{"id":"https://openalex.org/W3154489205","doi":"https://doi.org/10.1145/3422337.3447833","title":"Real-Time Evasion Attacks against Deep Learning-Based Anomaly Detection from Distributed System Logs","display_name":"Real-Time Evasion Attacks against Deep Learning-Based Anomaly Detection from Distributed System Logs","publication_year":2021,"publication_date":"2021-04-10","ids":{"openalex":"https://openalex.org/W3154489205","doi":"https://doi.org/10.1145/3422337.3447833","mag":"3154489205"},"language":"en","primary_location":{"id":"doi:10.1145/3422337.3447833","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422337.3447833","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056578353","display_name":"J. Dinal Herath","orcid":"https://orcid.org/0000-0001-7568-7765"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"J. Dinal Herath","raw_affiliation_strings":["State University of New York at Binghamton, Binghamton, NY, USA"],"affiliations":[{"raw_affiliation_string":"State University of New York at Binghamton, Binghamton, NY, USA","institution_ids":["https://openalex.org/I123946342"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100668392","display_name":"Ping Yang","orcid":"https://orcid.org/0000-0001-9058-2822"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ping Yang","raw_affiliation_strings":["State University of New York at Binghamton, Binghamton, NY, USA"],"affiliations":[{"raw_affiliation_string":"State University of New York at Binghamton, Binghamton, NY, USA","institution_ids":["https://openalex.org/I123946342"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029645292","display_name":"Guanhua Yan","orcid":"https://orcid.org/0000-0001-7482-4043"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guanhua Yan","raw_affiliation_strings":["State University of New York at Binghamton, Binghamton, NY, USA"],"affiliations":[{"raw_affiliation_string":"State University of New York at Binghamton, Binghamton, NY, USA","institution_ids":["https://openalex.org/I123946342"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5056578353"],"corresponding_institution_ids":["https://openalex.org/I123946342"],"apc_list":null,"apc_paid":null,"fwci":1.5282,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.83047234,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"29","last_page":"40"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.883497953414917},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7729791402816772},{"id":"https://openalex.org/keywords/troubleshooting","display_name":"Troubleshooting","score":0.6676952838897705},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.581143856048584},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5798535346984863},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.548244833946228},{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.46025028824806213},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.42222148180007935},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.42011070251464844},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4041943848133087},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.38138091564178467},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.34781786799430847},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3239387273788452}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.883497953414917},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7729791402816772},{"id":"https://openalex.org/C147494362","wikidata":"https://www.wikidata.org/wiki/Q2078905","display_name":"Troubleshooting","level":2,"score":0.6676952838897705},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.581143856048584},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5798535346984863},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.548244833946228},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.46025028824806213},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.42222148180007935},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.42011070251464844},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4041943848133087},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.38138091564178467},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.34781786799430847},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3239387273788452},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3422337.3447833","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422337.3447833","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6632626937","display_name":null,"funder_award_id":"OAC-1738929","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W228207274","https://openalex.org/W1536680647","https://openalex.org/W1540258466","https://openalex.org/W1876967670","https://openalex.org/W1901129140","https://openalex.org/W2017774072","https://openalex.org/W2039157918","https://openalex.org/W2094924503","https://openalex.org/W2105454049","https://openalex.org/W2114554028","https://openalex.org/W2121863487","https://openalex.org/W2127979711","https://openalex.org/W2136159049","https://openalex.org/W2272254334","https://openalex.org/W2401686019","https://openalex.org/W2560021099","https://openalex.org/W2583874385","https://openalex.org/W2595201844","https://openalex.org/W2754665629","https://openalex.org/W2767094836","https://openalex.org/W2773446523","https://openalex.org/W2804129310","https://openalex.org/W2808242862","https://openalex.org/W2901773810","https://openalex.org/W2906152891","https://openalex.org/W2919115771","https://openalex.org/W2919913503","https://openalex.org/W2947815220","https://openalex.org/W2962700793","https://openalex.org/W2963178695","https://openalex.org/W2963855547","https://openalex.org/W2964304846","https://openalex.org/W2965985637","https://openalex.org/W2993658339","https://openalex.org/W3047074067","https://openalex.org/W4214717370","https://openalex.org/W4247200422"],"related_works":["https://openalex.org/W3186512740","https://openalex.org/W3017266184","https://openalex.org/W2918377632","https://openalex.org/W3194885736","https://openalex.org/W3046391934","https://openalex.org/W4363671829","https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160"],"abstract_inverted_index":{"Distributed":[0],"system":[1,48,113,131],"logs,":[2],"which":[3],"record":[4],"states":[5],"and":[6,22,99,216,242],"events":[7],"that":[8,156,186,226],"occurred":[9],"during":[10],"the":[11,30,120,157,165,172,179,195,202,230],"execution":[12],"of":[13,24,32,123,204,234],"a":[14,135,182,189],"distributed":[15,47,68,112,130,213],"system,":[16],"provide":[17],"valuable":[18],"information":[19],"for":[20,212],"troubleshooting":[21],"diagnosis":[23],"its":[25],"operational":[26],"issues.":[27],"Due":[28],"to":[29,63,73,107,144,193],"complexity":[31,175],"such":[33,94],"systems,":[34,69],"there":[35,84],"have":[36,200],"been":[37],"some":[38],"recent":[39],"research":[40],"efforts":[41],"on":[42,129,206],"automating":[43],"anomaly":[44,56,109,126,161,209,219],"detection":[45,57,110,127,162,210,220],"from":[46,111],"logs":[49,147],"using":[50],"deep":[51,89,124,167],"learning":[52,90,168,184],"models.":[53,169],"As":[54],"these":[55,235],"models":[58,91,128,178,237],"can":[59,159],"also":[60],"be":[61,104],"used":[62],"detect":[64],"malicious":[65],"activities":[66],"inside":[67],"it":[70],"is":[71],"important":[72],"understand":[74],"their":[75],"robustness":[76,122],"against":[77,88],"evasive":[78],"manipulations":[79],"in":[80,92,151,188],"adversarial":[81,121],"environments.":[82],"Although":[83],"are":[85],"various":[86],"attacks":[87,158],"domains":[93],"as":[95,181],"natural":[96],"language":[97],"processing":[98],"image":[100],"classification,":[101],"they":[102],"cannot":[103],"applied":[105],"directly":[106],"evade":[108,160],"logs.":[114,132],"In":[115],"this":[116],"work,":[117],"we":[118],"explore":[119],"learning-based":[125],"We":[133,199],"propose":[134],"real-time":[136,243],"attack":[137,240],"method":[138],"called":[139],"LAM":[140,177,205,227],"(Log":[141],"Anomaly":[142],"Mask)":[143],"perturb":[145],"streaming":[146],"with":[148],"minimal":[149],"modifications":[150],"an":[152,217],"online":[153],"fashion":[154],"so":[155],"by":[163],"even":[164],"state-of-the-art":[166],"To":[170],"overcome":[171],"search":[173],"space":[174],"challenge,":[176],"perturber":[180],"reinforcement":[183],"agent":[185],"operates":[187],"partially":[190],"observable":[191],"environment":[192],"predict":[194],"best":[196],"perturbation":[197],"action.":[198],"evaluated":[201],"effectiveness":[203],"two":[207,236],"log-based":[208],"systems":[211],"systems:":[214],"DeepLog":[215],"AutoEncoder-based":[218],"system.":[221],"Our":[222],"experimental":[223],"results":[224],"show":[225],"significantly":[228],"reduces":[229],"true":[231],"positive":[232],"rate":[233],"while":[238],"achieving":[239],"imperceptibility":[241],"responsiveness.":[244]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}