Anomaly detection system using resource pattern learning

Yuki Ohno, Midori Sugaya, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original languageEnglish
Title of host publicationProceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
Pages38-42
Number of pages5
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 - Tokyo
Duration: 2009 Mar 172009 Mar 18

Other

Other1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
CityTokyo
Period09/3/1709/3/18

Fingerprint

Monitoring
Hidden Markov models
Fault detection
Computer programming languages
Learning systems
Experiments

Keywords

  • Anomaly Detection
  • Dependability
  • Hidden Markov Model
  • Machine Learning

ASJC Scopus subject areas

  • Hardware and Architecture
  • Information Systems

Cite this

Ohno, Y., Sugaya, M., Van Der Zee, A., & Nakajima, T. (2009). Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 (pp. 38-42). [4804569] https://doi.org/10.1109/STFSSD.2009.41

Anomaly detection system using resource pattern learning. / Ohno, Yuki; Sugaya, Midori; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42 4804569.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ohno, Y, Sugaya, M, Van Der Zee, A & Nakajima, T 2009, Anomaly detection system using resource pattern learning. in Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009., 4804569, pp. 38-42, 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009, Tokyo, 09/3/17. https://doi.org/10.1109/STFSSD.2009.41
Ohno Y, Sugaya M, Van Der Zee A, Nakajima T. Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42. 4804569 https://doi.org/10.1109/STFSSD.2009.41
Ohno, Yuki ; Sugaya, Midori ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / Anomaly detection system using resource pattern learning. Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. pp. 38-42
@inproceedings{3c09eccd18b74c318241fa82823d039f,
title = "Anomaly detection system using resource pattern learning",
abstract = "In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",
keywords = "Anomaly Detection, Dependability, Hidden Markov Model, Machine Learning",
author = "Yuki Ohno and Midori Sugaya and {Van Der Zee}, Andrej and Tatsuo Nakajima",
year = "2009",
doi = "10.1109/STFSSD.2009.41",
language = "English",
isbn = "9780769535722",
pages = "38--42",
booktitle = "Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009",

}

TY - GEN

T1 - Anomaly detection system using resource pattern learning

AU - Ohno, Yuki

AU - Sugaya, Midori

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009

Y1 - 2009

N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

KW - Anomaly Detection

KW - Dependability

KW - Hidden Markov Model

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK

U2 - 10.1109/STFSSD.2009.41

DO - 10.1109/STFSSD.2009.41

M3 - Conference contribution

SN - 9780769535722

SP - 38

EP - 42

BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

ER -