Title :
Anomaly Detection System Using Resource Pattern Learning
Author :
Ohno, Yuki ; Sugaya, Midori ; van der Zee, A. ; Nakajima, Tatsuo
Author_Institution :
Dept. of Comput. Sci. & Eng., Waseda Univ., Tokyo, Japan
Abstract :
In this paper, Anomaly Detection by Resource Monitoring (Ayaka), a novel lightweight anomaly and fault detection infrastructure, is presented for Information Appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with Hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
Keywords :
SQL; fault diagnosis; hidden Markov models; learning (artificial intelligence); pattern clustering; programming languages; security of data; software fault tolerance; Ayaka; SQL injection; anomaly detection; black-box approach; buffer overrun; clustering method; fault detection; general monitoring method; hidden Markov model; information appliance; machine learning; programming language; resource monitoring; resource pattern learning; resource usage information; resource usage vector data; Anomaly Detection; Dependability; Hidden Markov Model; Machine Learning;
Conference_Titel :
Future Dependable Distributed Systems, 2009 Software Technologies for
Conference_Location :
Tokyo
Print_ISBN :
978-0-7695-3572-2
Electronic_ISBN :
978-0-7695-3572-2
DOI :
10.1109/STFSSD.2009.41
