense mechanism to mitigate their success. Our proposed method called Divergent Twins Fencing (DTF), employs two subtly different models trained with two different loss functions to incline the execution burden of these attacks. The evaluation criteria for this defense method include measuring the success rate and the average number of queries required to generate adversarial examples using two of the most potent attack methods
from recent studies and comparing its defense performance against a leading defense strategy in the literature, i.e., Random Noise Defense (RND) Method, demonstrating our method’s efficacy in enhancing model security against black-box adversarial attacks.

Abstract To enhance the accuracy of learning models‎, ‎it becomes imperative to train them on more extensive datasets‎. ‎Unfortunately‎, ‎access to such data is often restricted because data providers are hesitant to share their data due to privacy concerns‎. ‎Hence‎, ‎it is critical to develop obfuscation techniques that empower data providers to transform their datasets into new ones that ensure the desired level of privacy‎. ‎In this paper‎, ‎we present an approach where data providers utilize a neural network based on the autoencoder architecture to safeguard the sensitive components of their data while preserving the utility of the remaining parts‎. ‎More specifically‎, ‎within the autoencoder framework and after the encoding process‎, ‎a classifier is used to extract the private feature from the dataset‎. ‎This feature is then decorrelated from the other remaining features and subsequently subjected to noise‎. ‎The proposed method is flexible‎, ‎allowing data providers to adjust their desired level of privacy by changing the noise level‎. ‎Additionally‎, ‎our approach demonstrates superior performance in achieving the desired trade-off between utility and privacy compared to similar methods‎, ‎all while maintaining a simpler structure‎.‎‎