Visible to the public Mining Software Component Interactions to Detect Security Threats at the Architectural LevelConflict Detection Enabled

TitleMining Software Component Interactions to Detect Security Threats at the Architectural Level
Publication TypeConference Proceedings
Year of Publication2016
AuthorsEric Yuan, Sam Malek
Conference Name13th Working IEEE/IFIP Conference on Software Architecture (WICSA 2016)
Date Published4/5/2016
Conference LocationVenice, Italy
ISBN978-1-5090-2563-3
KeywordsApr'16, CMU, data mining, security, software architecture
Abstract

Conventional security mechanisms at network, host, and source code levels are no longer sufficient in detecting and responding to increasingly dynamic and sophisticated cyber threats today. Detecting anomalous behavior at the architectural level can help better explain the intent of the threat and strengthen overall system security posture. To that end, we present a framework that mines software component interactions from system execution history and applies a detection algorithm to identify anomalous behavior. The framework uses unsupervised learning at runtime, can perform fast anomaly detection "on the fly", and can quickly adapt to system load fluctuations and user behavior shifts. Our evaluation of the approach against a real Emergency Deployment System has demonstrated very promising results, showing the framework can effectively detect covert attacks, including insider threats, that may be easily missed by traditional intrusion detection methods.

DOI10.1109/WICSA.2016.12
Citation Keynode-25989

Other available formats:

Yuan_Mining_Software_DG.pdf
AttachmentTaxonomyKindSize
Yuan_Mining_Software_DG.pdfPDF document1.25 MBDownloadPreview
AttachmentSize
bytes