Palisade: A framework for anomaly detection in embedded systems

Abstract In this article, we propose Palisade, a distributed framework for streaming anomaly detection. Palisade is motivated by the need to apply multiple detection algorithms for distinct anomalies in the same scenario. Our solution blends low latency detection with deployment flexibility and ease-of-modification. This work includes a thorough description of the choices made in designing Palisade and the reasons for making those choices. We carefully define symptoms of anomalies that may be detected, and we use this taxonomy in characterizing our work. The article includes two case studies using a variety of anomaly detectors on streaming data to demonstrate the effectiveness of our approach in an embedded setting.

[1]  Sebastian Fischmeister,et al.  Mining Task Precedence Graphs from Real-Time Embedded System Traces , 2018, 2018 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[2]  Han Zou,et al.  Non-Parametric Outliers Detection in Multiple Time Series A Case Study: Power Grid Data Analysis , 2018, AAAI.

[3]  Fang Liu,et al.  A Real-Time Anomalies Detection System Based on Streaming Technology , 2014, 2014 Sixth International Conference on Intelligent Human-Machine Systems and Cybernetics.

[4]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Douglas L. Reilly,et al.  Credit card fraud detection with a neural-network , 1994, 1994 Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences.

[6]  Namita Mittal,et al.  Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques , 2012 .

[7]  Leslie Mitchell,et al.  Combustible gas detector sensor drift: Catalytic vs. infrared , 2010 .

[8]  F. Y. Edgeworth,et al.  XLI. On discordant observations , 1887 .

[9]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[10]  黄亚明 PhysioBank , 2009 .

[11]  Sebastian Fischmeister,et al.  Non-intrusive program tracing and debugging of deployed embedded systems through side-channel analysis , 2013, LCTES '13.

[12]  Daniel P. Siewiorek,et al.  Error log analysis: statistical modeling and heuristic trend analysis , 1990 .

[13]  James F. Allen Maintaining knowledge about temporal intervals , 1983, CACM.

[14]  Sylvain Hallé When RV Meets CEP , 2016, RV.

[15]  Tom Fawcett,et al.  Activity monitoring: noticing interesting changes in behavior , 1999, KDD '99.

[16]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[17]  Reda Alhajj,et al.  A comprehensive survey of numeric and symbolic outlier mining techniques , 2006, Intell. Data Anal..

[18]  Megan Holstein Website , 2019, iPhone App Design for Entrepreneurs.

[19]  Paul Clements,et al.  ATAM: Method for Architecture Evaluation , 2000 .

[20]  Subhash C. Bagui,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2005, Technometrics.

[21]  Lui Sha,et al.  Feedback fault tolerance of real-time embedded systems: issues and possible solutions , 2006, SIGBED.

[22]  Shikha Agrawal,et al.  Survey on Anomaly Detection using Data Mining Techniques , 2015, KES.

[23]  Sebastian Fischmeister,et al.  Inferring event stream abstractions , 2018, Formal Methods Syst. Des..

[24]  Henry Stark,et al.  Image recovery: Theory and application , 1987 .

[25]  M.M. Deris,et al.  A Comparative Study for Outlier Detection Techniques in Data Mining , 2006, 2006 IEEE Conference on Cybernetics and Intelligent Systems.

[26]  Sebastian Fischmeister,et al.  Mining temporal intervals from real-time system traces , 2017, 2017 6th International Workshop on Software Mining (SoftwareMining).

[27]  Sebastian Fischmeister,et al.  Efficient program tracing and monitoring through power consumption - with a little help from the compiler , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[28]  Sebastian Fischmeister,et al.  Static Transformation of Power Consumption for Software Attestation , 2016, 2016 IEEE 22nd International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA).

[29]  Leonard J. Bass,et al.  SAAM: a method for analyzing the properties of software architectures , 1994, Proceedings of 16th International Conference on Software Engineering.

[30]  Gerard Frankowski,et al.  Application of the Complex Event Processing system for anomaly detection and network monitoring , 2015, Comput. Sci..

[31]  Elisabeth Baseman,et al.  Markov Chain Modeling for Anomaly Detection in High Performance Computing System Logs , 2017 .

[32]  Klaus Havelund,et al.  nfer - A Notation and System for Inferring Event Stream Abstractions , 2016, RV.

[33]  Tomás Pevný,et al.  Loda: Lightweight on-line detector of anomalies , 2016, Machine Learning.

[34]  Jonathan Petit,et al.  Remote Attacks on Automated Vehicles Sensors : Experiments on Camera and LiDAR , 2015 .

[35]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[36]  Indrakshi Ray,et al.  Practical DoS Attacks on Embedded Networks in Commercial Vehicles , 2016, ICISS.

[37]  Martin Leucker,et al.  TeSSLa: Temporal Stream-based Specification Language , 2018, SBMF.

[38]  J. Pickands Statistical Inference Using Extreme Order Statistics , 1975 .

[39]  S. Fischmeister,et al.  A Comparison of Data Streaming Frameworks for Anomaly Detection in Embedded Systems , 2018 .

[40]  Sylvain Hallé,et al.  Real-Time Data Mining for Event Streams , 2018, 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC).

