Anomaly Detection as a Service

Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation.

The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats. We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.

Danfeng (Daphne) Yao is an Associate Professor of Computer Science at Virginia Tech. In the past decade, she has worked on designing and developing data-driven anomaly detection techniques for securing networked systems against stealthy exploits and attacks. Her expertise also includes software security, mobile security, cloud security, and applied cryptography. Professor Yao received her Ph.D. in Computer Science from Brown University. Professor Yao is an Elizabeth and James E. Turner Jr. '56 Faculty Fellow and L-3 Faculty Fellow. She received the NSF CAREER Award in 2010 for her work on human-behavior driven malware detection, and the ARO Young Investigator Award for her semantic reasoning for mission-oriented security work in 2014. She received several Best Paper Awards and Best Poster Awards. She was given the Award for Technological Innovation from Brown University in 2006. She holds multiple U.S. patents for her anomaly detection technologies. Professor Yao is an Associate Editorof IEEE Transactions on Dependable and Secure Computing (TDSC). She serves as the PC member in numerous computer security conferences, including ACM CCS, IEEE Security & Privacy Symposium. She has over 85 peer-reviewed publications in major security and privacy conferences and journals. Daphne is an active member of the security research community. She serves as the Secretary/Treasurer at ACM Special Interest Group on Security, Audit and Control (SIGSAC).Xiaokui Shu is a Research Staff Member in the Cognitive Cybersecurity Intelligence Group at the IBM T. J. Watson Research Center. He received his Ph.D. degree in Computer Science from Virginia Tech and a B.S. degree from University of Science and Technology of China (USTC). His research interests are in system and network security, such as intrusion detection, cyber defense, and threat intelligence. He received the Outstanding Ph.D. Student Award from Virginia Tech and the prestigious Guo Moruo Award from USTC. Dr. Shu's research was published in top conferences and journals, including ACM Conference on Computer and Communications Security (CCS) and ACM Transactions on Privacy and Security (TOPS). Dr. Shu enjoys cyber security Capture The Flag (CTF) competitions. He won the first prize in the Inaugural Virginia Tech Cyber Security Summit Competition.
Long Cheng is currently pursuing his second Ph.D. in the Department of Computer Science at Virginia Tech. His research interests include system and network security, cyber forensics, cyberphysical systems (CPS) security, mobile computing, and wireless networks. He received his first Ph.D. degree from Beijing University of Posts and Telecommunications in 2012. Dr. Cheng received the Best Paper Award from IEEE Wireless Communications and Networking Conference (WCNC) in 2013 and the prestigious Erasmus Mundus Scholar Award from the European Union in 2014. Dr. Cheng's research activities span across the fields of cyber security and networking. He has published over 60 papers in peer-reviewed journals and conferences, including IEEE Transactions on Information Forensics and Security (TIFS), IEEE/ACM Transactions on Networking (ToN), Annual Computer Security Applications Conference (ACSAC), and Privacy Enhancing Technologies Symposium (PETS). He was invited to write a review article on enterprise data breach in Wiley's WIREs Data Mining and Knowledge Discovery. Dr. Cheng has extensive experiences collaborating with researchers in the industry and academia across multiple continents. He holds a patent for his sensor network routing method.
Salvatore J. Stolfo is a Professor of Computer Science at Columbia University. He received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He won the IBM Faculty Development Award early in his academic career in 1983. He has published several books and over 250 scientific papers and received several Best Paper Awards. His research spans acrossthe areas of parallel computing, AI knowledge-based systems, data mining, and most recently computer security and intrusion detection systems. Professor Stolfo has been granted 33 patents in the areas of parallel computing and database inference and computer security, most of which have been licensed. His research has been supported by DARPA, NSF, ONR, NSA, CIA, IARPA, AFOSR, ARO, NIST, DHS, and numerous companies and state agencies. Professor Stolfo has mentored over 30 Ph.D. students and many Master's students. His most recent research is devoted to payload anomaly detection for zero-day exploits, secure private querying, private and anonymous network trace synthesis, and automatic bait generation for trap-based defense to mitigate the insider threat.