Physical Sciences and Mathematics Commons^™

Towards Ground Truthing Observations In Gray-Box Anomaly Detection, Jiang Ming, Haibin Zhang, Debin Gao

Research Collection School Of Computing and Information Systems

Anomaly detection has been attracting interests from researchers due to its advantage of being able to detect zero-day exploits. A gray-box anomaly detector first observes benign executions of a computer program and then extracts reliable rules that govern the normal execution of the program. However, such observations from benign executions are not necessarily true evidences supporting the rules learned. For example, the observation that a file descriptor being equal to a socket descriptor should not be considered supporting a rule governing the two values to be the same. Ground truthing such observations is a difficult problem since it is not …