Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies 2017
DOI: 10.1145/3148055.3148076
|View full text |Cite
|
Sign up to set email alerts
|

An Imputation-based Augmented Anomaly Detection from Large Traces of Operating System Events

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
16
0
1

Year Published

2018
2018
2020
2020

Publication Types

Select...
2
2
1

Relationship

2
3

Authors

Journals

citations
Cited by 9 publications
(17 citation statements)
references
References 15 publications
0
16
0
1
Order By: Relevance
“…Because our work centers on the anomaly detection approach, we highlight mostly the practices in this area. In [13], [14], the authors used kernel events to build an offline anomaly detection model using some vector space model concepts and agglomerative clustering technique. Imputation techniques were also used to increase the scope of their model and reduce the incidents of false positives.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…Because our work centers on the anomaly detection approach, we highlight mostly the practices in this area. In [13], [14], the authors used kernel events to build an offline anomaly detection model using some vector space model concepts and agglomerative clustering technique. Imputation techniques were also used to increase the scope of their model and reduce the incidents of false positives.…”
Section: Related Workmentioning
confidence: 99%
“…Imputation techniques were also used to increase the scope of their model and reduce the incidents of false positives. However, the anomaly frameworks of [13], [14] lack temporal modeling; hence, they do not capture the nature of the system process behavior that emits system calls in discrete, sequential mode. Reference [15] used deep LSTM models constructed from system logs to create anomaly detection models for detecting anomalies in logs from virtual machines.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…The obvious limitation of this method is that zero-day vulnerabilities cannot be detected as it only searches for known signatures. On the other hand, Ezeme et al [9], Xu et al [10], Du et al [16], Yu et al [17] use the second approach which involves the construction of a model to target both seen and unseen anomalies. The core principle of these approaches consists of the extraction of features from the operational profile of the system to construct models which can differentiate normal and anomalous behavior.…”
Section: Related Workmentioning
confidence: 99%
“…Also, anomaly detection models based on entropy like [8] does not fit this kind of analysis because it relies on volume to detect an anomaly rather than the temporal information conveyed by the tuples. Also, the variants of the vector space models used in [9]- [11] cannot be used for online anomaly detection because it performs classification based on a large buffer of the traces.…”
Section: Introductionmentioning
confidence: 99%