TY - GEN
T1 - Effective online software anomaly detection
AU - Chen, Yizhen
AU - Ying, Ming
AU - Liu, Daren
AU - Alim, Adil
AU - Chen, Feng
AU - Chen, Mei Hwa
N1 - Publisher Copyright: © 2017 Association for Computing Machinery.
PY - 2017/7/10
Y1 - 2017/7/10
N2 - While automatic online software anomaly detection is crucial for ensuring the quality of production software, current techniques are mostly inefficient and ineffective. For online software, its inputs are usually provided by the users at runtime and the validity of the outputs cannot be automatically verified without a predefined oracle. Furthermore, some online anomalous behavior may be caused by the anomalies in the execution context, rather than by any code defect, which are even more difficult to detect. Existing approaches tackle this problem by identifying certain properties observed from the executions of the software during a training process and using them to monitor online software behavior. However, they may require a large execution overhead for monitoring the properties, which limits the applicability of these approaches for online monitoring. We present a methodology that applies effective algorithms to select a close to optimal set of anomaly-revealing properties, which enables online anomaly detection with minimal execution overhead. Our empirical results show that an average of 76.5% of anomalies were detected by using at most 5.5% of execution overhead.
AB - While automatic online software anomaly detection is crucial for ensuring the quality of production software, current techniques are mostly inefficient and ineffective. For online software, its inputs are usually provided by the users at runtime and the validity of the outputs cannot be automatically verified without a predefined oracle. Furthermore, some online anomalous behavior may be caused by the anomalies in the execution context, rather than by any code defect, which are even more difficult to detect. Existing approaches tackle this problem by identifying certain properties observed from the executions of the software during a training process and using them to monitor online software behavior. However, they may require a large execution overhead for monitoring the properties, which limits the applicability of these approaches for online monitoring. We present a methodology that applies effective algorithms to select a close to optimal set of anomaly-revealing properties, which enables online anomaly detection with minimal execution overhead. Our empirical results show that an average of 76.5% of anomalies were detected by using at most 5.5% of execution overhead.
KW - Program invariant
KW - Sensor placement algorithms
KW - Software anomaly detection
UR - https://www.scopus.com/pages/publications/85026655756
U2 - 10.1145/3092703.3092730
DO - 10.1145/3092703.3092730
M3 - Conference contribution
T3 - ISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
SP - 136
EP - 146
BT - ISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
A2 - Sen, Koushik
A2 - Bultan, Tevfik
PB - Association for Computing Machinery, Inc
T2 - 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2017
Y2 - 10 July 2017 through 14 July 2017
ER -