Welcome to P K Kelkar Library, Online Public Access Catalogue (OPAC)

Normal view MARC view ISBD view

Anomaly detection as a service : : challenges, advances, and opportunities /

By: Yao, Danfeng (Daphne) [author.].
Contributor(s): Shu, Xiaokui [author.] | Cheng, Long (Computer scientist) [author.] | Stolfo, Salvatore J [author.].
Material type: materialTypeLabelBookSeries: Synthesis digital library of engineering and computer science: ; Synthesis lectures on information security, privacy, and trust: # 22.Publisher: [San Rafael, California] : Morgan & Claypool, 2018.Description: 1 PDF (xv, 157 pages) : illustrations.Content type: text Media type: electronic Carrier type: online resourceISBN: 9781681731100.Subject(s): Anomaly detection (Computer security) | anomaly detection | data driven | proactive defense | program and software security | system and network security | outsource | anomaly detection as a service | deployment | data science | classification | machine learning | novelty detection | program analysis | control flow | data flow | semantic gap | inference and reasoning | code-reuse attack | data-oriented attack | advanced persistent threat | zero-day exploit | system tracing | hardware tracing | false negative | false positive | performance | usability | insider threat | fraud detection | cyber intelligence | automation | democratization of technology | Linux | Android | x86 | ARMGenre/Form: Electronic books.DDC classification: 005.8 Online resources: Abstract with links to resource Also available in print.
Contents:
1. Introduction -- 1.1 Applications of anomaly detection -- 1.2 Cohen's impossibility results -- 1.3 Zero-day exploits and APT -- 1.4 Challenges of democratizing anomaly detection technologies -- 1.5 Major developments on program anomaly detection -- 1.6 New opportunities --
2. Threat models -- 2.1 Faults vs. attacks and safety vs. security -- 2.2 Data-oriented attacks -- 2.3 Insider threats and inadvertent data leaks -- 2.4 Attacks on control flows -- 2.5 Mimicry attacks -- 2.6 Segment length and mimicry attack difficulty --
3. Local vs. global program anomaly detection -- 3.1 One big model vs. multiple small models -- 3.1.1 Modeling byte distributions -- 3.1.2 Multiple clusters for multiple behaviors -- 3.1.3 Suitability test -- 3.2 Local anomaly detection -- 3.2.1 n-gram -- 3.2.2 Hidden Markov model (HMM) -- 3.2.3 Finite-state automaton (FSA) -- 3.3 Global anomaly detection -- 3.3.1 Examples of global anomalies and detection attempts -- 3.3.2 Segmentation and representing infinite traces -- 3.3.3 Inter-cluster and intra-cluster anomalies --
4. Program analysis in data-driven anomaly detection -- 4.1 Security impact of incomplete training data -- 4.2 Program analysis for guiding classifiers -- 4.2.1 Quantifying control-flow graph -- 4.2.2 Interfacing with Markov model -- 4.2.3 Improving context sensitivity -- 4.3 Program analysis for Android malware detection -- 4.3.1 Android threat model and national security -- 4.3.2 Data-dependence graph and Android malware examples -- 4.3.3 User-trigger dependence-based detection -- 4.4 Formal language model for anomaly detection --
5. Anomaly detection in cyber-physical systems -- 5.1 CPS security challenges -- 5.1.1 Background on CPS -- 5.1.2 Security and the physical world -- 5.2 Overview of cps anomaly detection -- 5.3 Event-aware anomaly detection (EAD) framework -- 5.3.1 Data-oriented attacks on CPS -- 5.3.2 Reasoning cyber-physical execution semantics -- 5.4 Event-aware finite-state automaton for CPS -- 5.4.1 Definition of eFSA -- 5.4.2 Event-aware detection in eFSA -- 5.5 Evaluation of control-branch and control-intensity detection -- 5.6 Deployment of CPS anomaly detection --
6. Anomaly detection on network traffic -- 6.1 Threats of clandestine network activities -- 6.2 Sensemaking of network traffic for anomaly detection -- 6.2.1 Extrusion detection in BINDER and its generalization -- 6.2.2 Multi-host causality and reasoning -- 6.2.3 Collaborative sensemaking -- 6.3 Definition of triggering-relation discovery -- 6.4 Discovery of triggering-relation graphs for host security -- 6.5 Sparsity of triggering relations and cost matrix --
7. Automation and evaluation for anomaly detection deployment -- 7.1 Model drift and adapting anomaly detection to changes -- 7.2 Sanitizing training data -- 7.2.1 Overview of sanitization approaches -- 7.2.2 Impact of basic sanitization -- 7.2.3 Impact of collaborative sanitization -- 7.3 Self-calibration and gradual retraining -- 7.3.1 Automatic training optimization -- 7.3.2 Automatic threshold selection -- 7.3.3 Performance under self-calibration -- 7.3.4 Gradual retraining -- 7.4 Tracing overhead and Intel PT -- 7.5 Experimental evaluation for data-driven anomaly detection --
8. Anomaly detection from the industry's perspective -- 8.1 Anomaly detection in payment card industry -- 8.2 Security operation centers (SOC) -- 8.3 Anomaly detection in the pyramid -- 8.4 Building your own anomaly detection toolkit -- 8.5 Leveraging external knowledge in cyber security pyramid --
9. Exciting new problems and opportunities -- 9.1 Deep learning and instruction-level anomaly detection -- 9.2 Post-detection forensic, repair, and recovery -- 9.3 Anomaly detection of concurrency attacks -- 9.4 Mimicry generation, insider threat detection, automation, and knowledge base --
Bibliography -- Authors' biographies -- Index.
Abstract: Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation. The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats.We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.
    average rating: 0.0 (0 votes)
Item type Current location Call number Status Date due Barcode Item holds
E books E books PK Kelkar Library, IIT Kanpur
Available EBKE794
Total holds: 0

Mode of access: World Wide Web.

