DocumentCode
3038362
Title
Anomaly Detection System Using Resource Pattern Learning
Author
Ohno, Yuki ; Sugaya, Midori ; van der Zee, A. ; Nakajima, Tatsuo
Author_Institution
Dept. of Comput. Sci. & Eng., Waseda Univ., Tokyo, Japan
fYear
2009
fDate
17-17 March 2009
Firstpage
38
Lastpage
42
Abstract
In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
Keywords
SQL; fault diagnosis; hidden Markov models; learning (artificial intelligence); pattern clustering; programming languages; security of data; software fault tolerance; Ayaka; SQL injection; anomaly detection; black-box approach; buffer overrun; clustering method; fault detection; general monitoring method; hidden Markov model; information appliance; machine learning; programming language; resource monitoring; resource pattern learning; resource usage information; resource usage vector data; Anomaly Detection; Dependability; Hidden Markov Model; Machine Learning;
fLanguage
English
Publisher
ieee
Conference_Titel
Future Dependable Distributed Systems, 2009 Software Technologies for
Conference_Location
Tokyo
Print_ISBN
978-0-7695-3572-2
Electronic_ISBN
978-0-7695-3572-2
Type
conf
DOI
10.1109/STFSSD.2009.41
Filename
4804569
Link To Document