DOI QR코드

DOI QR Code

A New Semantic Kernel Function for Online Anomaly Detection of Software

  • Parsa, Saeed (School of Computer Engineering, Iran University of Science and Technology) ;
  • Naree, Somaye Arabi (School of Computer Engineering, Iran University of Science and Technology)
  • Received : 2011.06.30
  • Accepted : 2011.11.25
  • Published : 2012.04.04

Abstract

In this letter, a new online anomaly detection approach for software systems is proposed. The novelty of the proposed approach is to apply a new semantic kernel function for a support vector machine (SVM) classifier to detect fault-suspicious execution paths at runtime in a reasonable amount of time. The kernel uses a new sequence matching algorithm to measure similarities among program execution paths in a customized feature space whose dimensions represent the largest common subpaths among the execution paths. To increase the precision of the SVM classifier, each common subpath is given weights according to its ability to discern executions as correct or anomalous. Experiment results show that compared with the known kernels, the proposed SVM kernel will improve the time overhead of online anomaly detection by up to 170%, while improving the precision of anomaly alerts by up to 140%.

Keywords

References

  1. G.K. Baah, A. Gray, and M.J. Harrold, "On-Line Anomaly Detection of Deployed Software: A Statistical Machine Learning Approach," Proc. SOQUA, 2006, pp. 70-77.
  2. A. Zeller, Why Programs Fail: A Guide to Systematic Debugging, Morgan Kaufmann, 2009.
  3. F. Salfner, M. Lenk, and M. Malek, A Survey of Online Failure Prediction Methods, ACM Comput. Surv., 2010, pp. 1-42.
  4. S. Parsa, S. Arabi, and M. Vahidi, "A Learning Approach to Early Bug Prediction in Deployed Software," Proc. AIMSA, 2008, pp. 400-404.
  5. R. Herbrich, Learning Kernel Classifiers Theory and Algorithms, MIT Press, 2002.
  6. M.J. Harrold, A. Jefferson, and K. Tewary, "An Approach to Fault Modeling and Fault Seeding Using the Program Dependence Graph," J. Syst. Software, vol. 36, 1997, pp. 273-295. https://doi.org/10.1016/S0164-1212(96)00175-6
  7. Software Infrastructure Repository. http://sir.unl.edu/
  8. L. Fei and S.P. Midkiff, "Artemis: Practical Runtime Monitoring of Applications for Execution Anomalies," Proc. PLDI, 2006, pp. 84-95.
  9. L. Fei et al., "Argus: Online Statistical Bug Detection," Proc. FASE, 2006, pp. 308-323.
  10. Testwell CTC++ tool. http://www.testwell.fi/
  11. C.-C. Chang, "LIBSVM: A Library for Support Vector Machines," ACM Trans. Intell. Syst. Technol., 2011, pp. 1-27.

Cited by

  1. 센서스 정보 및 전력 부하를 활용한 전력 수요 예측 vol.18, pp.3, 2013, https://doi.org/10.9723/jksiis.2013.18.3.035
  2. Anomaly Intrusion Detection Based on Hyper-ellipsoid in the Kernel Feature Space vol.9, pp.3, 2015, https://doi.org/10.3837/tiis.2015.03.019
  3. Feature-Chain Based Malware Detection Using Multiple Sequence Alignment of API Call vol.ed99, pp.4, 2012, https://doi.org/10.1587/transinf.2015cyp0007
  4. PAM: process authentication mechanism for protecting system services against malicious code attacks vol.45, pp.1, 2012, https://doi.org/10.1007/s12046-020-01381-7