Behavior Modeling of a Distributed Application for Anomaly Detection

Amanda Viescinski, Tiago Heinrich, Newton Will, Carlos Maziero

2022

Abstract

Computational clouds offer services in different formats, aiming to adapt to the needs of each client. This scenario of distributed systems is responsible for the communication, management of services and tools through the exchange of messages. Thus, security in such environments is an important factor. However, the implementation of secure systems to protect information has been a difficult goal to achieve. In addition to the prevention mechanisms, a common approach to achieve security is intrusion detection, which can be carried out by anomaly detection. This technique does not require prior knowledge of attack patterns, since the normal behavior of the monitored environment is used as a basis for detection. This work proposes a behavioral modeling technique for distributed applications using the traces of operations of its nodes, allowing the development of a strategy to identify anomalies. The chosen strategy consists of modeling the normal behavior of the system, which is arranged in sets of n-grams of events. Our goal is to build functional and effective models, which make it possible to detect anomalies in the system, with reduced rates of false positives. The results obtained through the evaluation of the models highlight the feasibility of using n-grams to represent correct activities of a system, with favorable results in the false positive rate and also in terms of accuracy.

Download


Paper Citation


in Harvard Style

Viescinski A., Heinrich T., Will N. and Maziero C. (2022). Behavior Modeling of a Distributed Application for Anomaly Detection. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 333-340. DOI: 10.5220/0011267200003283


in Bibtex Style

@conference{secrypt22,
author={Amanda Viescinski and Tiago Heinrich and Newton Will and Carlos Maziero},
title={Behavior Modeling of a Distributed Application for Anomaly Detection},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={333-340},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011267200003283},
isbn={978-989-758-590-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Behavior Modeling of a Distributed Application for Anomaly Detection
SN - 978-989-758-590-6
AU - Viescinski A.
AU - Heinrich T.
AU - Will N.
AU - Maziero C.
PY - 2022
SP - 333
EP - 340
DO - 10.5220/0011267200003283