Anomaly detection system using resource pattern learning

Yuki Ohno, Midori Sugaya, Andrej Van Der Zee, Tatsuo Nakajima

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    3 Citations (Scopus)

    Abstract

    In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    Original languageEnglish
    Title of host publicationProceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
    Pages38-42
    Number of pages5
    DOIs
    Publication statusPublished - 2009
    Event1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 - Tokyo
    Duration: 2009 Mar 172009 Mar 18

    Other

    Other1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
    CityTokyo
    Period09/3/1709/3/18

    Fingerprint

    Monitoring
    Hidden Markov models
    Fault detection
    Computer programming languages
    Learning systems
    Experiments

    Keywords

    • Anomaly Detection
    • Dependability
    • Hidden Markov Model
    • Machine Learning

    ASJC Scopus subject areas

    • Hardware and Architecture
    • Information Systems

    Cite this

    Ohno, Y., Sugaya, M., Van Der Zee, A., & Nakajima, T. (2009). Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 (pp. 38-42). [4804569] https://doi.org/10.1109/STFSSD.2009.41

    Anomaly detection system using resource pattern learning. / Ohno, Yuki; Sugaya, Midori; Van Der Zee, Andrej; Nakajima, Tatsuo.

    Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42 4804569.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Ohno, Y, Sugaya, M, Van Der Zee, A & Nakajima, T 2009, Anomaly detection system using resource pattern learning. in Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009., 4804569, pp. 38-42, 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009, Tokyo, 09/3/17. https://doi.org/10.1109/STFSSD.2009.41
    Ohno Y, Sugaya M, Van Der Zee A, Nakajima T. Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42. 4804569 https://doi.org/10.1109/STFSSD.2009.41
    Ohno, Yuki ; Sugaya, Midori ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / Anomaly detection system using resource pattern learning. Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. pp. 38-42
    @inproceedings{b47b30783e264ee293a7438bc949f52c,
    title = "Anomaly detection system using resource pattern learning",
    abstract = "In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",
    keywords = "Anomaly Detection, Dependability, Hidden Markov Model, Machine Learning",
    author = "Yuki Ohno and Midori Sugaya and {Van Der Zee}, Andrej and Tatsuo Nakajima",
    year = "2009",
    doi = "10.1109/STFSSD.2009.41",
    language = "English",
    isbn = "9780769535722",
    pages = "38--42",
    booktitle = "Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009",

    }

    TY - GEN

    T1 - Anomaly detection system using resource pattern learning

    AU - Ohno, Yuki

    AU - Sugaya, Midori

    AU - Van Der Zee, Andrej

    AU - Nakajima, Tatsuo

    PY - 2009

    Y1 - 2009

    N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    KW - Anomaly Detection

    KW - Dependability

    KW - Hidden Markov Model

    KW - Machine Learning

    UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK

    U2 - 10.1109/STFSSD.2009.41

    DO - 10.1109/STFSSD.2009.41

    M3 - Conference contribution

    AN - SCOPUS:84880426603

    SN - 9780769535722

    SP - 38

    EP - 42

    BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

    ER -