{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:14:47Z","timestamp":1750306487894,"version":"3.41.0"},"reference-count":37,"publisher":"Association for Computing Machinery (ACM)","issue":"January","license":[{"start":{"date-parts":[[2016,1,8]],"date-time":"2016-01-08T00:00:00Z","timestamp":1452211200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Ubiquity"],"published-print":{"date-parts":[[2016,1,20]]},"abstract":"<jats:p>Cyber-attacks and breaches are often detected too late to avoid damage. While \"classical\" reactive cyber defenses usually work only if we have some prior knowledge about the attack methods and \"allowable\" patterns, properly constructed redundancy-based anomaly detectors can be more robust and often able to detect even zero day attacks. They are a step toward an oracle that uses knowable behavior of a healthy system to identify abnormalities. In the world of Internet of Things (IoT), security, and anomalous behavior of sensors and other IoT components, will be orders of magnitude more difficult unless we make those elements security aware from the start. In this article we examine the ability of redundancy-based anomaly detectors to recognize some high-risk and difficult to detect attacks on web servers---a likely management interface for many IoT stand-alone elements. In real life, it has taken long, a number of years in some cases, to identify some of the vulnerabilities and related attacks. We discuss practical relevance of the approach in the context of providing high-assurance Web-services that may belong to autonomous IoT applications and devices.<\/jats:p>","DOI":"10.1145\/2822881","type":"journal-article","created":{"date-parts":[[2016,1,11]],"date-time":"2016-01-11T13:40:51Z","timestamp":1452519651000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Using Redundancy to Detect Security Anomalies: Towards IoT security attack detectors"],"prefix":"10.1145","volume":"2016","author":[{"given":"Roopak","family":"Venkatakrishnan","sequence":"first","affiliation":[{"name":"Twitter"}]},{"given":"Mladen A.","family":"Vouk","sequence":"additional","affiliation":[{"name":"North Carolina State Data Science Initiative"}]}],"member":"320","published-online":{"date-parts":[[2016,1,8]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Symantec. 2013 Internet Security Threat Report volume 18. 20013.  Symantec. 2013 Internet Security Threat Report volume 18. 20013."},{"key":"e_1_2_1_2_1","unstructured":"The Mitre Corp. CWE\/SANS Top 25 Most Dangerous Software Errors. Sept. 13 2011.  The Mitre Corp. CWE\/SANS Top 25 Most Dangerous Software Errors. Sept. 13 2011."},{"key":"e_1_2_1_3_1","first-page":"614","article-title":"Fault-tolerant software reliability engineering. In Handbook of Software Reliability Engineering. McGraw Hill, Hightstown","volume":"567","author":"McAllister D.","year":"1996","journal-title":"NJ"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/0950-5849(90)90044-R"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_3"},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","unstructured":"R. Venkatakrishnan. Redundancy-Based Detection of Security Anomalies in Web-Server Environments. North Carolina State University. M.S. thesis 2014.  R. Venkatakrishnan. Redundancy-Based Detection of Security Anomalies in Web-Server Environments. North Carolina State University. M.S. thesis 2014.","DOI":"10.1145\/2600176.2600205"},{"volume-title":"Oct. 16, 2015.","year":"2015","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1975.6312842"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1984.1659219"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.83905"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/24.61308"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/1899254.1899257"},{"key":"e_1_2_1_13_1","first-page":"6","article-title":"Analysis of operating system diversity for intrusion tolerance. Software","volume":"44","author":"Garcia M.","year":"2014","journal-title":"Practice and Experience"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"e_1_2_1_15_1","unstructured":"M. R. Lyu. Software Fault Tolerance. John Wiley & Sons New York 1995.   M. R. Lyu. Software Fault Tolerance . John Wiley & Sons New York 1995."},{"volume-title":"McGraw Hill","year":"1996","author":"Lyu M. R.","key":"e_1_2_1_16_1"},{"volume-title":"Springer","year":"1992","author":"Laprie J.-C.","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","first-page":"72","article-title":"Design considerations in Boeing 777 fly-by-wire computers. In the Third IEEE International Symposium on High-Assurance Systems Engineering. IEEE","volume":"64","author":"Yeh Y.","year":"1998","journal-title":"Washington D.C."