• DocumentCode
    2544545
  • Title

    Anomaly Detection by Monitoring Filesystem Activities

  • Author

    Huang, Liang ; Wong, Kenny

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Alberta, Edmonton, AB, Canada
  • fYear
    2011
  • fDate
    22-24 June 2011
  • Firstpage
    221
  • Lastpage
    222
  • Abstract
    Software diagnosis in enterprise systems is an expensive, largely manual process. It significantly contributes to the increasing costs in IT management, because it takes time and expertise for system administrators to notice an anomalous state due to the information overload generated by the many components in such systems. In this paper, we propose an unsupervised approach for anomaly detection using the monitored application´s run-time behaviors. These behaviors, represented by the state of the file system and how files are accessed when the system is running normally, serve as a baseline. An alert is generated when behaviors that significantly deviate from the baseline appear, and a starting point of investigation is provided to assist the human operators in understanding the context of the problem.
  • Keywords
    file organisation; program diagnostics; security of data; IT management; anomaly detection; enterprise system; filesystem activity monitoring; information overload; run-time behavior; software diagnosis; unsupervised approach; Fuses; Humans; Libraries; Linux; Manuals; Monitoring; Software; Anomaly Detection; Software Diagnosis; Software Monitoring;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Program Comprehension (ICPC), 2011 IEEE 19th International Conference on
  • Conference_Location
    Kingston, ON
  • ISSN
    1092-8138
  • Print_ISBN
    978-1-61284-308-7
  • Electronic_ISBN
    1092-8138
  • Type

    conf

  • DOI
    10.1109/ICPC.2011.23
  • Filename
    5970190
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2544545