Reverse Engineering Utility Functions Using Genetic Programming to Detect Anomalous Behavior in Software

Created by W.Langdon from gp-bibliography.bib Revision:1.4420

  author =       "Sunny Wong and Melissa Aaron and Jeffrey Segall and 
                 Kevin Lynch and Spiros Mancoridis",
  title =        "Reverse Engineering Utility Functions Using Genetic
                 Programming to Detect Anomalous Behavior in Software",
  booktitle =    "17th Working Conference on Reverse Engineering (WCRE
  year =         "2010",
  month =        "13-16 " # oct,
  pages =        "141--149",
  keywords =     "genetic algorithms, genetic programming, sbse, Jigsaw
                 web server, anomalous behaviour detection, reverse
                 engineering utility functions, security attack, sensor
                 values, software engineering, reverse engineering,
                 security of data, software fault tolerance",
  URL =          "",
  DOI =          "doi:10.1109/WCRE.2010.23",
  ISSN =         "1095-1350",
  abstract =     "Recent studies have shown the promise of using utility
                 functions to detect anomalous behaviour in software
                 systems at runtime. However, it remains a challenge for
                 software engineers to hand-craft a utility function
                 that achieves both a high precision (i.e., few false
                 alarms) and a high recall (i.e., few undetected
                 faults). This paper describes a technique that uses
                 genetic programming to automatically evolve a utility
                 function for a specific system, set of resource usage
                 metrics, and precision/recall preference. These metrics
                 are computed using sensor values that monitor a variety
                 of system resources (e.g., memory usage, processor
                 usage, thread count). The technique allows users to
                 specify the relative importance of precision and
                 recall, and builds a utility function to meet those
                 requirements. We evaluated the technique on the open
                 source Jigsaw web server using ten resource usage
                 metrics and five anomalous behaviours in the form of
                 injected faults in the Jigsaw code and a security
                 attack. To assess the effectiveness of the technique,
                 the precision and recall of the evolved utility
                 function was compared to that of a hand-crafted utility
                 function that uses a simple thresholding scheme. The
                 results show that the evolved function outperformed the
                 hand-crafted function by 10 percent.",
  notes =        "self-healing autonomic systems. Java only. No changes
                 to jigsaw source code because uses: JVM, Managed beans,
                 passive sensors MXBeans. Five artificial faults
                 injected (cf mutation testing): denial of service (hog
                 network), infinite loop (denial of CPU), log file
                 explosion (denial of disk), memory leak (java soft
                 reference error, denial of memory), recursion (denial
                 of stack). Scalar fitness function, parallel GP (high
                 migration rate between four islands). PCT1. Elitism.
                 Stop when population gets stuck (no fitness variation).
                 8-12 hours. 3 fixed operating points on ROC curve. Logs
                 converted to HTML web pages???? Refers to

                 Also known as \cite{5645446}",

Genetic Programming entries for Sunny Wong Melissa Aaron Jeffrey Segall Kevin Lynch Spiros Mancoridis