A two-stage virtual machine abnormal behavior-based anomaly detection mechanism

2021 ◽  
Author(s):  
Hancui Zhang ◽  
Weida Zhou
Keyword(s):  
Anomaly Detection ◽  
Virtual Machine ◽  
Abnormal Behavior ◽  
Two Stage ◽  
Detection Mechanism ◽  
Behavior Based

scholarly journals A Novel Anomaly Behavior Detection Scheme for Mobile Ad Hoc Networks

Electronics ◽  
2021 ◽  
Vol 10 (14) ◽  
pp. 1635
Author(s):  
Neeraj Chugh ◽  
Geetam Singh Tomar ◽  
Robin Singh Bhadoria ◽  
Neetesh Saxena
Keyword(s):  
Anomaly Detection ◽  
Ad Hoc Networks ◽  
Mobile Ad Hoc Networks ◽  
Network Performance ◽  
Ad Hoc ◽  
Abnormal Behavior ◽  
Energy Awareness ◽  
Behavior Detection ◽  
Mobile Ad Hoc ◽  
Hoc Networks

To sustain the security services in a Mobile Ad Hoc Networks (MANET), applications in terms of confidentially, authentication, integrity, authorization, key management, and abnormal behavior detection/anomaly detection are significant. The implementation of a sophisticated security mechanism requires a large number of network resources that degrade network performance. In addition, routing protocols designed for MANETs should be energy efficient in order to maximize network performance. In line with this view, this work proposes a new hybrid method called the data-driven zone-based routing protocol (DD-ZRP) for resource-constrained MANETs that incorporate anomaly detection schemes for security and energy awareness using Network Simulator 3. Most of the existing schemes use constant threshold values, which leads to false positive issues in the network. DD-ZRP uses a dynamic threshold to detect anomalies in MANETs. The simulation results show an improved detection ratio and performance for DD-ZRP over existing schemes; the method is substantially better than the prevailing protocols with respect to anomaly detection for security enhancement, energy efficiency, and optimization of available resources.

The anomaly detection mechanism using deep learning in a limited amount of data for fog networking

2021 ◽  
Vol 170 ◽  
pp. 130-143
Author(s):  
Gwo-Jiun Horng ◽  
Min-Xiang Liu ◽  
Chien-Chin Hsu
Keyword(s):  
Deep Learning ◽  
Anomaly Detection ◽  
Detection Mechanism

scholarly journals GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

2021 ◽  
Author(s):  
Taku Wakui ◽  
Takao Kondo ◽  
Fumio Teraoka
Keyword(s):  
Anomaly Detection ◽  
Short Term Memory ◽  
Denial Of Service ◽  
General Purpose ◽  
Traffic Information ◽  
Traffic Patterns ◽  
Detection Mechanism ◽  
Internet Service ◽  
Internet Backbone ◽  
Backbone Network

AbstractThis paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

scholarly journals Hybrid Internal Anomaly Detection System for IoT: Reactive Nodes with Cross-Layer Operation

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
Nanda Kumar Thanigaivelan ◽  
Ethiopia Nigussie ◽  
Seppo Virtanen ◽  
Jouni Isoaho
Keyword(s):  
Anomaly Detection ◽  
False Positive ◽  
Detection System ◽  
False Positive Rate ◽  
Security Analysis ◽  
Abnormal Behavior ◽  
Test Bed ◽  
Positive Rate ◽  
Parent Node ◽  
Anomaly Detection System

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system.

scholarly journals RFID-Based Human Behavior Modeling and Anomaly Detection for Elderly Care

2010 ◽  
Vol 6 (4) ◽  
pp. 341-354 ◽  
Author(s):  
Hui-Huang Hsu ◽  
Chien-Chen Chen
Keyword(s):  
Anomaly Detection ◽  
Intelligent System ◽  
Elderly Care ◽  
The Elderly ◽  
Behavior Modeling ◽  
Abnormal Behavior ◽  
Daily Movement ◽  
Movement Data ◽  
Novel Approach ◽  
At Home

This research aimed at building an intelligent system that can detect abnormal behavior for the elderly at home. Active RFID tags can be deployed at home to help collect daily movement data of the elderly who carries an RFID reader. When the reader detects the signals from the tags, RSSI values that represent signal strength are obtained. The RSSI values are reversely related to the distance between the tags and the reader and they are recorded following the movement of the user. The movement patterns, not the exact locations, of the user are the major concern. With the movement data (RSSI values), the clustering technique is then used to build a personalized model of normal behavior. After the model is built, any incoming datum outside the model can be viewed as abnormal and an alarm can be raised by the system. In this paper, we present the system architecture for RFID data collection and preprocessing, clustering for anomaly detection, and experimental results. The results show that this novel approach is promising.

scholarly journals Anomaly Detection for Application Layer User Browsing Behavior Based on Attributes and Features

2018 ◽  
Vol 1069 ◽  
pp. 012072 ◽  
Author(s):  
Xiong Luo ◽  
Xiaoqiang Di ◽  
Xu Liu ◽  
Hui Qi ◽  
Jinqing Li ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Application Layer ◽  
Behavior Based ◽  
Browsing Behavior

Improved t-SNE in Anomaly Detection of Cloud Virtual Machine

2021 ◽  
pp. 1-26
Author(s):  
Fu Zhuang ◽  
Guoyuan Lin ◽  
Huanye He ◽  
Yifan Zhang ◽  
Yonggang Li ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Virtual Machine

Real-time detection and tracking of fish abnormal behavior based on improved YOLOV5 and SiamRPN++

2021 ◽  
pp. 106512
Author(s):  
He Wang ◽  
Song Zhang ◽  
Shili Zhao ◽  
Qi Wang ◽  
Daoliang Li ◽  
...  
Keyword(s):  
Real Time ◽  
Abnormal Behavior ◽  
Detection And Tracking ◽  
Real Time Detection ◽  
Behavior Based
Sign in / Sign up

Export Citation Format

Share Document