A lightweight anomaly detection system for information appliances

Midori Sugaya, Yuki Ohno, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original languageEnglish
Title of host publicationProceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
Pages257-266
Number of pages10
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 - Tokyo
Duration: 2009 Mar 172009 Mar 20

Other

Other2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009
CityTokyo
Period09/3/1709/3/20

Fingerprint

Hidden Markov models
Fault detection
Computer programming languages
Learning systems
Monitoring
Experiments

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Cite this

Sugaya, M., Ohno, Y., Van Der Zee, A., & Nakajima, T. (2009). A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009 (pp. 257-266). [5232002] https://doi.org/10.1109/ISORC.2009.39

A lightweight anomaly detection system for information appliances. / Sugaya, Midori; Ohno, Yuki; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266 5232002.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sugaya, M, Ohno, Y, Van Der Zee, A & Nakajima, T 2009, A lightweight anomaly detection system for information appliances. in Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009., 5232002, pp. 257-266, 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009, Tokyo, 09/3/17. https://doi.org/10.1109/ISORC.2009.39
Sugaya M, Ohno Y, Van Der Zee A, Nakajima T. A lightweight anomaly detection system for information appliances. In Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. p. 257-266. 5232002 https://doi.org/10.1109/ISORC.2009.39
Sugaya, Midori ; Ohno, Yuki ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / A lightweight anomaly detection system for information appliances. Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009. 2009. pp. 257-266
@inproceedings{f337d9ae7d474834b7f8bf0e6ad0dbf5,
title = "A lightweight anomaly detection system for information appliances",
abstract = "In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",
author = "Midori Sugaya and Yuki Ohno and {Van Der Zee}, Andrej and Tatsuo Nakajima",
year = "2009",
doi = "10.1109/ISORC.2009.39",
language = "English",
isbn = "9780769535739",
pages = "257--266",
booktitle = "Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009",

}

TY - GEN

T1 - A lightweight anomaly detection system for information appliances

AU - Sugaya, Midori

AU - Ohno, Yuki

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009

Y1 - 2009

N2 - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, a novel lightweight anomaly and fault detection infrastructure called Anomaly Detection by ResourceMonitoring (Ayaka) is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

UR - http://www.scopus.com/inward/record.url?scp=70350599827&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350599827&partnerID=8YFLogxK

U2 - 10.1109/ISORC.2009.39

DO - 10.1109/ISORC.2009.39

M3 - Conference contribution

AN - SCOPUS:70350599827

SN - 9780769535739

SP - 257

EP - 266

BT - Proceedings of the 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2009

ER -