Reliable computer systems (2nd ed.): design and evaluation
Reliable computer systems (2nd ed.): design and evaluation
Computer event monitoring and analysis
Computer event monitoring and analysis
A survey of intrusion detection techniques
Computers and Security
Communications of the ACM
IEEE Spectrum
Fault Tolerance: Principles and Practice
Fault Tolerance: Principles and Practice
Computer
On-Line Monitoring: A Tutorial
Computer
Fault Injection Techniques and Tools
Computer
Benchmarking Anomaly-Based Detection Systems
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Scatter (and other) plots for visualizing user profiling data and network traffic
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Reflections on Industry Trends and Experimental Research in Dependability
IEEE Transactions on Dependable and Secure Computing
A least upper bound on the fault tolerance of real-time systems
Journal of Systems and Software
The Journal of Machine Learning Research
Anomaly-based fault detection in pervasive computing system
Proceedings of the 5th international conference on Pervasive services
A New GHSOM Model Applied to Network Security
ICANN '08 Proceedings of the 18th international conference on Artificial Neural Networks, Part I
Power saving and fault-tolerance in real-time critical embedded systems
Journal of Systems Architecture: the EUROMICRO Journal
Hierarchical Graphs for Data Clustering
IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Network security using growing hierarchical self-organizing maps
ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
Two effective methods to detect anomalies in embedded systems
Microelectronics Journal
Service discrimination and audit file reduction for effective intrusion detection
WISA'04 Proceedings of the 5th international conference on Information Security Applications
On the role of information compaction to intrusion detection
ISSADS'05 Proceedings of the 5th international conference on Advanced Distributed Systems
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
The conflict between self-* capabilities and predictability
Self-star Properties in Complex Information Systems
The Journal of Supercomputing
| Hi-index | 0.00 |
By employing fault tolerance, embedded systems can withstand both intentional and unintentional faults. Many fault-tolerance mechanisms are invoked only after a fault has been detected by whatever fault-detection mechanism is used, hence, the process of fault detection must itself be dependable if the system is expected to be fault tolerant. Many faults are detectable only indirectly as a result of performance disorders that manifest as anomalies in monitored system or sensor data. Anomaly detection, therefore, is often the primary means of providing early indications of faults. As with any other kind of detector, one seeks full coverage of the detection space with the anomaly detector being used. Even if coverage of a particular anomaly detector falls short of 100 percent, detectors can be composed to effect broader coverage, once their respective sweet spots and blind regions are known. This paper provides a framework and a fault-injection methodology for mapping an anomaly detector's effective operating space and shows that two detectors, each designed to detect the same phenomenon, may not perform similarly, even when the event to be detected is unequivocally anomalous and should be detected by either detector. Both synthetic and real-world data are used.