An Anomaly Detection and Network Filtering System for Linux Based on Kohonen Maps and Variable-order Markov Chains

Staroletov, Sergey; Chudov, Roman

doi:10.23919/fruct56874.2022.9953860

Cited by 3 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The kernel-doc tool collects these comments and checks their completeness [27]. The comments here refer to the ring buffer, which can be used to implement efficient network applications [28] These fixes concern errors when loading and unloading kernel modules, more precisely during their live loading, when the already loaded code is replaced in a running system [29]. This is possible using the function tracing approach.…”

Section: Kernel (/Linux/kernel)mentioning

confidence: 99%

Analyzing Hot Bugs in the Linux Kernel by Clustering Fixing Commit Messages

Starovoytov,

Golovnev,

Staroletov

2023

Proceedings of ISP RAS

View full text Add to dashboard Cite

In system software environments, a vast amount of information circulates, making it crucial to utilize this information in order to enhance the operation of such systems. One such system is the Linux kernel, which not only boasts a completely open-source nature, but also provides a comprehensive history through its git repository. Here, every logical code change is accompanied by a message written by the developer in natural language. Within this expansive repository, our focus lies on error correction messages from fixing commits, as analyzing their text can help identify the most common types of errors. Building upon our previous works, this paper proposes the utilization of data analysis methods for this purpose. To achieve our objective, we explore various techniques for processing repository messages and employing automated methods to pinpoint the prevalent bugs within them. By calculating distances between vectorizations of bug fixing messages and grouping them into clusters, we can effectively categorize and isolate the most frequently occurring errors. Our approach is applied to multiple prominent parts within the Linux kernel, allowing for comprehensive results and insights into what is going on with bugs in different subsystems. As a result, we show a summary of bug fixes in such parts of the Linux kernel as kernel, sched, mm, net, irq, x86 and arm64.

show abstract

Section: Kernel (/Linux/kernel)mentioning

confidence: 99%

Analyzing Hot Bugs in the Linux Kernel by Clustering Fixing Commit Messages

Starovoytov,

Golovnev,

Staroletov

2023

Proceedings of ISP RAS

View full text Add to dashboard Cite

show abstract

A Software Framework for Jetson Nano to Detect Anomalies in CAN Data

Staroletov

2023

2023 International Russian Smart Industry Conference (SmartIndustryCon)

View full text Add to dashboard Cite

Intrusion detection in cloud computing based on time series anomalies utilizing machine learning

Al-Ghuwairi,

Sharrab,

Al-Fraihat

et al. 2023

J Cloud Comp

View full text Add to dashboard Cite

The growth of cloud computing is hindered by concerns about privacy and security. Despite the widespread use of network intrusion detection systems (NIDS), the issue of false positives remains prevalent. Furthermore, few studies have approached the intrusion detection problem as a time series issue, requiring time series modeling. In this study, we propose a novel technique for the early detection of intrusions in cloud computing using time series data. Our approach involves a method for Feature Selection (FS) and a prediction model based on the Facebook Prophet model to assess its efficiency. The FS method we propose is a collaborative feature selection model that integrates time series analysis techniques with anomaly detection, stationary, and causality tests. This approach specifically addresses the challenge of misleading connections between time series anomalies and attacks. Our results demonstrate a significant reduction in predictors employed in our prediction model, from 70 to 10 predictors, while improving performance metrics such as Mean Absolute Error (MAE), Mean Squared Error (MSE), Root Mean Squared Error (RMSE), Mean Absolute Percentage Error (MAPE), Median Absolute Percentage Error (MdAPE), and Dynamic Time Warping (DTW). Furthermore, our approach has resulted in reduced training, prediction, and cross-validation times of approximately 85%, 15%, and 97%, respectively. Although memory consumption remains similar, the utilization time has been significantly reduced, resulting in substantial resource usage reduction. Overall, our study presents a comprehensive methodology for effective early detection of intrusions in cloud computing based on time series anomalies, employing a collaborative feature selection model and the Facebook Prophet prediction model. Our findings highlight the efficiency and performance improvements achieved through our approach, contributing to the advancement of intrusion detection techniques in the context of cloud computing security.

show abstract

An Anomaly Detection and Network Filtering System for Linux Based on Kohonen Maps and Variable-order Markov Chains

Cited by 3 publications

References 23 publications

Analyzing Hot Bugs in the Linux Kernel by Clustering Fixing Commit Messages

Analyzing Hot Bugs in the Linux Kernel by Clustering Fixing Commit Messages

A Software Framework for Jetson Nano to Detect Anomalies in CAN Data

Intrusion detection in cloud computing based on time series anomalies utilizing machine learning

Contact Info

Product

Resources

About