A model-based approach to anomaly detection in software architectures

Hemank Lamba, Thomas J. Glazier, Bradley Schmerl, Javier Cámara, David Garlan, Jürgen Pfeffer

Research output: Contribution to conferencePaperpeer-review

4 Scopus citations

Abstract

In an organization, the interactions users have with software leave patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. Here, we propose a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.

Original languageEnglish
Pages69-71
Number of pages3
DOIs
StatePublished - 2016
Externally publishedYes
EventSymposium and Bootcamp on the Science of Security, HotSos 2016 - Pittsburgh, United States
Duration: 19 Apr 201621 Apr 2016

Conference

ConferenceSymposium and Bootcamp on the Science of Security, HotSos 2016
Country/TerritoryUnited States
CityPittsburgh
Period19/04/1621/04/16

Keywords

  • anomaly detection
  • model-based graph clustering

Fingerprint

Dive into the research topics of 'A model-based approach to anomaly detection in software architectures'. Together they form a unique fingerprint.

Cite this