TY - GEN
T1 - Anomaly detection system using resource pattern learning
AU - Ohno, Yuki
AU - Sugaya, Midori
AU - Van Der Zee, Andrej
AU - Nakajima, Tatsuo
N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
AB - In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
KW - Anomaly Detection
KW - Dependability
KW - Hidden Markov Model
KW - Machine Learning
UR - http://www.scopus.com/inward/record.url?scp=84880426603&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84880426603&partnerID=8YFLogxK
U2 - 10.1109/STFSSD.2009.41
DO - 10.1109/STFSSD.2009.41
M3 - Conference contribution
AN - SCOPUS:84880426603
SN - 9780769535722
T3 - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
SP - 38
EP - 42
BT - Proceedings - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
T2 - 1st International Workshop on Software Technologies for Future Dependable Distributed Systems, STFSSD 2009
Y2 - 17 March 2009 through 18 March 2009
ER -