Skip to Main content Skip to Navigation
Conference papers

An Efficient and Scalable Intrusion Detection System on Logs of Distributed Applications

Abstract : Although security issues are now addressed during the development process of distributed applications, an attack may still affect the provided services or allow access to confidential data. To detect intrusions, we consider an anomaly detection mechanism which relies on a model of the monitored application's normal behavior. During a model construction phase, the application is run multiple times to observe some of its correct behaviors. Each gathered trace enables the identification of significant events and their causality relationships, without requiring the existence of a global clock. The constructed model is dual: an automaton plus a list of likely invariants. The redundancy between the two sub-models decreases when generalization techniques are applied on the automaton. Solutions already proposed suffer from scalability issues. In particular, the time needed to build the model is important and its size impacts the duration of the detection phase. The proposed solutions address these problems, while keeping a good accuracy during the detection phase, in terms of false positive and false negative rates. To evaluate them, a real distributed application and several attacks against the service are considered.
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download
Contributor : Michel Hurfin <>
Submitted on : Tuesday, January 7, 2020 - 3:03:54 PM
Last modification on : Saturday, July 11, 2020 - 3:15:00 AM


Files produced by the author(s)



David Lanoe, Michel Hurfin, Eric Totel, Carlos Maziero. An Efficient and Scalable Intrusion Detection System on Logs of Distributed Applications. SEC 2019 - 34th IFIP International Conference on ICT Systems Security and Privacy Protection, Jun 2019, Lisbonne, Portugal. pp.49-63, ⟨10.1007/978-3-030-22312-0_4⟩. ⟨hal-02409487⟩



Record views


Files downloads