Publications

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications

Published in Annual Computer Security Applications Conference, 2020

Containers have been widely adopted in production computing environments for its efficiency and low isolation overhead. However, recent studies have shown that containerized applications are prone to various security attacks. Moreover, containerized applications are often highly dynamic and short-lived, which further exacerbates the problem. In this paper, we present CDL, a classified distributed learning framework to achieve efficient security attack detection for containerized applications. CDL integrates online application classification and anomaly detection to overcome the challenge of lacking sufficient training data for dynamic short-lived containers while considering diversified normal behaviors in different applications. We have implemented a prototype of CDL and evaluated it over 33 real world vulnerability attacks in 24 commonly used server applications. Our experimental results show that CDL can reduce the false positive rate from over 12% to 0.24% compared to the traditional anomaly detection scheme without aggregating training data. Compared to the distributed learning method without application classification, CDL can improve the detection rate from catching 20 out of 33 attacks to 31 out of 33 attacks before those attacks compromise the server systems. CDL is light-weight, which can complete application classification and anomaly detection within a few milliseconds.

Recommended citation: Lin, Y., Tunde-Onadele, O. and Gu, X., 2020, December. CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications. In Annual Computer Security Applications Conference (pp. 179-188) https://doi.org/10.1145/3427228.3427236

Continuous Detection of Abnormal Heartbeats from ECG Using Online Outlier Detection

Published in Lossio-Ventura J., Muñante D., Alatrista-Salas H. (eds) Information Management and Big Data. SIMBig 2018. Communications in Computer and Information Science, vol 898. Springer, Cham, 2019

A prototype system has been built to test the feasibility and efficacy of detecting abnormal ECG segments from an ECG data stream targeting a mobile device, where data are arriving continuously and indefinitely and are processed online incrementally and efficiently without being stored in memory.

Recommended citation: Lin Y., Lee B.S., Lustgarten D. (2019) Continuous Detection of Abnormal Heartbeats from ECG Using Online Outlier Detection. In: Lossio-Ventura J., Muñante D., Alatrista-Salas H. (eds) Information Management and Big Data. SIMBig 2018. Communications in Computer and Information Science, vol 898. Springer, Cham https://doi.org/10.1007/978-3-030-11680-4_33