当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate
arXiv - CS - Software Engineering Pub Date : 2020-06-15 , DOI: arxiv-2006.08811 Charles F. Gon\c{c}alves, Daniel S. Menasch\'e, Alberto Avritzer, Nuno Antunes, Marco Vieira
arXiv - CS - Software Engineering Pub Date : 2020-06-15 , DOI: arxiv-2006.08811 Charles F. Gon\c{c}alves, Daniel S. Menasch\'e, Alberto Avritzer, Nuno Antunes, Marco Vieira
The complexity and ubiquity of modern computing systems is a fertile ground
for anomalies, including security and privacy breaches. In this paper, we
propose a new methodology that addresses the practical challenges to implement
anomaly detection approaches. Specifically, it is challenging to define normal
behavior comprehensively and to acquire data on anomalies in diverse cloud
environments. To tackle those challenges, we focus on anomaly detection
approaches based on system performance signatures. In particular, performance
signatures have the potential of detecting zero-day attacks, as those
approaches are based on detecting performance deviations and do not require
detailed knowledge of attack history. The proposed methodology leverages an
analytical performance model and experimentation and allows to control the rate
of false positives in a principled manner. The methodology is evaluated using
the TPCx-V workload, which was profiled during a set of executions using
resource exhaustion anomalies that emulate the effects of anomalies affecting
system performance. The proposed approach was able to successfully detect the
anomalies, with a low number of false positives (precision 90%-98%).
中文翻译:
基于模型的异常检测交易检测时间和误报率方法
现代计算系统的复杂性和普遍性是异常的沃土,包括安全和隐私泄露。在本文中,我们提出了一种新方法,可以解决实施异常检测方法的实际挑战。具体而言,全面定义正常行为并获取不同云环境中的异常数据具有挑战性。为了应对这些挑战,我们专注于基于系统性能特征的异常检测方法。特别是,性能签名具有检测零日攻击的潜力,因为这些方法基于检测性能偏差,不需要详细了解攻击历史。所提出的方法利用分析性能模型和实验,并允许以有原则的方式控制误报率。该方法使用 TPCx-V 工作负载进行评估,该工作负载在一组执行期间使用资源耗尽异常进行分析,这些异常模拟影响系统性能的异常的影响。所提出的方法能够成功检测异常,误报率很低(精度为 90%-98%)。
更新日期:2020-06-17
中文翻译:
基于模型的异常检测交易检测时间和误报率方法
现代计算系统的复杂性和普遍性是异常的沃土,包括安全和隐私泄露。在本文中,我们提出了一种新方法,可以解决实施异常检测方法的实际挑战。具体而言,全面定义正常行为并获取不同云环境中的异常数据具有挑战性。为了应对这些挑战,我们专注于基于系统性能特征的异常检测方法。特别是,性能签名具有检测零日攻击的潜力,因为这些方法基于检测性能偏差,不需要详细了解攻击历史。所提出的方法利用分析性能模型和实验,并允许以有原则的方式控制误报率。该方法使用 TPCx-V 工作负载进行评估,该工作负载在一组执行期间使用资源耗尽异常进行分析,这些异常模拟影响系统性能的异常的影响。所提出的方法能够成功检测异常,误报率很低(精度为 90%-98%)。