A lightweight anomaly detection system for information appliances

Midori Sugaya, Yuki Ohno, Andrej Van Der Zee, Tatsuo Nakajima

    研究成果: Conference contribution

    7 引用 (Scopus)

    抄録

    In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    元の言語English
    ホスト出版物のタイトルProceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
    ページ257-266
    ページ数10
    DOI
    出版物ステータスPublished - 2009
    イベント2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 - Tokyo
    継続期間: 2009 3 172009 3 20

    Other

    Other2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
    Tokyo
    期間09/3/1709/3/20

    Fingerprint

    Hidden Markov models
    Fault detection
    Computer programming languages
    Learning systems
    Monitoring
    Experiments

    ASJC Scopus subject areas

    • Computer Science Applications
    • Software

    これを引用

    Sugaya, M., Ohno, Y., Van Der Zee, A., & Nakajima, T. (2009). A lightweight anomaly detection system for information appliances. : Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 (pp. 257-266). [5232002] https://doi.org/10.1109/ISORC.2009.39

    A lightweight anomaly detection system for information appliances. / Sugaya, Midori; Ohno, Yuki; Van Der Zee, Andrej; Nakajima, Tatsuo.

    Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266 5232002.

    研究成果: Conference contribution

    Sugaya, M, Ohno, Y, Van Der Zee, A & Nakajima, T 2009, A lightweight anomaly detection system for information appliances. : Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009., 5232002, pp. 257-266, 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009, Tokyo, 09/3/17. https://doi.org/10.1109/ISORC.2009.39
    Sugaya M, Ohno Y, Van Der Zee A, Nakajima T. A lightweight anomaly detection system for information appliances. : Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266. 5232002 https://doi.org/10.1109/ISORC.2009.39
    Sugaya, Midori ; Ohno, Yuki ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / A lightweight anomaly detection system for information appliances. Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. pp. 257-266
    @inproceedings{2c40e8987841448daae363556af8e3b9,
    title = "A lightweight anomaly detection system for information appliances",
    abstract = "In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",
    author = "Midori Sugaya and Yuki Ohno and {Van Der Zee}, Andrej and Tatsuo Nakajima",
    year = "2009",
    doi = "10.1109/ISORC.2009.39",
    language = "English",
    isbn = "9780769535739",
    pages = "257--266",
    booktitle = "Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009",

    }

    TY - GEN

    T1 - A lightweight anomaly detection system for information appliances

    AU - Sugaya, Midori

    AU - Ohno, Yuki

    AU - Van Der Zee, Andrej

    AU - Nakajima, Tatsuo

    PY - 2009

    Y1 - 2009

    N2 - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    AB - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

    UR - http://www.scopus.com/inward/record.url?scp=70350599827&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=70350599827&partnerID=8YFLogxK

    U2 - 10.1109/ISORC.2009.39

    DO - 10.1109/ISORC.2009.39

    M3 - Conference contribution

    AN - SCOPUS:70350599827

    SN - 9780769535739

    SP - 257

    EP - 266

    BT - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

    ER -