Anomaly detection system using resource pattern learning

Yuki Ohno; Midori Sugaya; Andrej Van Der Zee; Tatsuo Nakajima

doi:10.1109/STFSSD.2009.41

Anomaly detection system using resource pattern learning

Yuki Ohno, Midori Sugaya, Andrej Van Der Zee, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

Original language	English
Title of host publication	Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
Pages	38-42
Number of pages	5
DOIs	https://doi.org/10.1109/STFSSD.2009.41
Publication status	Published - 2009 Dec 1
Event	1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 - Tokyo, Japan Duration: 2009 Mar 17 → 2009 Mar 18

Publication series

Name	Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

Conference

Conference	1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
Country	Japan
City	Tokyo
Period	09/3/17 → 09/3/18

Fingerprint

Keywords

Anomaly Detection
Dependability
Hidden Markov Model
Machine Learning

ASJC Scopus subject areas

Hardware and Architecture
Information Systems

Cite this

Ohno, Y., Sugaya, M., Van Der Zee, A., & Nakajima, T. (2009). Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 (pp. 38-42). [4804569] (Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009). https://doi.org/10.1109/STFSSD.2009.41

Anomaly detection system using resource pattern learning. / Ohno, Yuki; Sugaya, Midori; Van Der Zee, Andrej; Nakajima, Tatsuo.

Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42 4804569 (Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ohno, Y, Sugaya, M, Van Der Zee, A & Nakajima, T 2009, Anomaly detection system using resource pattern learning. in Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009., 4804569, Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009, pp. 38-42, 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009, Tokyo, Japan, 09/3/17. https://doi.org/10.1109/STFSSD.2009.41

Ohno Y, Sugaya M, Van Der Zee A, Nakajima T. Anomaly detection system using resource pattern learning. In Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. p. 38-42. 4804569. (Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009). https://doi.org/10.1109/STFSSD.2009.41

Ohno, Yuki ; Sugaya, Midori ; Van Der Zee, Andrej ; Nakajima, Tatsuo. / Anomaly detection system using resource pattern learning. Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009. 2009. pp. 38-42 (Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009).

@inproceedings{3c09eccd18b74c318241fa82823d039f,

title = "Anomaly detection system using resource pattern learning",

abstract = "In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.",

keywords = "Anomaly Detection, Dependability, Hidden Markov Model, Machine Learning",

author = "Yuki Ohno and Midori Sugaya and {Van Der Zee}, Andrej and Tatsuo Nakajima",

year = "2009",

month = dec

day = "1",

doi = "10.1109/STFSSD.2009.41",

language = "English",

isbn = "9780769535722",

series = "Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009",

pages = "38--42",

booktitle = "Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009",

note = "1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009 ; Conference date: 17-03-2009 Through 18-03-2009",

}

TY - GEN

T1 - Anomaly detection system using resource pattern learning

AU - Ohno, Yuki

AU - Sugaya, Midori

AU - Van Der Zee, Andrej

AU - Nakajima, Tatsuo

PY - 2009/12/1

Y1 - 2009/12/1

N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.

KW - Anomaly Detection

KW - Dependability

KW - Hidden Markov Model

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK

U2 - 10.1109/STFSSD.2009.41

DO - 10.1109/STFSSD.2009.41

M3 - Conference contribution

AN - SCOPUS:84880426603

SN - 9780769535722

T3 - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

SP - 38

EP - 42

BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

T2 - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009

Y2 - 17 March 2009 through 18 March 2009

ER -

Access to Document

10.1109/STFSSD.2009.41