Real-Time Evasion Attacks against Deep Learning-Based Anomaly Detection from Distributed System Logs

Herath, J. Dinal; Yang, Ping; Yan, Guanhua

doi:10.1145/3422337.3447833

Cited by 11 publications

(3 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It also allows resource sharing among users in a transparent manner. Some algorithms have been proposed to detect outliers in distributed systems [9,35,41]; hence, including distributed systems as a property of outlier explanation techniques (Item 10) is necessary. Now, we summarize Table 4.…”

Section: Summary Of Properties Of the Surveyed Outlier Explanation Te...mentioning

confidence: 99%

A survey on outlier explanations

et al. 2022

View full text Add to dashboard Cite

While many techniques for outlier detection have been proposed in the literature, the interpretation of detected outliers is often left to users. As a result, it is difficult for users to promptly take appropriate actions concerning the detected outliers. To lessen this difficulty, when outliers are identified, they should be presented together with their explanations. There are survey papers on outlier detection, but none exists for outlier explanations. To fill this gap, in this paper, we present a survey on outlier explanations in which meaningful knowledge is mined from anomalous data to explain them. We define different types of outlier explanations and discuss the challenges in generating each type. We review the existing outlier explanation techniques and discuss how they address the challenges. We also discuss the applications of outlier explanations and review the existing methods used to evaluate outlier explanations. Furthermore, we discuss possible future research directions.

show abstract

Section: Summary Of Properties Of the Surveyed Outlier Explanation Te...mentioning

confidence: 99%

A survey on outlier explanations

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Advanced Persistent Threat (APT) attacks have become a major threat to modern enterprises [8], [57]. Existing Endpoint Detection and Response (EDR) systems adopted by these enterprises to defend against cyber attacks have difficulties in countering APT attacks due to the lack of capability to recover the complex causality relationships between the steps of APT attacks [17], [50], [76], [66], [64], [43]. Therefore, practitioners and researchers [73], [13], [25], [59], [30], [69], [75] now analyze the system auditing events in provenance data to recover APT attack scenarios.…”

Section: Introductionmentioning

confidence: 99%

NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation

Li,

Dong,

Xiao

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

“…With the continuous expansion of cloud services and the diversification of applications, the load data of cloud servers exhibit high dynamism and complexity. These load data usually exist in the form of time series, containing rich information [2]. This load data, typically in the form of time series, contains rich information, making effective prediction and anomaly detection crucial for resource scheduling, fault prevention, and system optimization [3].…”

Section: Introductionmentioning

confidence: 99%

ISSA-TCNFormer based-server anomaly detection

Meng,

Luo

2024

Third International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024)

View full text Add to dashboard Cite

To address the challenges of long-distance dependencies and environment diversity in cloud server load anomaly detection, an improved sparrow search algorithm (ISSA) based TCNFormer (ISSA-TCNFormer) is proposed in this paper. Initially, we take the advantages of TCN for local feature extraction and the global perceptron of Transformer, and propose the cloud server load anomaly detection network TCNFormer. Sparse self-attention mechanism is introduced into the vanilla Transformer to reduce the interference from redundant attentions in long-time series analysis. To further optimize parameter selection during the training process, an improved sparrow search algorithm is proposed to automatically finetune the training parameters. We conducted comprehensive comparative experiments and ablation analysis on the AIOpts Challenge dataset. The experimental results show that ISSA-TCNFormer achieved the best performance, proving the effectiveness of the proposed method in cloud server load anomaly detection.

show abstract

Real-Time Evasion Attacks against Deep Learning-Based Anomaly Detection from Distributed System Logs

Cited by 11 publications

References 32 publications

A survey on outlier explanations

A survey on outlier explanations

NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation

ISSA-TCNFormer based-server anomaly detection

Contact Info

Product

Resources

About