IEEE Access (Jan 2020)

Anomalies Detection in Software by Conceptual Learning From Normal Executions

  • Ahmad Qadeib Alban,
  • Fahad Islam,
  • Qutaibah M. Malluhi,
  • Ali Jaoua

DOI
https://doi.org/10.1109/ACCESS.2020.3027508
Journal volume & issue
Vol. 8
pp. 179845 – 179856

Abstract

Read online

Could we detect anomalies during the run-time of a program by learning from the analysis of its previous traces for normally completed executions? In this paper we create a featured data set from program traces at run time, either during its regular life, or during its testing phase. This data set represents execution traces of relevant variables including inputs, outputs, intermediate variables, and invariant checks. During a learning mining step, we start from exhaustive random training input sets and map program traces to a minimal set of conceptual patterns. We employ formal concept analysis to do this in an incremental way, and without losing dependencies between data set features. This set of patterns becomes a reference for checking the normality of future program executions as it captures invariant functional dependencies between the variables that need to be preserved during execution. During the learning step, we consider enough input classes corresponding to the different patterns by using random input selection until reaching stability of the set of patterns (i.e. the set is almost no longer changing, and only negligible new patterns are not reducible to it). Experimental results show that the generated patterns are significant in representing normal program executions. They also enable the detection of different executable code contamination at early stages. The proposed method is general and modular. If applied systematically, it enhances software resilience against abnormal and unpredictable events.

Keywords