Trace anomalies as precursors of field failures: an empirical study

Authors:
Sebastian Elbaum;Satya Kanduri;Anneliese Andrews
Affiliations:
Department of Computer Science and Engineering, University of Nebraska---Lincoln, Lincoln, USA;Department of Computer Science and Engineering, University of Nebraska---Lincoln, Lincoln, USA;Department of Computer Science, University of Denver, Denver, USA
Venue:
Empirical Software Engineering
Year:
2007

Citing 26
Cited 5

Software errors and complexity: an empirical investigation0

Communications of the ACM
An Analysis of Several Software Defect Models

IEEE Transactions on Software Engineering
Security audit trail analysis using inductively generated predictive rules

Proceedings of the sixth conference on Artificial intelligence applications
Orthogonal Defect Classification-A Concept for In-Process Measurements

IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
Estimating software fault content before coding

ICSE '92 Proceedings of the 14th international conference on Software engineering
Assessing Software Designs Using Capture-Recapture Methods

IEEE Transactions on Software Engineering - Special issue on software reliability
Experiments of the effectiveness of dataflow- and controlflow-based test adequacy criteria

ICSE '94 Proceedings of the 16th international conference on Software engineering
A Comprehensive Evaluation of Capture-Recapture Models for Estimating Software Defect Content

IEEE Transactions on Software Engineering
Predicting Fault Incidence Using Software Change History

IEEE Transactions on Software Engineering
Tracking down software bugs using automatic anomaly detection

Proceedings of the 24th International Conference on Software Engineering
Semantic anomaly detection in online data sources

Proceedings of the 24th International Conference on Software Engineering
Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Benchmarking Anomaly-Based Detection Systems

DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
An Empirical Study of Tracing Techniques from a Failure Analysis Perspective

ISSRE '02 Proceedings of the 13th International Symposium on Software Reliability Engineering
Markov Chains, Classifiers, and Intrusion Detection

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Software Reliability as a Function of User Execution Patterns

HICSS '99 Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 8 - Volume 8
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Building a Better Backtrace: Techniques for Postmortem Program Analysis

Building a Better Backtrace: Techniques for Postmortem Program Analysis
Skoll: Distributed Continuous Quality Assurance

Proceedings of the 26th International Conference on Software Engineering
An empirical study of profiling strategies for released software and their impact on testing activities

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
The Effects of Algorithmic Diversity on Anomaly Detector Performance

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact

Empirical Software Engineering

SIFT: a scalable iterative-unfolding technique for filtering execution traces

CASCON '08 Proceedings of the 2008 conference of the center for advanced studies on collaborative research: meeting of minds
Online inference and enforcement of temporal properties

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
F007: finding rediscovered faults from the field using function-level failed traces of software in the field

Proceedings of the 2010 Conference of the Center for Advanced Studies on Collaborative Research
Using entropy measures for comparison of software traces

Information Sciences: an International Journal
An empirical study on the use of mutant traces for diagnosis of faults in deployed systems

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Reproducing and learning from failures in deployed software is costly and difficult. Those activities can be facilitated, however, if the circumstances leading to a failure can be recognized and properly captured. To anticipate failures we propose to monitor system field behavior for simple trace instances that deviate from a baseline behavior experienced in-house. In this work, we empirically investigate the effectiveness of various simple anomaly detection schemes to identify the conditions that precede failures in deployed software. The results of our experiment provide a preliminary assessment of these schemes, and expose the tradeoffs between different anomaly detection algorithms applied to several types of observable attributes under varying levels of in-house testing.