[41]  Fabrizio Montesi,et al.  Microservices: Yesterday, Today, and Tomorrow , 2017, Present and Ulterior Software Engineering.

[42]  Johannes Gehrke,et al.  Towards Expressive Publish/Subscribe Systems , 2006, EDBT.

[43]  Charlie McCarthy,et al.  Characterization of Potential Security Threats in Modern Automobiles: A Composite Modeling Approach , 2014 .

[44]  Theodore Johnson,et al.  Gigascope: a stream database for network applications , 2003, SIGMOD '03.

[45]  Carlo Zaniolo,et al.  Designing an inductive data stream management system: the stream mill experience , 2008, SSPS '08.

[46]  Steven M. Bellovin,et al.  Packets found on an internet , 1993, CCRV.

[47]  Otto Carlos Muniz Bandeira Duarte,et al.  A Performance Comparison of Open-Source Stream Processing Platforms , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[48]  Sebastian Fischmeister,et al.  SiPTA: Signal processing for trace-based anomaly detection , 2014, 2014 International Conference on Embedded Software (EMSOFT).

[49]  Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software , 2013 .

[50]  Martin Meckesheimer,et al.  Automatic outlier detection for time series: an application to sensor data , 2007, Knowledge and Information Systems.

[51]  Farrokh Marvasti,et al.  Recovery of signals from nonuniform samples using iterative methods , 1991, IEEE Trans. Signal Process..

[52]  Aaron Klein,et al.  Hyperparameter Optimization , 2017, Encyclopedia of Machine Learning and Data Mining.

[53]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[54]  Gehao Sheng,et al.  An Integrated Data Preprocessing Framework Based on Apache Spark for Fault Diagnosis of Power Grid Equipment , 2017, J. Signal Process. Syst..

[55]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[56]  Jesse Read,et al.  EXAD: A System for Explainable Anomaly Detection on Big Data Traces , 2018, 2018 IEEE International Conference on Data Mining Workshops (ICDMW).

[57]  Eric Sax,et al.  Online Detection of Anomalies in Vehicle Signals using Replicator Neural Networks , 2018 .

[58]  Eamonn J. Keogh,et al.  Finding the most unusual time series subsequence: algorithms and applications , 2006, Knowledge and Information Systems.

[59]  Steven K. Donoho,et al.  Early detection of insider trading in option markets , 2004, KDD.

[60]  D. Snyder,et al.  On-Line Intrusion Detection Using Sequences of System Calls , 2001 .

[61]  Marina Krotofil,et al.  A Rising Tide: Design Exploits in Industrial Control Systems , 2016, WOOT.

[62]  Neil Immerman,et al.  Recognizing patterns in streams with imprecise timestamps , 2010, Proc. VLDB Endow..

[63]  Eamonn J. Keogh,et al.  A symbolic representation of time series, with implications for streaming algorithms , 2003, DMKD '03.

[64]  Srinath Perera,et al.  Siddhi: a second look at complex event processing architectures , 2011, GCE '11.

[65]  David J. DeWitt,et al.  NiagaraCQ: a scalable continuous query system for Internet databases , 2000, SIGMOD '00.

[66]  Andrew W. Moore,et al.  Bayesian Network Anomaly Pattern Detection for Disease Outbreaks , 2003, ICML.

[67]  Ingrid Verbauwhede,et al.  On the Feasibility of Cryptography for a Wireless Insulin Pump System , 2016, CODASPY.

[68]  Dimitrios Gunopulos,et al.  Online outlier detection in sensor data using non-parametric models , 2006, VLDB.

[69]  Donghyun Shin,et al.  A Platform for Generating Anomalous Traces Under Cooperative Driving Scenarios , 2018 .

[70]  M. Kramer Nonlinear principal component analysis using autoassociative neural networks , 1991 .

[71]  Qiang Wang,et al.  A symbolic representation of time series , 2005, Proceedings of the Eighth International Symposium on Signal Processing and Its Applications, 2005..

[72]  Sebastian Fischmeister,et al.  Mining Timed Regular Specifications from System Traces , 2018, ACM Trans. Embed. Comput. Syst..

[73]  Bhavani M. Thuraisingham,et al.  Online anomaly detection for multi‐source VMware using a distributed streaming framework , 2016, Softw. Pract. Exp..

[74]  Jan P. Allebach,et al.  Iterative reconstruction of bandlimited images from nonuniformly spaced samples , 1987 .

[75]  Yoshua Bengio,et al.  Gradient-Based Optimization of Hyperparameters , 2000, Neural Computation.

[76]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[77]  XLI , 2018, Out of the Shadow.

[78]  George F. Riley,et al.  A New Approach to Zero-Copy Message Passing with Reversible Memory Allocation in Multi-core Architectures , 2012, 2012 ACM/IEEE/SCS 26th Workshop on Principles of Advanced and Distributed Simulation.

[79]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[80]  Alessandro Margara,et al.  Processing flows of information: From data stream to complex event processing , 2012, CSUR.

[81]  David A. Clifton,et al.  A review of novelty detection , 2014, Signal Process..