Invariants represent properties of a system that are expected to hold when everything goes well. Thus, the violation of an invariant most likely corresponds to the occurrence of an anomaly in the system. In this paper, we discuss the accuracy and the completeness of an anomaly detection system based on invariants. The case study we have taken is a back-end operation of a SaaS platform. Results show the rationality of the approach and discuss the impact of the invariant mining strategy on the detection capabilities, both in terms of accuracy and of time to reveal violations.
Using Invariants for Anomaly Detection: The Case Study of a SaaS Application / Frattini, Flavio; S., Sarkar; J. N., Khasnabish; Russo, Stefano. - (2014), pp. 383-388. (Intervento presentato al convegno 2nd IEEE International Workshop on Reliability and Security Data Analysis (RSDA) tenutosi a Napoli nel 3-6 novembre 2014) [10.1109/ISSREW.2014.57].
Using Invariants for Anomaly Detection: The Case Study of a SaaS Application
FRATTINI, FLAVIO;RUSSO, STEFANO
2014
Abstract
Invariants represent properties of a system that are expected to hold when everything goes well. Thus, the violation of an invariant most likely corresponds to the occurrence of an anomaly in the system. In this paper, we discuss the accuracy and the completeness of an anomaly detection system based on invariants. The case study we have taken is a back-end operation of a SaaS platform. Results show the rationality of the approach and discuss the impact of the invariant mining strategy on the detection capabilities, both in terms of accuracy and of time to reveal violations.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
