Invariants are stable relationships among system metrics expected to hold during normal operating conditions. The violation of such relationships can be used to detect anomalies at runtime. However, this approach does not scale to large systems, as the number of invariants quickly grows with the number of considered metrics. The resulting “background noise” for the invariant-based detection system hinders its effectiveness. In this paper we propose a general and automatic approach for identifying a subset of mined invariants that properly model system runtime behavior with a reduced amount of background noise. This translates into better overall performance (i.e., less false positives).

Automatic Invariant Selection for Online Anomaly Detection / Aniello, Leonardo; Ciccotelli, Caludio; Cinque, Marcello; Frattini, Flavio; Querzoni, Leonardo; Russo, Stefano. - STAMPA. - 9922:(2016), pp. 172-183. (Intervento presentato al convegno 35th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2016 tenutosi a Trondheim; Norway) [10.1007/978-3-319-45477-1_14].

Automatic Invariant Selection for Online Anomaly Detection

ANIELLO, LEONARDO;CICCOTELLI , CALUDIO;QUERZONI, Leonardo;
2016

Abstract

Invariants are stable relationships among system metrics expected to hold during normal operating conditions. The violation of such relationships can be used to detect anomalies at runtime. However, this approach does not scale to large systems, as the number of invariants quickly grows with the number of considered metrics. The resulting “background noise” for the invariant-based detection system hinders its effectiveness. In this paper we propose a general and automatic approach for identifying a subset of mined invariants that properly model system runtime behavior with a reduced amount of background noise. This translates into better overall performance (i.e., less false positives).
2016
35th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2016
Computer science; Computers
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Automatic Invariant Selection for Online Anomaly Detection / Aniello, Leonardo; Ciccotelli, Caludio; Cinque, Marcello; Frattini, Flavio; Querzoni, Leonardo; Russo, Stefano. - STAMPA. - 9922:(2016), pp. 172-183. (Intervento presentato al convegno 35th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2016 tenutosi a Trondheim; Norway) [10.1007/978-3-319-45477-1_14].
File allegati a questo prodotto
File Dimensione Formato  
Aniello_Postprint_Automatic_2016.pdf

accesso aperto

Note: https://link.springer.com/chapter/10.1007/978-3-319-45477-1_14
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 372.43 kB
Formato Adobe PDF
372.43 kB Adobe PDF
Aniello_Automatic_2016.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 416.25 kB
Formato Adobe PDF
416.25 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/886496
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact