Abstract
Model checking and verification using Kripke structures and computational tree logic* (CTL*) use abstractions from the process to create the state-transition graphs that verify the model behavior. This scheme of profiling the behavior of a process means that the depth of the model behavior that can be synthesized correlates with the level of the model abstraction. Therefore, for complex processes, this approach does not produce a fine-grained behavioral model and does not capture the execution time interactions amongst processes, hardware, and the kernel because of state explosion problems. Hence, in this paper, we introduce DeepAnom: an ensemble deep framework for anomaly detection in system processes. DeepAnom targets anomalies in both time-driven and event-driven processes. We test the model with dataset generated from autonomous aerial vehicle application, and the results confirm our hypothesis that DeepAnom presents a deeper view of the system processes and can therefore capture anomalies of various scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
Clarke, E.M., Klieber, W., Nováček, M., Zuliani, P.: Model checking and the state explosion problem. In: Meyer, B., Nordio, M. (eds.) LASER 2011. LNCS, vol. 7682, pp. 1–30. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35746-6_1
Du, M., Li, F., Zheng, G., Srikumar, V.: Deeplog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285–1298. ACM (2017)
Ezeme, M., Azim, A., Mahmoud, Q.H.: An imputation-based augmented anomaly detection from large traces of operating system events. In: Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies, pp. 43–52. BDCAT 2017, ACM, New York (2017). http://doi.acm.org/10.1145/3148055.3148076
Ezeme, M.O., Mahmoud, Q.H., Azim, A.: Hierarchical attention-based anomaly detection model for embedded operating systems. In: 2018 IEEE 24th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), pp. 225–231. IEEE (2018)
Ezeme, O.M., Mahmoud, Q.H., Azim, A.: Dream: deep recursive attentive model for anomaly detection in kernel events. IEEE Access 7, 18860–18870 (2019). https://doi.org/10.1109/ACCESS.2019.2897122
Yoon, M.K., Mohan, S., Choi, J., Christodorescu, M., Sha, L.: Learning execution contexts from system call distribution for anomaly detection in smart embedded system. In: Proceedings of the Second International Conference on Internet-of-Things Design and Implementation, pp. 191–196. ACM (2017)
Acknowledgment
This research was funded in part by PTDF Nigeria and the Natural Sciences and Engineering Research Council of Canada (NSERC).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ezeme, O.M., Lescisin, M., Mahmoud, Q.H., Azim, A. (2019). DeepAnom: An Ensemble Deep Framework for Anomaly Detection in System Processes. In: Meurs, MJ., Rudzicz, F. (eds) Advances in Artificial Intelligence. Canadian AI 2019. Lecture Notes in Computer Science(), vol 11489. Springer, Cham. https://doi.org/10.1007/978-3-030-18305-9_58
Download citation
DOI: https://doi.org/10.1007/978-3-030-18305-9_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18304-2
Online ISBN: 978-3-030-18305-9
eBook Packages: Computer ScienceComputer Science (R0)