Name
Title | ||
|---|---|---|
An Imputation-based Augmented Anomaly Detection from Large Traces of Operating System Events. |
Abstract | ||
|---|---|---|
Software debugging, audit, and compliance testing are some of the tasks we perform using execution traces of an operating system. However, these actions gather information about the behavior of the software vis-a-vis its design aims. In this work, our analysis of the execution traces of an embedded real-time operating system (RTOS) is rather to model the behavior of the physical system being managed by the software application via the embedded operating system. Hence, for an event-triggered embedded RTOS that controls the behavior of a bespoke system like an unmanned aerial vehicle (UAV), the events in the execution traces of the embedded RTOS is directly linked to the operation of the controlled physical system. Therefore, we hypothesize that the frequency of events (method/function calls) per observation is a useful feature for modeling the behavior of the physical system controlled by the operating system. Furthermore, we tackle the challenge of lack of data that sufficiently captures the possible degree of aberration that may occur in a system. We model augmentation via artificial missingness and imputation in the data we have to generate new cases. We implement missingness using the missing completely at random (MCAR) strategy, and we use the overall single mean imputation method at the imputation stage. This imputation method takes the average of the remaining values in the dataset and replaces missing values with this average. This accretion leads to an imputation-based augmented anomaly detection model that enables us to expand both the training and validation/test data. Expansion of the test data ensures that we reduce the misclassification resulting from the non-parametric nature of the anomalies that may occur on the physical system, while the use of injected data for training helps us to do a stress test on our model. We test our model with traces of a real-time operating system kernel of a UAV, and the results show that the model achieves an improved anomalous trace detection accuracy even under the induced missingness. |
Year | Venue | Field |
|---|---|---|
2017 | BDCAT | Embedded operating system,Data mining,Anomaly detection,Physical system,Computer science,Real-time operating system,Software,Test data,Missing data,Imputation (statistics),Operating system |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
9 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mellitus Ezeme | 1 | 0 | 0.34 |
| Akramul Azim | 2 | 39 | 11.82 |
| Qusay H. Mahmoud | 3 | 844 | 112.10 |