Anomaly detection system using resource pattern learning

Yuki Ohno; Midori Sugaya; Andrej Van Der Zee; Tatsuo Nakajima

doi:10.1109/STFSSD.2009.41

Anomaly detection system using resource pattern learning

Yuki Ohno, Midori Sugaya, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original language	English
Title of host publication	Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
Pages	38-42
Number of pages	5
DOIs	https://doi.org/10.1109/STFSSD.2009.41
Publication status	Published - 2009
Externally published	Yes
Event	1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 - Tokyo Duration: 2009 Mar 17 → 2009 Mar 18

Other

Other	1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
City	Tokyo
Period	09/3/17 → 09/3/18

Fingerprint

Monitoring

Hidden Markov models

Fault detection

Computer programming languages

Learning systems

Experiments

Keywords

Anomaly Detection
Dependability
Hidden Markov Model
Machine Learning

ASJC Scopus subject areas

Hardware and Architecture
Information Systems

Cite this

Ohno, Y., Sugaya, M., Van Der Zee, A., & Nakajima, T. (2009). Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 (pp. 38-42). [4804569] https://doi.org/10.1109/STFSSD.2009.41

Anomaly detection system using resource pattern learning. / Ohno, Yuki; Sugaya, Midori; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42 4804569.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ohno, Y, Sugaya, M, Van Der Zee, A & Nakajima, T 2009, Anomaly detection system using resource pattern learning. in Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009., 4804569, pp. 38-42, 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009, Tokyo, 09/3/17. https://doi.org/10.1109/STFSSD.2009.41

Ohno Y, Sugaya M, Van Der Zee A, Nakajima T. Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42. 4804569 https://doi.org/10.1109/STFSSD.2009.41

Ohno, Yuki ; Sugaya, Midori ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / Anomaly detection system using resource pattern learning. Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. pp. 38-42

@inproceedings{3c09eccd18b74c318241fa82823d039f,

title = "Anomaly detection system using resource pattern learning",

abstract = "In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",

keywords = "Anomaly Detection, Dependability, Hidden Markov Model, Machine Learning",

author = "Yuki Ohno and Midori Sugaya and {Van Der Zee}, Andrej and Tatsuo Nakajima",

year = "2009",

doi = "10.1109/STFSSD.2009.41",

language = "English",

isbn = "9780769535722",

pages = "38--42",

booktitle = "Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009",

}

TY - GEN

T1 - Anomaly detection system using resource pattern learning

AU - Ohno, Yuki

AU - Sugaya, Midori

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009

Y1 - 2009

N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

KW - Anomaly Detection

KW - Dependability

KW - Hidden Markov Model

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK

U2 - 10.1109/STFSSD.2009.41

DO - 10.1109/STFSSD.2009.41

M3 - Conference contribution

AN - SCOPUS:84880426603

SN - 9780769535722

SP - 38

EP - 42

BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

ER -

Access to Document

10.1109/STFSSD.2009.41