How Important Are Logs of Ordinary Operations? Empirical Investigation of Anomaly Detection

Muramatsu, Akinori; Aritsugi, Masayoshi

doi:10.1007/978-3-030-15032-7_108

Akinori Muramatsu¹⁸ &
Masayoshi Aritsugi¹⁹

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 926))

Included in the following conference series:

International Conference on Advanced Information Networking and Applications

1790 Accesses

Abstract

Anomaly detection is supposed to improve safety of computers connected to the Internet. Cyberattackers would thus try to cheat anomaly detection systems. In this paper, we focus on feasibility of cheating anomaly detection. We investigate anomaly situations which could not be detected based on a detection technique and attempt to generate such situations with using ordinary operations. We evaluate our attempt empirically for demonstrating that logs of ordinary operations are significant information which should not be leaked.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Alperovitch, D.: Revealed: operation shady RAT. Technical report, McAfee (2011). https://web.archive.org/web/20110804083836/ http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Dang, H., Huang, Y., Chang, E.C.: Evading classifiers by morphing in the dark. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 119–133. ACM, New York (2017). https://doi.org/10.1145/3133956.3133978
Dong, B., Chen, Z., Wang, H.W., Tang, L.A., Zhang, K., Lin, Y., Li, Z., Chen, H.: Efficient discovery of abnormal event sequences in enterprise security systems. In: Proceedings of the 2017 ACM Conference on Information and Knowledge Management, CIKM 2017, pp. 707–715. ACM, New York (2017). https://doi.org/10.1145/3132847.3132854
Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015). https://doi.org/10.2197/ipsjjip.23.579
Article Google Scholar
IPSJ and MWS Organizing Committee: Anti malware engineering workshop (MWS) datasets 2017 (2017). http://www.iwsec.org/mws/
Liang, B., Su, M., You, W., Shi, W., Yang, G.: Cracking classifiers for evasion: a case study on the Google’s phishing pages filter. In: Proceedings of the 25th International Conference on World Wide Web, WWW 2016, pp. 345–356. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2016). https://doi.org/10.1145/2872427.2883060
Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2016, pp. 1035–1044. ACM, New York (2016). https://doi.org/10.1145/2939672.2939783
Takata, Y., Terada, M., Matsuki, T., Kasama, T., Araki, S., Hatada, M.: Datasets for anti-malware research-MWS datasets 2018-(in Japanese). SIG Technical reports 2018-CSEC-82 38, IPSJ (2018). http://id.nii.ac.jp/1001/00190441/
Varma, R.: McAfee Labs: combating aurora. Technical report, McAfee Labs (2010). https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2010/Combating%20Threats%20-%20Operation%20Aurora.pdf
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 255–264. ACM, New York (2002). https://doi.org/10.1145/586110.586145
Zoppi, T., Ceccarelli, A., Bondavalli, A.: Exploring anomaly detection in systems of systems. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1139–1146. ACM, New York (2017). https://doi.org/10.1145/3019612.3019765

Download references

Author information

Authors and Affiliations

Computer Science and Electrical Engineering, Graduate School of Science and Technology, Kumamoto University, 2-39-1 Kurokami, Chuo-ku, Kumamoto, 860-8555, Japan
Akinori Muramatsu
Big Data Science and Technology, Faculty of Advanced Science and Technology, Kumamoto University, 2-39-1 Kurokami, Chuo-ku, Kumamoto, 860-8555, Japan
Masayoshi Aritsugi

Authors

Akinori Muramatsu
View author publications
You can also search for this author in PubMed Google Scholar
Masayoshi Aritsugi
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akinori Muramatsu .

Editor information

Editors and Affiliations

Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan
Leonard Barolli
Department of Advanced Sciences, Hosei University, Koganei-Shi, Tokyo, Japan
Makoto Takizawa
Department of Computer Science, Technical University of Catalonia, Barcelona, Barcelona, Spain
Fatos Xhafa
Faculty of Business Administration, Rissho University, Tokyo, Japan
Tomoya Enokido

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Muramatsu, A., Aritsugi, M. (2020). How Important Are Logs of Ordinary Operations? Empirical Investigation of Anomaly Detection. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_108

Download citation

DOI: https://doi.org/10.1007/978-3-030-15032-7_108
Published: 15 March 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics