Advertisement

How Important Are Logs of Ordinary Operations? Empirical Investigation of Anomaly Detection

  • Akinori MuramatsuEmail author
  • Masayoshi Aritsugi
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)

Abstract

Anomaly detection is supposed to improve safety of computers connected to the Internet. Cyberattackers would thus try to cheat anomaly detection systems. In this paper, we focus on feasibility of cheating anomaly detection. We investigate anomaly situations which could not be detected based on a detection technique and attempt to generate such situations with using ordinary operations. We evaluate our attempt empirically for demonstrating that logs of ordinary operations are significant information which should not be leaked.

References

  1. 1.
    Alperovitch, D.: Revealed: operation shady RAT. Technical report, McAfee (2011). https://web.archive.org/web/20110804083836/ http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
  2. 2.
    Dang, H., Huang, Y., Chang, E.C.: Evading classifiers by morphing in the dark. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 119–133. ACM, New York (2017).  https://doi.org/10.1145/3133956.3133978
  3. 3.
    Dong, B., Chen, Z., Wang, H.W., Tang, L.A., Zhang, K., Lin, Y., Li, Z., Chen, H.: Efficient discovery of abnormal event sequences in enterprise security systems. In: Proceedings of the 2017 ACM Conference on Information and Knowledge Management, CIKM 2017, pp. 707–715. ACM, New York (2017).  https://doi.org/10.1145/3132847.3132854
  4. 4.
    Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015).  https://doi.org/10.2197/ipsjjip.23.579CrossRefGoogle Scholar
  5. 5.
    IPSJ and MWS Organizing Committee: Anti malware engineering workshop (MWS) datasets 2017 (2017). http://www.iwsec.org/mws/
  6. 6.
    Liang, B., Su, M., You, W., Shi, W., Yang, G.: Cracking classifiers for evasion: a case study on the Google’s phishing pages filter. In: Proceedings of the 25th International Conference on World Wide Web, WWW 2016, pp. 345–356. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2016).  https://doi.org/10.1145/2872427.2883060
  7. 7.
    Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2016, pp. 1035–1044. ACM, New York (2016).  https://doi.org/10.1145/2939672.2939783
  8. 8.
    Takata, Y., Terada, M., Matsuki, T., Kasama, T., Araki, S., Hatada, M.: Datasets for anti-malware research-MWS datasets 2018-(in Japanese). SIG Technical reports 2018-CSEC-82 38, IPSJ (2018). http://id.nii.ac.jp/1001/00190441/
  9. 9.
    Varma, R.: McAfee Labs: combating aurora. Technical report, McAfee Labs (2010). https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2010/Combating%20Threats%20-%20Operation%20Aurora.pdf
  10. 10.
    Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 255–264. ACM, New York (2002).  https://doi.org/10.1145/586110.586145
  11. 11.
    Zoppi, T., Ceccarelli, A., Bondavalli, A.: Exploring anomaly detection in systems of systems. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1139–1146. ACM, New York (2017).  https://doi.org/10.1145/3019612.3019765

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Computer Science and Electrical Engineering, Graduate School of Science and TechnologyKumamoto UniversityKumamotoJapan
  2. 2.Big Data Science and Technology, Faculty of Advanced Science and TechnologyKumamoto UniversityKumamotoJapan

Personalised recommendations