Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas

  • Amanda Viescinski UFPR
  • Tiago Heinrich UFPR
  • Newton C. Will UFPR
  • Carlos Maziero UFPR
DOI: https://doi.org/10.5753/sbseg.2020.19240

Abstract


Security is critical in distributed systems and applications. A common approach for security is intrusion detection, which can be performed by attack signatures or by anomaly detection. In the anomaly detection approach, a model of normal behavior of the system is built and then used to detect deviations in its behavior. This paper proposes a technique for building behavioral models of distributed applications using system logs from their nodes. Partial models are built based on sets of event n-grams, which are then combined to obtain more general models. The proposed technique was evaluated using logs obtained from a distributed file system, with promising results.

References

Angiulli, F., Argento, L., and Furfaro, A. (2015). Exploiting n-gram location for intrusion detection. In Proceedings of the 27th International Conference on Tools with Artificial Intelligence, pages 1093–1098, Vietri sul Mare, Itália. IEEE.

Borkar, A., Donode, A., and Kumari, A. (2017). A survey on intrusion detection system (IDS) and internal intrusion detection and protection system (IIDPS). In Proceedings of the International Conference on Inventive Computing and Informatics, pages 949–953, Coimbatore, Índia. IEEE.

Coulouris, G., Dollimore, J., Kindberg, T., and Blair, G. (2013). Sistemas Distribuídos-: Conceitos e Projeto. Bookman Editora.

Debar, H., Dacier, M., and Wespi, A. (1999). Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805–822.

Fu, Q., Lou, J.-G., Wang, Y., and Li, J. (2009). Execution anomaly detection in distributed In Proceedings of the 9th International systems through unstructured log analysis. Conference on Data Mining, pages 149–158, Miami, FL, EUA. IEEE.

Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1-2):18–28.

Hauser, C., Tronel, F., Fidge, C., and Mé, L. (2013). Intrusion detection in distributed systems, an approach based on taint marking. In Proceedings of the International Conference on Communications, pages 1962–1967, Budapeste, Hungria. IEEE.

Jiang, G., Chen, H., Ungureanu, C., and Yoshihira, K. (2006). Multiresolution abnormal trace detection using varied-length n-grams and automata. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 37(1):86–97.

Jose, S., Malathi, D., Reddy, B., and Jayaseeli, D. (2018). A survey on anomaly based host intrusion detection system. Journal of Physics: Conference Series, 1000:012049.

Khraisat, A., Gondal, I., Vamplew, P., and Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1).

Lamport, L. (1978). Time, clocks, and the ordering of events in a distributed system. Communications of the ACM, 21(7):558–565.

Lanoë, D., Hurfin, M., Totel, E., and Maziero, C. (2019). An efficient and scalable intrusion detection system on logs of distributed applications. In Proceedings of the International Conference on ICT Systems Security and Privacy Protection, pages 49–63, Lisboa, Portugal. Springer.

Lee, D. and Yannakakis, M. (1996). Principles and methods of testing finite state machines a survey. Proceedings of the IEEE, 84(8):1090–1123.

Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.

Mishra, P., Pilli, E. S., Varadharajan, V., and Tupakula, U. (2017). Intrusion detection techniques in cloud environment: A survey. Journal of Network and Computer Applications, 77:18 – 47.

Quobyte Inc (2020). XtreemFS fault-tolerant distributed file system. http://www.xtreemfs.org.

Raguenet, I. and Maziero, C. (2008). A fuzzy model for the composition of intrusion detectors. In Proceedings of the 23rd International Information Security Conference, pages 237–251, Milão, Itália. Springer.

Scarfone, K. and Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS). Technical report, National Institute of Standards and Technology.

Stillerman, M., Marceau, C., and Stillman, M. (1999). Intrusion detection for distributed applications. Communications of the ACM, 42(7):62–69.

Totel, E., Hkimi, M., Hurfin, M., Leslous, M., and Labiche, Y. (2016). Inferring a distributed application behavior model for anomaly based intrusion detection. In Proceedings of the 12th European Dependable Computing Conference, pages 53–64, Gotemburgo, Suécia. IEEE.

Wressnegger, C., Schwenk, G., Arp, D., and Rieck, K. (2013). A close look on n-grams In Proceedings of the in intrusion detection: anomaly detection vs. classification. Workshop on Artificial Intelligence and Security, pages 67–76, Berlim, Alemanha. ACM.

Yassin, W., Udzir, N. I., Muda, Z., Sulaiman, M. N., et al. (2013). Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In Proceedings of the 4th International Conference on Computing and Informatics, pages 298–303, Kuching, Malásia.

Zolotukhin, M. and Hämäläinen, T. (2013). Detection of anomalous HTTP requests based In Proceedings of the 13th on advanced n-gram model and clustering techniques. International Conference on Internet of Things, Smart Spaces, and Next Generation Networking, pages 371–382. Springer, São Petersburgo, Rússia.
Published
2020-10-13
How to Cite

Select a Format
VIESCINSKI, Amanda; HEINRICH, Tiago; WILL, Newton C.; MAZIERO, Carlos. Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 20. , 2020, Petrópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 229-242. DOI: https://doi.org/10.5753/sbseg.2020.19240.

Most read articles by the same author(s)