Visible to the public A Model-based Approach to Anomaly Detection in Software ArchitecturesConflict Detection Enabled

TitleA Model-based Approach to Anomaly Detection in Software Architectures
Publication TypeConference Proceedings
Year of Publication2016
AuthorsHemank Lamba, Thomas J. Glazier, Bradley Schmerl, Javier Camara, David Garlan, Jurgen Pfeffer
Conference NameSymposium and Bootcamp on the Science of Security (HotSoS)
Date Published4/19/2016
PublisherACM New York, NY
Conference LocationPittsburgh, PA
ISBN978-1-4503-4277-3
Keywordsanomaly detection, Apr'16, CMU, model-based graph clustering
Abstract

In an organization, the interactions users have with software leave patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. Here, we propose a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.

DOI10.1145/2898375.2898401
Citation Keynode-25994

Other available formats:

Lamba_Model_Based_Approach_DC.pdf
AttachmentTaxonomyKindSize
Lamba_Model_Based_Approach_DC.pdfPDF document936.45 KBDownloadPreview
AttachmentSize
bytes