Abstract
In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
Original language | English |
---|---|
Title of host publication | Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 |
Pages | 38-42 |
Number of pages | 5 |
DOIs | |
Publication status | Published - 2009 |
Externally published | Yes |
Event | 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 - Tokyo Duration: 2009 Mar 17 → 2009 Mar 18 |
Other
Other | 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 |
---|---|
City | Tokyo |
Period | 09/3/17 → 09/3/18 |
Fingerprint
Keywords
- Anomaly Detection
- Dependability
- Hidden Markov Model
- Machine Learning
ASJC Scopus subject areas
- Hardware and Architecture
- Information Systems
Cite this
Anomaly detection system using resource pattern learning. / Ohno, Yuki; Sugaya, Midori; Van Der Zee, Andrej; Nakajima, Tatsuo.
Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42 4804569.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Anomaly detection system using resource pattern learning
AU - Ohno, Yuki
AU - Sugaya, Midori
AU - Van Der Zee, Andrej
AU - Nakajima, Tatsuo
PY - 2009
Y1 - 2009
N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
KW - Anomaly Detection
KW - Dependability
KW - Hidden Markov Model
KW - Machine Learning
UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK
U2 - 10.1109/STFSSD.2009.41
DO - 10.1109/STFSSD.2009.41
M3 - Conference contribution
AN - SCOPUS:84880426603
SN - 9780769535722
SP - 38
EP - 42
BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
ER -