Abstract
In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 |
Pages | 257-266 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 2009 |
Externally published | Yes |
Event | 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 - Tokyo Duration: 2009 Mar 17 → 2009 Mar 20 |
Other
Other | 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 |
---|---|
City | Tokyo |
Period | 09/3/17 → 09/3/20 |
Fingerprint
ASJC Scopus subject areas
- Computer Science Applications
- Software
Cite this
A lightweight anomaly detection system for information appliances. / Sugaya, Midori; Ohno, Yuki; Van Der Zee, Andrej; Nakajima, Tatsuo.
Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266 5232002.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - A lightweight anomaly detection system for information appliances
AU - Sugaya, Midori
AU - Ohno, Yuki
AU - Van Der Zee, Andrej
AU - Nakajima, Tatsuo
PY - 2009
Y1 - 2009
N2 - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
AB - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
UR - http://www.scopus.com/inward/record.url?scp=70350599827&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350599827&partnerID=8YFLogxK
U2 - 10.1109/ISORC.2009.39
DO - 10.1109/ISORC.2009.39
M3 - Conference contribution
AN - SCOPUS:70350599827
SN - 9780769535739
SP - 257
EP - 266
BT - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
ER -