Black-box Attacks to Log-based Anomaly Detection

2022 18th International Conference on Network and Service Management (CNSM) Pub Date : 2022-10-31 DOI:10.23919/CNSM55787.2022.9964935

Shaohan Huang, Yi Liu, Carol J. Fung, Hailong Yang, Zhongzhi Luan

{"title":"Black-box Attacks to Log-based Anomaly Detection","authors":"Shaohan Huang, Yi Liu, Carol J. Fung, Hailong Yang, Zhongzhi Luan","doi":"10.23919/CNSM55787.2022.9964935","DOIUrl":null,"url":null,"abstract":"Anomaly detection is the key to Quality of Service (QoS) in many modern systems. Logs, which record the runtime information of system, are widely used for anomaly detection. The security of the log-based anomaly detection has not been well investigated. In this paper, we conduct an empirical study on black-box attacks on log-based anomaly detection. We investigate eight different methods on log attacking and compare their performance on various log parsing methods and log anomaly detection models. We propose a method to evaluate the imperceptibility of log attacking methods. In our experiments, we evaluate the performance on the attack methods on two real log datasets. The results of our experiments show that LogBug outperforms the others in almost all situations. We also compare the imperceptibility of various attack methods and find a trade-off between performance and imperceptibility, where better attack performance means worse imperceptibility. To the best of our knowledge, this is the first work to investigate and compare the attack models on log-based anomaly detection.","PeriodicalId":232521,"journal":{"name":"2022 18th International Conference on Network and Service Management (CNSM)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 18th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM55787.2022.9964935","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Anomaly detection is the key to Quality of Service (QoS) in many modern systems. Logs, which record the runtime information of system, are widely used for anomaly detection. The security of the log-based anomaly detection has not been well investigated. In this paper, we conduct an empirical study on black-box attacks on log-based anomaly detection. We investigate eight different methods on log attacking and compare their performance on various log parsing methods and log anomaly detection models. We propose a method to evaluate the imperceptibility of log attacking methods. In our experiments, we evaluate the performance on the attack methods on two real log datasets. The results of our experiments show that LogBug outperforms the others in almost all situations. We also compare the imperceptibility of various attack methods and find a trade-off between performance and imperceptibility, where better attack performance means worse imperceptibility. To the best of our knowledge, this is the first work to investigate and compare the attack models on log-based anomaly detection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

黑盒攻击到基于日志的异常检测

在许多现代系统中，异常检测是服务质量的关键。日志记录了系统的运行信息，广泛用于异常检测。基于日志的异常检测的安全性还没有得到很好的研究。本文对基于日志的异常检测中的黑盒攻击进行了实证研究。研究了八种不同的日志攻击方法，并比较了它们在不同日志解析方法和日志异常检测模型上的性能。我们提出了一种评估日志攻击方法不可感知性的方法。在实验中，我们在两个真实日志数据集上评估了攻击方法的性能。我们的实验结果表明，在几乎所有情况下，LogBug的性能都优于其他工具。我们还比较了各种攻击方法的不可感知性，并找到了性能和不可感知性之间的权衡，其中更好的攻击性能意味着更差的不可感知性。据我们所知，这是第一个研究和比较基于日志的异常检测的攻击模型的工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 18th International Conference on Network and Service Management (CNSM)

自引率

0.00%

发文量