A Model-based Approach to Anomaly Detection in Software Architectures (Poster)
Hemank Lamba,
Thomas J. Glazier,
Bradley Schmerl,
Javier Cámara,
David Garlan and Jürgen Pfeffer.
In Symposium and Bootcamp on the Science of Security, Pittsburgh, PA, 19-21 April 2016.
Online links:
Abstract
In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous.
In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style. |
Keywords: Science of Security, Software Architecture.
@InProceedings{2016/Lamba/MBAD,
AUTHOR = {Lamba, Hemank and Glazier, Thomas J. and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David and Pfeffer, J\"{u}rgen},
TITLE = {A Model-based Approach to Anomaly Detection in Software Architectures (Poster)},
YEAR = {2016},
MONTH = {19-21 April},
BOOKTITLE = {Symposium and Bootcamp on the Science of Security},
ADDRESS = {Pittsburgh, PA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ModelBasedAnomalyDetection.pdf},
ABSTRACT = {In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous.
In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.},
KEYWORDS = {Science of Security, Software Architecture} }
|