17,419 research outputs found
Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers
In this paper, we present the results of using bags of system calls for
learning the behavior of Linux containers for use in anomaly-detection based
intrusion detection system. By using system calls of the containers monitored
from the host kernel for anomaly detection, the system does not require any
prior knowledge of the container nature, neither does it require altering the
container or the host kernel.Comment: Published version available on IEEE Xplore
(http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial
text overlap with arXiv:1611.0305
Process Monitoring on Sequences of System Call Count Vectors
We introduce a methodology for efficient monitoring of processes running on
hosts in a corporate network. The methodology is based on collecting streams of
system calls produced by all or selected processes on the hosts, and sending
them over the network to a monitoring server, where machine learning algorithms
are used to identify changes in process behavior due to malicious activity,
hardware failures, or software errors. The methodology uses a sequence of
system call count vectors as the data format which can handle large and varying
volumes of data.
Unlike previous approaches, the methodology introduced in this paper is
suitable for distributed collection and processing of data in large corporate
networks. We evaluate the methodology both in a laboratory setting on a
real-life setup and provide statistics characterizing performance and accuracy
of the methodology.Comment: 5 pages, 4 figures, ICCST 201
An Immune Inspired Approach to Anomaly Detection
The immune system provides a rich metaphor for computer security: anomaly
detection that works in nature should work for machines. However, early
artificial immune system approaches for computer security had only limited
success. Arguably, this was due to these artificial systems being based on too
simplistic a view of the immune system. We present here a second generation
artificial immune system for process anomaly detection. It improves on earlier
systems by having different artificial cell types that process information.
Following detailed information about how to build such second generation
systems, we find that communication between cells types is key to performance.
Through realistic testing and validation we show that second generation
artificial immune systems are capable of anomaly detection beyond generic
system policies. The paper concludes with a discussion and outline of the next
steps in this exciting area of computer security.Comment: 19 pages, 4 tables, 2 figures, Handbook of Research on Information
Security and Assuranc
Intelligent intrusion detection in low power IoTs
Security and privacy of data are one of the prime concerns in today’s Internet of Things (IoT). Conventional security techniques like signature-based detection of malware and regular updates of a signature database are not feasible solutions as they cannot secure such systems effectively, having limited resources. Programming languages permitting immediate memory accesses through pointers often result in applications having memory-related errors, which may lead to unpredictable failures and security vulnerabilities. Furthermore, energy efficient IoT devices running on batteries cannot afford the implementation of cryptography algorithms as such techniques have significant impact on the system power consumption. Therefore, in order to operate IoT in a secure manner, the system must be able to detect and prevent any kind of intrusions before the network (i.e., sensor nodes and base station) is destabilised by the attackers. In this article, we have presented an intrusion detection and prevention mechanism by implementing an intelligent security architecture using random neural networks (RNNs). The application’s source code is also instrumented at compile time in order to detect out-of-bound memory accesses. It is based on creating tags, to be coupled with each memory allocation and then placing additional tag checking instructions for each access made to the memory. To validate the feasibility of the proposed security solution, it is implemented for an existing IoT system and its functionality is practically demonstrated by successfully detecting the presence of any suspicious sensor node within the system operating range and anomalous activity in the base station with an accuracy of 97.23%. Overall, the proposed security solution has presented a minimal performance overhead.</jats:p
Cluster detection in networks using percolation
We consider the task of detecting a salient cluster in a sensor network, that
is, an undirected graph with a random variable attached to each node. Motivated
by recent research in environmental statistics and the drive to compete with
the reigning scan statistic, we explore alternatives based on the percolative
properties of the network. The first method is based on the size of the largest
connected component after removing the nodes in the network with a value below
a given threshold. The second method is the upper level set scan test
introduced by Patil and Taillie [Statist. Sci. 18 (2003) 457-465]. We establish
the performance of these methods in an asymptotic decision- theoretic framework
in which the network size increases. These tests have two advantages over the
more conventional scan statistic: they do not require previous information
about cluster shape, and they are computationally more feasible. We make
abundant use of percolation theory to derive our theoretical results, and
complement our theory with some numerical experiments.Comment: Published in at http://dx.doi.org/10.3150/11-BEJ412 the Bernoulli
(http://isi.cbs.nl/bernoulli/) by the International Statistical
Institute/Bernoulli Society (http://isi.cbs.nl/BS/bshome.htm
L\'{e}vy scaling: the Diffusion Entropy Analysis applied to DNA sequences
We address the problem of the statistical analysis of a time series generated
by complex dynamics with a new method: the Diffusion Entropy Analysis (DEA)
(Fractals, {\bf 9}, 193 (2001)). This method is based on the evaluation of the
Shannon entropy of the diffusion process generated by the time series imagined
as a physical source of fluctuations, rather than on the measurement of the
variance of this diffusion process, as done with the traditional methods. We
compare the DEA to the traditional methods of scaling detection and we prove
that the DEA is the only method that always yields the correct scaling value,
if the scaling condition applies. Furthermore, DEA detects the real scaling of
a time series without requiring any form of de-trending. We show that the joint
use of DEA and variance method allows to assess whether a time series is
characterized by L\'{e}vy or Gauss statistics. We apply the DEA to the study of
DNA sequences, and we prove that their large-time scales are characterized by
L\'{e}vy statistics, regardless of whether they are coding or non-coding
sequences. We show that the DEA is a reliable technique and, at the same time,
we use it to confirm the validity of the dynamic approach to the DNA sequences,
proposed in earlier work.Comment: 24 pages, 9 figure
- …