Abstract
A two dimensional time approach is introduced in order to classify a periodic, adaptive threshold for service level anomaly detection. An iterative algorithm is applied to history analysis on this periodic time to provide a the smooth roll-off in the significance of the data with time. The algorithm described leads to an approximately ten-fold compression in data storage, and thousand fold improvement in computation cycles, compared to a naive time-series approach. The behaviour of this anomaly detector is discussed, and the result is implemented in cfengine for direct use in system management.
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Anomaly Detection
- Intrusion Detection System
- Network Intrusion Detection
- Adaptive Policy
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J.L. Hellerstein, F. Zhang, and P. Shahabuddin. An approach to predictive detection for service management. Proceedings of IFIP/IEEE INM VI, page 309, 1999.
J. Cradley Chen, Y. Endo, D. Mazieres, A. Dias, M. Seltzer, and M.D. Smith. The measured performance of personal computer operating systems. ACM transactions on computing systems and Proceedings of the 15th ACM symposium on Operating System Principles, 1995.
M. Burgess. A site configuration engine. Computing systems (MIT Press: Cambridge MA), 8:309, 1995.
M. Burgess. Automated system administration with feedback regulation. Software practice and experience, 28:1519, 1998.
M. Burgess. Computer immunology. Proceedings of the Twelth Systems Administration Conference (LISA XII) (USENIX Association: Berkeley, CA), page 283, 1998.
M. Burgess. Theoretical system administration. Proceedings of the Fourteenth Systems Administration Conference (LISA XIV) (USENIX Association: Berkeley, CA), page 1, 2000.
M.I. Seltzer and C. Small. Self-monitoring and self-adapting operating systems. Proceedings of the Sixth workshop on Hot Topics in Operating Systems, 1997.
M.J. Ranum et al. Implementing a generalized tool for network monitoring. Proceedings of the Eleventh Systems Administration Conference (LISA XI) (USENIX Association: Berkeley, CA), page 1, 1997.
S. A. Hofmeyr, S. Forrest, and P. D’haeseleer. An immunological approach to distributed network intrusion detection. Paper presented at RAID’98-First International Workshop on the Recent Advances in Intrusion Detection Louvain-la-Neuve, Belgium September., 1998.
J.O. Kephart. A biologically inspired immune system for computers. Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems. MIT Press. Cambridge MA., page 130, 1994.
S. Forrest, S. Hofmeyr, and A. Somayaji. Communications of the ACM, 40:88, 1997.
P. Hoogenboom and J. Lepreau. Computer system performance problem detection using time series models. Proceedings of the USENIX Technical Conference, (USENIX Association: Berkeley, CA), page 15, 1993.
M. Burgess. Cfengine www site. http://www.iu.hio.no/cfengine.
S. A. Hofmeyr, A. Somayaji, and S. Forrest. Intrusion detection using sequences of system calls. Journal of Computer Security, 6:151–180, 1998.
M. Burgess and D. Skipitaris. Adaptive locks for frequently scheduled tasks with unpredictable runtimes. Proceedings of the Eleventh Systems Administration Conference (LISA XI) (USENIX Association: Berkeley, CA), page 113, 1997.
M. Carney and B. Loe. A comparison of methods for implementing adaptive security policies. Proceedings of the 7th security conference (USENIX Association: Berkeley, CA).
M. Burgess, H. Haugerud, T. Reitan, and S. Straumsnes. Measuring host normality. ACM Transactions on Computing Systems, 20:125–160, 2001.
Sleepcat Berkeley db project. http://www.sleepycat.com.
M. Burgess. The kinematics of distributed computer transactions. International Journal of Modern Physics, C12:759–789, 2000.
Snort. Intrusion detection system. http://www.snort.org.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Burgess, M. (2002). Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems. In: Feridun, M., Kropf, P., Babin, G. (eds) Management Technologies for E-Commerce and E-Business Applications. DSOM 2002. Lecture Notes in Computer Science, vol 2506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36110-3_17
Download citation
DOI: https://doi.org/10.1007/3-540-36110-3_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00080-8
Online ISBN: 978-3-540-36110-7
eBook Packages: Springer Book Archive