{"title":"通过监视文件系统活动进行异常检测","authors":"Liang Huang, Kenny Wong","doi":"10.1109/ICPC.2011.23","DOIUrl":null,"url":null,"abstract":"Software diagnosis in enterprise systems is an expensive, largely manual process. It significantly contributes to the increasing costs in IT management, because it takes time and expertise for system administrators to notice an anomalous state due to the information overload generated by the many components in such systems. In this paper, we propose an unsupervised approach for anomaly detection using the monitored application's run-time behaviors. These behaviors, represented by the state of the file system and how files are accessed when the system is running normally, serve as a baseline. An alert is generated when behaviors that significantly deviate from the baseline appear, and a starting point of investigation is provided to assist the human operators in understanding the context of the problem.","PeriodicalId":345601,"journal":{"name":"2011 IEEE 19th International Conference on Program Comprehension","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Anomaly Detection by Monitoring Filesystem Activities\",\"authors\":\"Liang Huang, Kenny Wong\",\"doi\":\"10.1109/ICPC.2011.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software diagnosis in enterprise systems is an expensive, largely manual process. It significantly contributes to the increasing costs in IT management, because it takes time and expertise for system administrators to notice an anomalous state due to the information overload generated by the many components in such systems. In this paper, we propose an unsupervised approach for anomaly detection using the monitored application's run-time behaviors. These behaviors, represented by the state of the file system and how files are accessed when the system is running normally, serve as a baseline. An alert is generated when behaviors that significantly deviate from the baseline appear, and a starting point of investigation is provided to assist the human operators in understanding the context of the problem.\",\"PeriodicalId\":345601,\"journal\":{\"name\":\"2011 IEEE 19th International Conference on Program Comprehension\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 19th International Conference on Program Comprehension\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICPC.2011.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 19th International Conference on Program Comprehension","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICPC.2011.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Anomaly Detection by Monitoring Filesystem Activities
Software diagnosis in enterprise systems is an expensive, largely manual process. It significantly contributes to the increasing costs in IT management, because it takes time and expertise for system administrators to notice an anomalous state due to the information overload generated by the many components in such systems. In this paper, we propose an unsupervised approach for anomaly detection using the monitored application's run-time behaviors. These behaviors, represented by the state of the file system and how files are accessed when the system is running normally, serve as a baseline. An alert is generated when behaviors that significantly deviate from the baseline appear, and a starting point of investigation is provided to assist the human operators in understanding the context of the problem.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
