Lightweight anomaly detection system with HMM resource modeling

Midori Sugaya*, Yuki Ohno, Tatsuo Nakajima

*この研究の対応する著者

研究成果: Article査読

4 被引用数 (Scopus)

抄録

In this paper, a lightweight anomaly detection infrastructure named Anomaly Detection by Resource Monitoring is presented for Information Appliances. We call it Ayaka for short. It provides a monitoring function for detecting anomalies, especially attacks which are a symptom of resource abuse, by using the resource patterns of each process. Ayaka takes a completely application black-box approach, based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and then learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. This reduces the general overhead of the analyzer and makes it possible to monitor the process in real-time. The evaluation experiment indicates that our prototype system is able to detect anomalies such as SQL injection and buffer overrun with a minimum of false positives and small (about 1%) system overhead, without previously defined anomaly models.

本文言語English
ページ(範囲)35-54
ページ数20
ジャーナルInternational Journal of Security and its Applications
3
3
出版ステータスPublished - 2009

ASJC Scopus subject areas

  • コンピュータ サイエンス(全般)

フィンガープリント

「Lightweight anomaly detection system with HMM resource modeling」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル