Home   Research Publications Members Related Software
IndexBrowse   BibliographiesMy selection
 Search: in   (word length ≥ 3)
      Login
Publication no #463   Download bibtex file Type :   Html | Bib | Both
Add to my selection
A Model-based Approach to Anomaly Detection in Software Architectures (Poster)

Hemank Lamba, Thomas J. Glazier, Bradley Schmerl, Javier Cámara, David Garlan and Jürgen Pfeffer.


In Symposium and Bootcamp on the Science of Security, Pittsburgh, PA, 19-21 April 2016.

Online links: PDF

Abstract
In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.

Keywords: Science of Security, Software Architecture.  
@InProceedings{2016/Lamba/MBAD,
      AUTHOR = {Lamba, Hemank and Glazier, Thomas J. and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David and Pfeffer, J\"{u}rgen},
      TITLE = {A Model-based Approach to Anomaly Detection in Software Architectures (Poster)},
      YEAR = {2016},
      MONTH = {19-21 April},
      BOOKTITLE = {Symposium and Bootcamp on the Science of Security},
      ADDRESS = {Pittsburgh, PA},
      PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ModelBasedAnomalyDetection.pdf},
      ABSTRACT = {In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.},
      KEYWORDS = {Science of Security, Software Architecture}
}
    Created: 2016-01-29 11:19:55     Modified: 2017-04-17 17:37:32
Feedback: ABLE Webmaster
Last modified: Sat October 12 2019 16:15:32
        BibAdmin