Abstract
Anomaly detection is supposed to improve safety of computers connected to the Internet. Cyberattackers would thus try to cheat anomaly detection systems. In this paper, we focus on feasibility of cheating anomaly detection. We investigate anomaly situations which could not be detected based on a detection technique and attempt to generate such situations with using ordinary operations. We evaluate our attempt empirically for demonstrating that logs of ordinary operations are significant information which should not be leaked.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alperovitch, D.: Revealed: operation shady RAT. Technical report, McAfee (2011). https://web.archive.org/web/20110804083836/ http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Dang, H., Huang, Y., Chang, E.C.: Evading classifiers by morphing in the dark. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 119–133. ACM, New York (2017). https://doi.org/10.1145/3133956.3133978
Dong, B., Chen, Z., Wang, H.W., Tang, L.A., Zhang, K., Lin, Y., Li, Z., Chen, H.: Efficient discovery of abnormal event sequences in enterprise security systems. In: Proceedings of the 2017 ACM Conference on Information and Knowledge Management, CIKM 2017, pp. 707–715. ACM, New York (2017). https://doi.org/10.1145/3132847.3132854
Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015). https://doi.org/10.2197/ipsjjip.23.579
IPSJ and MWS Organizing Committee: Anti malware engineering workshop (MWS) datasets 2017 (2017). http://www.iwsec.org/mws/
Liang, B., Su, M., You, W., Shi, W., Yang, G.: Cracking classifiers for evasion: a case study on the Google’s phishing pages filter. In: Proceedings of the 25th International Conference on World Wide Web, WWW 2016, pp. 345–356. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2016). https://doi.org/10.1145/2872427.2883060
Manzoor, E., Milajerdi, S.M., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2016, pp. 1035–1044. ACM, New York (2016). https://doi.org/10.1145/2939672.2939783
Takata, Y., Terada, M., Matsuki, T., Kasama, T., Araki, S., Hatada, M.: Datasets for anti-malware research-MWS datasets 2018-(in Japanese). SIG Technical reports 2018-CSEC-82Â 38, IPSJ (2018). http://id.nii.ac.jp/1001/00190441/
Varma, R.: McAfee Labs: combating aurora. Technical report, McAfee Labs (2010). https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2010/Combating%20Threats%20-%20Operation%20Aurora.pdf
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 255–264. ACM, New York (2002). https://doi.org/10.1145/586110.586145
Zoppi, T., Ceccarelli, A., Bondavalli, A.: Exploring anomaly detection in systems of systems. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1139–1146. ACM, New York (2017). https://doi.org/10.1145/3019612.3019765
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Muramatsu, A., Aritsugi, M. (2020). How Important Are Logs of Ordinary Operations? Empirical Investigation of Anomaly Detection. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_108
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_108
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)