Title :
Anomaly Detection by Monitoring Filesystem Activities
Author :
Huang, Liang ; Wong, Kenny
Author_Institution :
Dept. of Comput. Sci., Univ. of Alberta, Edmonton, AB, Canada
Abstract :
Software diagnosis in enterprise systems is an expensive, largely manual process. It significantly contributes to the increasing costs in IT management, because it takes time and expertise for system administrators to notice an anomalous state due to the information overload generated by the many components in such systems. In this paper, we propose an unsupervised approach for anomaly detection using the monitored application´s run-time behaviors. These behaviors, represented by the state of the file system and how files are accessed when the system is running normally, serve as a baseline. An alert is generated when behaviors that significantly deviate from the baseline appear, and a starting point of investigation is provided to assist the human operators in understanding the context of the problem.
Keywords :
file organisation; program diagnostics; security of data; IT management; anomaly detection; enterprise system; filesystem activity monitoring; information overload; run-time behavior; software diagnosis; unsupervised approach; Fuses; Humans; Libraries; Linux; Manuals; Monitoring; Software; Anomaly Detection; Software Diagnosis; Software Monitoring;
Conference_Titel :
Program Comprehension (ICPC), 2011 IEEE 19th International Conference on
Conference_Location :
Kingston, ON
Print_ISBN :
978-1-61284-308-7
Electronic_ISBN :
1092-8138
DOI :
10.1109/ICPC.2011.23
