Paper Info
Title
MASKED: A MapReduce Solution for the Kappa-Pruned Ensemble-Based Anomaly Detection System.
Abstract
Detecting system anomalies at run-time is critical for system reliability and security. Studies in this area focused mainly on effectiveness of the proposed approaches; that is, the ability to detect anomalies with high accuracy. However, less attention was given to efficiency. In this paper, we propose an efficient MapReduce Solution for the Kappa-pruned Ensemble based Anomaly Detection System (MASKED). It profiles the heterogeneous features from large-scale traces of system calls and processes them by heterogeneous anomaly detectors which are Sequence-Time Delay Embedding (STIDE), Hidden Markov Model (HMM), and One-class Support Vector Machine (OCSVM). We deployed MASKED on a Hadoop cluster using the MapReduce programming model. We compared their efficiency and scalability by varying the size of the cluster. We assessed the performance of the proposed approach using the CANALI-WD dataset which consists of 180 GB of execution traces, collected from 10 different machines. Experimental results show that MASKED becomes more efficient and scalable as the file size is increased (e.g., 6-node cluster is 8 times faster than the 2-node cluster). Moreover, the throughput achieved on a 6-node solution is up to 5 times better than a 2-node solution.
Year
DOI
Venue
2018
10.1109/qrs.2018.00016
QRS
Field
DocType
Citations 
Data modeling,Anomaly detection,Data mining,Programming paradigm,Computer science,Support vector machine,File size,Feature extraction,Hidden Markov model,Scalability
Conference
0
PageRank 
References 
Authors
0.34
0
5
Name
Order
Citations
PageRank
Md. Shariful Islam181.49
Korosh Koochekian Sabor200.34
Abdelaziz Trabelsi300.68
Wahab Hamou-Lhadj401.01
Luay Alawneh5709.18