},{"key":"e_1_2_1_19_1","first-page":"458","article-title":"The ELEKTRA railway signaling system: Field experience with an actively replicated system with diversity. In the Twenty-Fifth International Symposium on Fault-Tolerant Computing. IEEE","volume":"453","author":"Kantz H.","year":"1995","journal-title":"Washington D.C."},{"key":"e_1_2_1_20_1","unstructured":"Ycombinator. Hacker News.  Ycombinator. Hacker News."},{"key":"e_1_2_1_21_1","unstructured":"Sucuri Inc. Sucuri Blog.  Sucuri Inc. Sucuri Blog."},{"key":"e_1_2_1_22_1","unstructured":"B. Schneier. Heartbleed. Schneier On Security. Blog. April 9. 2014.  B. Schneier. Heartbleed. Schneier On Security. Blog. April 9. 2014."},{"volume-title":"Sucuri Blog.","year":"2014","author":"Sinegubko D.","key":"e_1_2_1_23_1"},{"volume-title":"ComputerWorld.","year":"2013","author":"Constantin L.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","unstructured":"Symantec. Java.Tomdep. Security response. 2013.  Symantec. Java.Tomdep. Security response. 2013."},{"key":"e_1_2_1_26_1","unstructured":"D. Goodin. Ongoing malware attack targeting Apache hijacks 20 000 sites. ArsTechnica. April 2 2013.  D. Goodin. Ongoing malware attack targeting Apache hijacks 20 000 sites. ArsTechnica. April 2 2013."},{"key":"e_1_2_1_27_1","unstructured":"Symantec. Trojan.Apmod. Security response. 2011.  Symantec. Trojan.Apmod. Security response. 2011."},{"key":"e_1_2_1_28_1","unstructured":"ESET. ESET and Sucuri uncover Linux\/Cdorked.A: The most sophisticated Apache backdoor. Press release. April 29. 2013.  ESET. ESET and Sucuri uncover Linux\/Cdorked.A: The most sophisticated Apache backdoor. Press release. April 29. 2013."},{"key":"e_1_2_1_29_1","unstructured":"O. Bilodeau P.-M. Bureau J. Calvet A. Dorais-Joncas M.-E. M. L\u00e9veill\u00e9 and B. Vanheuverzwijn. Operation Windingo --- The vivisection of a large Linux server-side credential stealing malware campaign. White paper. ESET. March 2014.  O. Bilodeau P.-M. Bureau J. Calvet A. Dorais-Joncas M.-E. M. L\u00e9veill\u00e9 and B. Vanheuverzwijn. Operation Windingo --- The vivisection of a large Linux server-side credential stealing malware campaign. White paper. ESET. March 2014."},{"key":"e_1_2_1_30_1","unstructured":"Common Vulnerabilities and Exposures (CVE). Vulnerability in NGINX CVE-2013-4547. 2013.  Common Vulnerabilities and Exposures (CVE). Vulnerability in NGINX CVE-2013-4547. 2013."},{"volume-title":"Perishable Press.","year":"2012","author":"Starr J.","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"T. Berners-Lee R. Fielding and L. Masinter. Uniform Resource Identifier (URI): Generic syntax. RFC 3986. IETF. Network Working Group. Jan. 2005. \u00a9 The Internet Society.  T. Berners-Lee R. Fielding and L. Masinter. Uniform Resource Identifier (URI): Generic syntax. RFC 3986. IETF. Network Working Group. Jan. 2005. \u00a9 The Internet Society.","DOI":"10.17487\/rfc3986"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"T. Berners-Lee L. Masinter and M. McCahill. Uniform Resource Locators (URL). RFC 1738. IETF. Network Working Group. Dec. 1994.   T. Berners-Lee L. Masinter and M. McCahill. Uniform Resource Locators (URL). RFC 1738. IETF. Network Working Group. Dec. 1994.","DOI":"10.17487\/rfc1738"},{"key":"e_1_2_1_34_1","unstructured":"D. Goodin. Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping. ArsTechnica. April 7 2014.  D. Goodin. Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping. ArsTechnica. April 7 2014."},{"key":"e_1_2_1_35_1","unstructured":"D. Goodin. Critical crypto bug exposes Yahoo Mail other passwords Russian roulette-style. ArsTechnica. April 8 2014.  D. Goodin. Critical crypto bug exposes Yahoo Mail other passwords Russian roulette-style. ArsTechnica. April 8 2014."},{"key":"e_1_2_1_36_1","unstructured":"P. Ducklin. Anatomy of a data leakage bug - the OpenSSL \"heartbleed\" buffer overflow. Naked Security. April 8 2014.  P. Ducklin. Anatomy of a data leakage bug - the OpenSSL \"heartbleed\" buffer overflow. Naked Security. April 8 2014."},{"volume-title":"ZDNet.","year":"2014","author":"Tung L.","key":"e_1_2_1_37_1"}],"container-title":["Ubiquity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2822881","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2822881","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:31Z","timestamp":1750225711000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2822881"}},"subtitle":["The Internet of Things (Ubiquity symposium)"],"short-title":[],"issued":{"date-parts":[[2016,1,8]]},"references-count":37,"journal-issue":{"issue":"January","published-print":{"date-parts":[[2016,1,20]]}},"alternative-id":["10.1145\/2822881"],"URL":"https:\/\/doi.org\/10.1145\/2822881","relation":{},"ISSN":["1530-2180"],"issn-type":[{"type":"electronic","value":"1530-2180"}],"subject":[],"published":{"date-parts":[[2016,1,8]]},"assertion":[{"value":"2016-01-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}