Title :
Detecting anomalies in cluster-based parallel programs using a wavelet based approach
Author :
Liu, Zhen ; Bridges, Susan M.
Author_Institution :
Dept. of Comput. Sci. & Eng., Mississippi State Univ., MS, USA
Abstract :
Anomaly detection has the potential to detect unusual behavior and novel attacks that have not been previously observed. Audits of many events including system calls, user command usage, credit card usage, etc. can be used as the basis for anomaly detection. Examination of these traces of ordered events allows classification of audit trails as normal or anomalous. This paper explores the utility of wavelets as a classification method for use in the context of anomaly detection in parallel programs run in a high performance cluster environment. The events considered are traces of function calls and system calls invoked by parallel programs. Two wavelet-based classification methods are described for anomaly detection. The wavelet-based approaches are sensitive to both order and frequency behavior of the events. The experimental results indicate that both wavelet-based classification methods are more effective in the detection of anomalies than sequence matching.
Keywords :
Linux; parallel programming; pattern classification; security of data; telecommunication security; wavelet transforms; anomaly detection; cluster-based parallel programs; credit card usage; system calls; user command usage; wavelet-based classification methods; Application software; Bridges; Classification algorithms; Computer science; Computer security; Credit cards; Event detection; Frequency; Linux; Workstations;
Conference_Titel :
Networking, Sensing and Control, 2005. Proceedings. 2005 IEEE
Print_ISBN :
0-7803-8812-7
DOI :
10.1109/ICNSC.2005.1461214