System requirements: Adobe Acrobat Reader.

Part of: Synthesis digital library of engineering and computer science.

Includes bibliographical references (pages 117-147) and index.

1. Introduction -- 1.1 Applications of anomaly detection -- 1.2 Cohen's impossibility results -- 1.3 Zero-day exploits and APT -- 1.4 Challenges of democratizing anomaly detection technologies -- 1.5 Major developments on program anomaly detection -- 1.6 New opportunities --

2. Threat models -- 2.1 Faults vs. attacks and safety vs. security -- 2.2 Data-oriented attacks -- 2.3 Insider threats and inadvertent data leaks -- 2.4 Attacks on control flows -- 2.5 Mimicry attacks -- 2.6 Segment length and mimicry attack difficulty --

3. Local vs. global program anomaly detection -- 3.1 One big model vs. multiple small models -- 3.1.1 Modeling byte distributions -- 3.1.2 Multiple clusters for multiple behaviors -- 3.1.3 Suitability test -- 3.2 Local anomaly detection -- 3.2.1 n-gram -- 3.2.2 Hidden Markov model (HMM) -- 3.2.3 Finite-state automaton (FSA) -- 3.3 Global anomaly detection -- 3.3.1 Examples of global anomalies and detection attempts -- 3.3.2 Segmentation and representing infinite traces -- 3.3.3 Inter-cluster and intra-cluster anomalies --

4. Program analysis in data-driven anomaly detection -- 4.1 Security impact of incomplete training data -- 4.2 Program analysis for guiding classifiers -- 4.2.1 Quantifying control-flow graph -- 4.2.2 Interfacing with Markov model -- 4.2.3 Improving context sensitivity -- 4.3 Program analysis for Android malware detection -- 4.3.1 Android threat model and national security -- 4.3.2 Data-dependence graph and Android malware examples -- 4.3.3 User-trigger dependence-based detection -- 4.4 Formal language model for anomaly detection --

5. Anomaly detection in cyber-physical systems -- 5.1 CPS security challenges -- 5.1.1 Background on CPS -- 5.1.2 Security and the physical world -- 5.2 Overview of cps anomaly detection -- 5.3 Event-aware anomaly detection (EAD) framework -- 5.3.1 Data-oriented attacks on CPS -- 5.3.2 Reasoning cyber-physical execution semantics -- 5.4 Event-aware finite-state automaton for CPS -- 5.4.1 Definition of eFSA -- 5.4.2 Event-aware detection in eFSA -- 5.5 Evaluation of control-branch and control-intensity detection -- 5.6 Deployment of CPS anomaly detection --

6. Anomaly detection on network traffic -- 6.1 Threats of clandestine network activities -- 6.2 Sensemaking of network traffic for anomaly detection -- 6.2.1 Extrusion detection in BINDER and its generalization -- 6.2.2 Multi-host causality and reasoning -- 6.2.3 Collaborative sensemaking -- 6.3 Definition of triggering-relation discovery -- 6.4 Discovery of triggering-relation graphs for host security -- 6.5 Sparsity of triggering relations and cost matrix --

7. Automation and evaluation for anomaly detection deployment -- 7.1 Model drift and adapting anomaly detection to changes -- 7.2 Sanitizing training data -- 7.2.1 Overview of sanitization approaches -- 7.2.2 Impact of basic sanitization -- 7.2.3 Impact of collaborative sanitization -- 7.3 Self-calibration and gradual retraining -- 7.3.1 Automatic training optimization -- 7.3.2 Automatic threshold selection -- 7.3.3 Performance under self-calibration -- 7.3.4 Gradual retraining -- 7.4 Tracing overhead and Intel PT -- 7.5 Experimental evaluation for data-driven anomaly detection --

8. Anomaly detection from the industry's perspective -- 8.1 Anomaly detection in payment card industry -- 8.2 Security operation centers (SOC) -- 8.3 Anomaly detection in the pyramid -- 8.4 Building your own anomaly detection toolkit -- 8.5 Leveraging external knowledge in cyber security pyramid --

9. Exciting new problems and opportunities -- 9.1 Deep learning and instruction-level anomaly detection -- 9.2 Post-detection forensic, repair, and recovery -- 9.3 Anomaly detection of concurrency attacks -- 9.4 Mimicry generation, insider threat detection, automation, and knowledge base --

Bibliography -- Authors' biographies -- Index.

Abstract freely available; full-text restricted to subscribers or individual document purchasers.

Compendex

INSPEC

Google scholar

Google book search

Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation. The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats.We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.

Also available in print.

Title from PDF title page (viewed on October 25, 2017).

There are no comments for this item.

Log in to your account to post a comment.

Powered by Koha