Using Invariants for Anomaly Detection: The Case Study of a SaaS Application

被引：13

作者：

Frattini, Flavio ^{[1
]}

Sarkar, Santonu ^{[2
]}

Khasnabish, Jyotiska Nath ^{[3
]}

Russo, Stefano ^{[1
]}

机构：

[1] Univ Naples Federico II, Naples, Italy

[2] BITS Pilani, Pilani, Rajasthan, India

[3] Intl Inst Informat Technol, Bangalore, Karnataka, India

来源：

2014 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW) | 2014年

关键词：

Anomaly detection; invariants; SaaS;

D O I：

10.1109/ISSREW.2014.57

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Invariants represent properties of a system that are expected to hold when everything goes well. Thus, the violation of an invariant most likely corresponds to the occurrence of an anomaly in the system. In this paper, we discuss the accuracy and the completeness of an anomaly detection system based on invariants. The case study we have taken is a back-end operation of a SaaS platform. Results show the rationality of the approach and discuss the impact of the invariant mining strategy on the detection capabilities, both in terms of accuracy and of time to reveal violations.

引用

页码：383 / 388

页数：6

共 23 条

[1]

[Anonymous], 2011, Special Publication 800-39, Managing Information Security Risk Organization, Mission, and Information System View

[2]

[Anonymous], P 24 INT C SOFTW ENG

[3]

[Anonymous], 1991, The Art of Computer Systems Performance Analysis: Techniquesfor Experimental Design, Measurement, Simulation, and Modeling

[4] Unreliable failure detectors for reliable distributed systems [J].