Anomaly Detection Using Inter-Arrival Curves for Real-Time Systems

Real-time embedded systems are a significant class of applications, poised to grow even further as automated vehicles and the Internet of Things become a reality. An important problem for these systems is to detect anomalies during operation. Anomaly detection is a form of classification, which can be driven by data collected from the system at execution time. We propose inter-arrival curves as a novel analytic modelling technique for discrete event traces. Our approach relates to the existing technique of arrival curves and expands the technique to anomaly detection. Inter-arrival curves analyze the behaviour of events within a trace by providing upper and lower bounds to their inter-arrival occurrence. We exploit inter-arrival curves in a classification framework that detects deviations within these bounds for anomaly detection. Also, we show how inter-arrival curves act as good features to extract recurrent behaviour that these systems often exhibit. We demonstrate the feasibility and viability of the fully implemented approach with an industrial automotive case study (CAN traces) as well as a deployed aerospace case study (RTOS kernel traces).

[1]  Gang Chen,et al.  Evaluation of runtime monitoring methods for real-time event streams , 2015, The 20th Asia and South Pacific Design Automation Conference.

[2]  Student,et al.  THE PROBABLE ERROR OF A MEAN , 1908 .

[3]  Ming-Yang Su,et al.  Discovery and prevention of attack episodes by frequent episodes mining and finite state machines , 2010, J. Netw. Comput. Appl..

[4]  Ed F. Deprettere,et al.  Exploring Embedded-Systems Architectures with Artemis , 2001, Computer.

[5]  Thomas Lengauer,et al.  ROCR: visualizing classifier performance in R , 2005, Bioinform..

[6]  Sebastian Fischmeister,et al.  Dataset for Anomaly Detection Using Inter-Arrival Curves for Real-time Systems , 2016 .

[7]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[8]  Linh Thi Xuan Phan,et al.  Towards a Safe Compositional Real-Time Scheduling Theory for Cyber-Physical Systems , 2013 .

[9]  Sangkyum Kim,et al.  ROAM: Rule- and Motif-Based Anomaly Detection in Massive Moving Object Data Sets , 2007, SDM.

[10]  Anne Bouillard,et al.  Hidden anomaly detection in telecommunication networks , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[11]  Lothar Thiele,et al.  A general framework for analysing system properties in platform-based embedded system designs , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[12]  Chao Liu,et al.  Efficient Mining of Recurrent Rules from a Sequence Database , 2008, DASFAA.

[13]  Philip Chan,et al.  Learning States and Rules for Time Series Anomaly Detection , 2004, FLAIRS.

[14]  P. S. Sastry,et al.  A survey of temporal data mining , 2006 .

[15]  Vipin Kumar,et al.  Comparative Evaluation of Anomaly Detection Techniques for Sequence Data , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[16]  Heikki Mannila,et al.  Levelwise Search and Borders of Theories in Knowledge Discovery , 1997, Data Mining and Knowledge Discovery.

[17]  Vipin Kumar,et al.  Anomaly Detection for Discrete Sequences: A Survey , 2012, IEEE Transactions on Knowledge and Data Engineering.

[18]  Lothar Thiele,et al.  Modeling structured event streams in system level performance analysis , 2010, LCTES '10.

[19]  A. Akhmetova Discovery of Frequent Episodes in Event Sequences , 2006 .

[20]  Yanhong Liu,et al.  Performance Evaluation of Components Using a Granularity-based Interface Between Real-Time Calculus and Timed Automata , 2010, QAPL.

[21]  Gwilym M. Jenkins,et al.  Time series analysis, forecasting and control , 1971 .

[22]  James J. Filliben,et al.  NIST/SEMATECH e-Handbook of Statistical Methods; Chapter 1: Exploratory Data Analysis , 2003 .

[23]  Jean-Yves Le Boudec,et al.  Network Calculus: A Theory of Deterministic Queuing Systems for the Internet , 2001 .

[24]  Srinivasan Parthasarathy,et al.  Fast mining of distance-based outliers in high-dimensional datasets , 2008, Data Mining and Knowledge Discovery.

[25]  H. B. Mann,et al.  On a Test of Whether one of Two Random Variables is Stochastically Larger than the Other , 1947 .

[26]  Gang Chen,et al.  Conforming the runtime inputs for hard real-time embedded systems , 2012, DAC Design Automation Conference 2012.

[27]  Pallab Dasgupta,et al.  Acceptance and random generation of event sequences under real time calculus constraints , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[28]  Bogdan Dit,et al.  Feature location in source code: a taxonomy and survey , 2013, J. Softw. Evol. Process..

[29]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .