A lightweight anomaly detection system for information appliances

Midori Sugaya; Yuki Ohno; Andrej Van Der Zee; Tatsuo Nakajima

doi:10.1109/ISORC.2009.39

A lightweight anomaly detection system for information appliances

Midori Sugaya, Yuki Ohno, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original language	English
Title of host publication	Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
Pages	257-266
Number of pages	10
DOIs	https://doi.org/10.1109/ISORC.2009.39
Publication status	Published - 2009
Externally published	Yes
Event	2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 - Tokyo Duration: 2009 Mar 17 → 2009 Mar 20

Other

Other	2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
City	Tokyo
Period	09/3/17 → 09/3/20

Fingerprint

Hidden Markov models

Fault detection

Computer programming languages

Learning systems

Monitoring

Experiments

ASJC Scopus subject areas

Computer Science Applications
Software

Cite this

Sugaya, M., Ohno, Y., Van Der Zee, A., & Nakajima, T. (2009). A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 (pp. 257-266). [5232002] https://doi.org/10.1109/ISORC.2009.39

A lightweight anomaly detection system for information appliances. / Sugaya, Midori; Ohno, Yuki; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266 5232002.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sugaya, M, Ohno, Y, Van Der Zee, A & Nakajima, T 2009, A lightweight anomaly detection system for information appliances. in Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009., 5232002, pp. 257-266, 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009, Tokyo, 09/3/17. https://doi.org/10.1109/ISORC.2009.39

Sugaya M, Ohno Y, Van Der Zee A, Nakajima T. A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266. 5232002 https://doi.org/10.1109/ISORC.2009.39

Sugaya, Midori ; Ohno, Yuki ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / A lightweight anomaly detection system for information appliances. Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. pp. 257-266

@inproceedings{f337d9ae7d474834b7f8bf0e6ad0dbf5,

title = "A lightweight anomaly detection system for information appliances",

abstract = "In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",

author = "Midori Sugaya and Yuki Ohno and {Van Der Zee}, Andrej and Tatsuo Nakajima",

year = "2009",

doi = "10.1109/ISORC.2009.39",

language = "English",

isbn = "9780769535739",

pages = "257--266",

booktitle = "Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009",

}

TY - GEN

T1 - A lightweight anomaly detection system for information appliances

AU - Sugaya, Midori

AU - Ohno, Yuki

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009

Y1 - 2009

N2 - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

UR - http://www.scopus.com/inward/record.url?scp=70350599827&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350599827&partnerID=8YFLogxK

U2 - 10.1109/ISORC.2009.39

DO - 10.1109/ISORC.2009.39

M3 - Conference contribution

AN - SCOPUS:70350599827

SN - 9780769535739

SP - 257

EP - 266

BT - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

ER -

Access to Document

10.1109/ISORC.2009.39