Querying Streaming System Monitoring Data for Enterprise System Anomaly Detection

被引:7
|
作者
Gao, Peng [1 ]
Xiao, Xusheng [2 ]
Li, Ding [3 ]
Jee, Kangkook [4 ]
Chen, Haifeng [3 ]
Kulkarni, Sanjeev R. [5 ]
Mittal, Prateek [5 ]
机构
[1] Univ Calif Berkeley, Berkeley, CA 94720 USA
[2] Case Western Reserve Univ, Cleveland, OH 44106 USA
[3] NEC Labs Amer, Princeton, NJ USA
[4] UT Dallas, Dallas, TX USA
[5] Princeton Univ, Princeton, NJ 08544 USA
关键词
D O I
10.1109/ICDE48307.2020.00167
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The need for countering Advanced Persistent Threat (APT) attacks has led to the solutions that ubiquitously monitor system activities in each enterprise host, and perform timely abnormal system behavior detection over the stream of monitoring data. However, existing stream-based solutions lack explicit language constructs for expressing anomaly models that capture abnormal system behaviors, thus facing challenges in incorporating expert knowledge to perform timely anomaly detection over the large-scale monitoring data. To address these limitations, we build SAQL, a novel stream-based query system that takes as input, a real-time event feed aggregated from multiple hosts in an enterprise, and provides an anomaly query engine that queries the event feed to identify abnormal behaviors based on the specified anomaly models. SAQL provides a domain-specific query language, Stream-based Anomaly Query Language (SAQL), that uniquely integrates critical primitives for expressing major types of anomaly models. In the demo, we aim to show the complete usage scenario of SAQL by (1) performing an APT attack in a controlled environment, and (2) using SAQL to detect the abnormal behaviors in real time by querying the collected stream of system monitoring data that contains the attack traces. The audience will have the option to interact with the system and detect the attack footprints in real time via issuing queries and checking the query results through a command-line UI.
引用
收藏
页码:1774 / 1777
页数:4
相关论文
共 50 条
  • [1] Dynamic querying of streaming data with the dQUOB system
    Plale, B
    Schwan, K
    IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2003, 14 (04) : 422 - 432
  • [2] Anomaly detection in multivariate streaming PMU data using density estimation technique in wide area monitoring system
    Amutha, A. L.
    Uthra, R. Annie
    Roselyn, J. Preetha
    Brunet, R. Golda
    EXPERT SYSTEMS WITH APPLICATIONS, 2021, 175
  • [3] Voila: Visual Anomaly Detection and Monitoring with Streaming Spatiotemporal Data
    Cao, Nan
    Lin, Chaoguang
    Zhu, Qiuhan
    Lin, Yu-Ru
    Teng, Xian
    Wen, Xidao
    IEEE TRANSACTIONS ON VISUALIZATION AND COMPUTER GRAPHICS, 2018, 24 (01) : 23 - 33
  • [4] Anomaly Detection Monitoring System for Healthcare
    Boloka, Tlou
    Crafford, Gerrie
    Mokuwe, Windy
    Van Eden, Beatrice
    2021 SOUTHERN AFRICAN UNIVERSITIES POWER ENGINEERING CONFERENCE/ROBOTICS AND MECHATRONICS/PATTERN RECOGNITION ASSOCIATION OF SOUTH AFRICA (SAUPEC/ROBMECH/PRASA), 2021,
  • [5] Real-time Detection for Anomaly Data in Microseismic Monitoring System
    Ji Chang-peng
    Liu Li-li
    PROCEEDINGS OF THE 2009 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND NATURAL COMPUTING, VOL II, 2009, : 307 - +
  • [6] Autonomous anomaly detection for streaming data
    Basheer, Muhammad Yunus Iqbal
    Ali, Azliza Mohd
    Hamid, Nurzeatul Hamimah Abdul
    Ariffin, Muhammad Azizi Mohd
    Osman, Rozianawaty
    Nordin, Sharifalillah
    Gu, Xiaowei
    KNOWLEDGE-BASED SYSTEMS, 2024, 284
  • [7] Anomaly pattern detection for streaming data
    Kim, Taegong
    Park, Cheong Hee
    EXPERT SYSTEMS WITH APPLICATIONS, 2020, 149
  • [8] System and Network Security: Anomaly Detection and Monitoring
    Vadursi, Michele
    Ceccarelli, Andrea
    Duarte, Elias P., Jr.
    Mahanti, Aniket
    JOURNAL OF ELECTRICAL AND COMPUTER ENGINEERING, 2016, 2016 (2016)
  • [9] Data Management and Analytics System for Online Flight Conformance Monitoring and Anomaly Detection
    Ayhan, Samet
    Samet, Hanan
    27TH ACM SIGSPATIAL INTERNATIONAL CONFERENCE ON ADVANCES IN GEOGRAPHIC INFORMATION SYSTEMS (ACM SIGSPATIAL GIS 2019), 2019, : 219 - 228
  • [10] BEAM: An Anomaly-Based Threat Detection System for Enterprise Multi-Domain Data
    Lin, Derek
    Li, Anying
    Foltz, Ryan
    2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2020, : 2610 - 2618