Online behavior classification for anomaly detection in self-x real-time systems

F.-J. Rammig, K. Stahl, Concurrency and Computation: Practice and Experience (2015).

Download
No fulltext has been uploaded.
Journal Article | English
Author
Rammig, Franz-Josef; Stahl, Katharina
Abstract
Autonomous adaptation in self-adapting embedded real-time systems introduces novel risks as it may lead to unforeseen system behavior. An anomaly detection framework integrated in a real-time operating system can ease the identification of such suspicious novel behavior and, thereby, offers the potential to enhance the reliability of the considered self-x system. However, anomaly detection is based on knowledge about normal behavior. When dealing with self-reconfiguring applications, normal behavior changes. Hence, knowledge base requires adaptation or even re-construction at runtime. The stringent restrictions of real-time systems considering runtime and memory consumption make this task to a really challenging problem. We present our idea for online construction of application behavior knowledge that does not rely on training phase. The applications' behavior is defined by the application's system call invocations. For the knowledge base, we exploit suffix trees as they offer potentials to represent application behavior patterns and associated information in a compact manner. The online algorithm provided by suffix trees is a basis to construct the knowledge base with low computational effort. Anomaly detection and classification is integrated into the online construction method. New behavioral patterns do not unconditionally update the behavior knowledge base. They are evaluated in a context-related manner inspired by Danger Theory, a special discipline of artificial immune systems. Copyright © 2015 John Wiley & Sons, Ltd.
Publishing Year
Journal Title
Concurrency and Computation: Practice and Experience
LibreCat-ID

Cite this

Rammig F-J, Stahl K. Online behavior classification for anomaly detection in self-x real-time systems. Concurrency and Computation: Practice and Experience . Published online 2015.
Rammig, F.-J., & Stahl, K. (2015). Online behavior classification for anomaly detection in self-x real-time systems. Concurrency and Computation: Practice and Experience .
@article{Rammig_Stahl_2015, title={Online behavior classification for anomaly detection in self-x real-time systems}, journal={Concurrency and Computation: Practice and Experience }, author={Rammig, Franz-Josef and Stahl, Katharina}, year={2015} }
Rammig, Franz-Josef, and Katharina Stahl. “Online Behavior Classification for Anomaly Detection in Self-x Real-Time Systems.” Concurrency and Computation: Practice and Experience , 2015.
F.-J. Rammig and K. Stahl, “Online behavior classification for anomaly detection in self-x real-time systems,” Concurrency and Computation: Practice and Experience , 2015.
Rammig, Franz-Josef, and Katharina Stahl. “Online Behavior Classification for Anomaly Detection in Self-x Real-Time Systems.” Concurrency and Computation: Practice and Experience , 2015.

Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar