Title :
A Lightweight Anomaly Detection System for Information Appliances
Author :
Sugaya, Midori ; Ohno, Yuki ; van der Zee, A. ; Nakajima, Tatsuo
Author_Institution :
Dependable Embedded OS Center, Japan Sci. & Technol. Agency, Tokyo, Japan
Abstract :
In this paper, a novel lightweight anomaly and fault detection infrastructure called anomaly detection by resource monitoring (Ayaka) is presented for information appliances. Ayaka provides a general monitoring method for detecting anomalies using only resource usage information on systems independent of its domain, target application, and programming languages. Ayaka modifies the kernel to detect faults and uses a completely application black-box approach based on machine learning methods. It uses the clustering method to quantize the resource usage vector data and learn the normal patterns with a hidden Markov Model. In the running phase, Ayaka finds anomalies by comparing the application resource usage with the learned model. The evaluation experiment indicates that our prototype system is able to detect anomalies, such as SQL injection and buffer overrun, without significant overheads.
Keywords :
fault diagnosis; hidden Markov models; learning (artificial intelligence); security of data; Ayaka; black-box approach; fault detection infrastructure; hidden Markov model; information appliances; lightweight anomaly detection system; machine learning; resource monitoring; Application software; Clustering methods; Computer languages; Embedded system; Fault detection; Hardware; Home appliances; Microcomputers; Monitoring; Object detection; anomaly detection; fault detection; kernel; monitoring; probability; statistical approach;
Conference_Titel :
Object/Component/Service-Oriented Real-Time Distributed Computing, 2009. ISORC '09. IEEE International Symposium on
Conference_Location :
Tokyo
Print_ISBN :
978-0-7695-3573-9
DOI :
10.1109/ISORC.2009.39
