Journal
IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING
Volume 34, Issue 1, Pages 1-14Publisher
IEEE COMPUTER SOC
DOI: 10.1109/TKDE.2020.2978469
Keywords
Context modeling; unsupervised learning; anomaly detection; kernel events
Categories
Funding
- PTDF Nigeria
- Natural Sciences and Engineering Research Council ofCanada (NSERC)
Ask authors/readers for more resources
In this paper, an end-to-end framework is presented, which utilizes auto-encoders and probabilistic models to understand system processes' behavior and detect deviant behaviors. By creating a fine-grained model that exploits previously unused properties of system calls, a dynamic anomaly detection framework is created that evolves as threats change.
Model-checking and verification using Kripke structures and computational tree logic* (CTL*) use abstractions from the model/process/application to create the state-transition graphs that verify the model behavior. This scheme of profiling the performance of a process imports that the depth of the process operation correlates with the level abstraction. However, because of state explosion problems, these abstractions tend to restrict the scope to create manageable execution states. Therefore, for context modeling, this procedure does not generate a fine-grained behavioral model as generated states limit the ability of the abstraction to capture the execution time interactions amongst the processes, the hardware, and the kernel. Hence, in this paper, we present an end-to-end framework that comprises auto-encoders and probabilistic models to understand the behavior of system processes and detect deviant behaviors. We test this framework with a publicly available dataset generated from an autonomous aerial vehicle (UAV) application and the results show that by creating a fine-grained model that exploits previously unharnessed properties of the system calls, we can create a dynamic anomaly detection framework that evolves as the threats change.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available