% % GENERATED FROM http://acme.able.cs.cmu.edu % by : anonymous % IP : ec2-52-207-218-95.compute-1.amazonaws.com % at : Thu, 28 Mar 2024 14:26:59 -0400 GMT % % Selection : Publication #463 %
@InProceedings{2016/Lamba/MBAD, AUTHOR = {Lamba, Hemank and Glazier, Thomas J. and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David and Pfeffer, J\"{u}rgen}, TITLE = {A Model-based Approach to Anomaly Detection in Software Architectures (Poster)}, YEAR = {2016}, MONTH = {19-21 April}, BOOKTITLE = {Symposium and Bootcamp on the Science of Security}, ADDRESS = {Pittsburgh, PA}, PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ModelBasedAnomalyDetection.pdf}, ABSTRACT = {In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.}, KEYWORDS = {Science of Security, Software Architecture} }