A lightweight anomaly detection system for information appliances

Midori Sugaya; Yuki Ohno; Andrej Van Der Zee; Tatsuo Nakajima

doi:10.1109/ISORC.2009.39

A lightweight anomaly detection system for information appliances

Midori Sugaya, Yuki Ohno, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original language	English
Title of host publication	Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
Pages	257-266
Number of pages	10
DOIs	https://doi.org/10.1109/ISORC.2009.39
Publication status	Published - 2009 Nov 6
Event	2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 - Tokyo, Japan Duration: 2009 Mar 17 → 2009 Mar 20

Publication series

Name	Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

Conference

Conference	2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
Country	Japan
City	Tokyo
Period	09/3/17 → 09/3/20

Fingerprint

ASJC Scopus subject areas

Computer Science Applications
Software

Cite this

Sugaya, M., Ohno, Y., Van Der Zee, A., & Nakajima, T. (2009). A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 (pp. 257-266). [5232002] (Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009). https://doi.org/10.1109/ISORC.2009.39

A lightweight anomaly detection system for information appliances. / Sugaya, Midori; Ohno, Yuki; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266 5232002 (Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sugaya, M, Ohno, Y, Van Der Zee, A & Nakajima, T 2009, A lightweight anomaly detection system for information appliances. in Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009., 5232002, Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009, pp. 257-266, 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009, Tokyo, Japan, 09/3/17. https://doi.org/10.1109/ISORC.2009.39

Sugaya M, Ohno Y, Van Der Zee A, Nakajima T. A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266. 5232002. (Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009). https://doi.org/10.1109/ISORC.2009.39

Sugaya, Midori ; Ohno, Yuki ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / A lightweight anomaly detection system for information appliances. Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. pp. 257-266 (Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009).

@inproceedings{f337d9ae7d474834b7f8bf0e6ad0dbf5,

title = "A lightweight anomaly detection system for information appliances",

abstract = "In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",

author = "Midori Sugaya and Yuki Ohno and {Van Der Zee}, Andrej and Tatsuo Nakajima",

year = "2009",

month = nov

day = "6",

doi = "10.1109/ISORC.2009.39",

language = "English",

isbn = "9780769535739",

series = "Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009",

pages = "257--266",

booktitle = "Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009",

note = "2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 ; Conference date: 17-03-2009 Through 20-03-2009",

}

TY - GEN

T1 - A lightweight anomaly detection system for information appliances

AU - Sugaya, Midori

AU - Ohno, Yuki

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009/11/6

Y1 - 2009/11/6

N2 - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

UR - http://www.scopus.com/inward/record.url?scp=70350599827&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350599827&partnerID=8YFLogxK

U2 - 10.1109/ISORC.2009.39

DO - 10.1109/ISORC.2009.39

M3 - Conference contribution

AN - SCOPUS:70350599827

SN - 9780769535739

T3 - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

SP - 257

EP - 266

BT - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

T2 - 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

Y2 - 17 March 2009 through 20 March 2009

ER -

Access to Document

10.1109/ISORC.2009.39