Re: [tracecompass-dev] TotalADS: Total Anomaly Detection System

[Alexandre Montplaisir <alexmonthy@xxxxxxxxxxxx>]

Hi Shariyar,

First, congrats on getting this out! I've seen demos of TotalADS many 
times so far, and I'm very happy to see this coming out as open-source. 
Props to you and all the people at Concordia who worked on this!

Some questions:

Is this meant to be a project of its own? I'm wondering if it wouldn't 
be better to have this in a separate git repository. It could for 
example be under the Trace Compass project umbrella at Eclipse, but have 
its own separate git repo. Especially since it has its own dependencies 
that aren't shared with the rest. It could also be advertised on its 
own, or as a plugin to Trace Compass.
Just throwing the idea out there, we'll have to see more in details how 
everything integrates together.

Related to the previous question, who will be maintaining this? What is 
the plan going forward? I assume it's not "done done", and that there 
will be people around for fixing bugs? Will more people from Concordia 
be working on this? Ideally it shouldn't be a case of "dump & run" ;)


Some remarks:
- Everything Geneviève said!
- It seems to be based on a very recent version of Trace Compass, good 
job getting it up to date!
- Binary test traces should not be committed in the git tree. We host 
our test traces on archive.eclipse.org, and we have our build system 
download them on-demand. We can help you set that up once we get to that 
point.
- Embedded libraries are a big no-no. You could look into using a target 
definition to allow Eclipse to download the dependencies (see the 
"org.eclipse.tracecompass.target" plugin in our git tree). Eclipse 
projects that depend on external libraries have to get them packaged in 
Orbit [1] first. All the ones you are depending on are already in Orbit, 
with the exception of Mahout. But that one seems to be under the Apache 
License, so there should be no problem getting it into Orbit, once we 
get there.


Cheers,
Alexandre


[1] Latest Orbit build: 
http://download.eclipse.org/tools/orbit/downloads/drops/R20140525021250/


On 2014-11-25 11:31 AM, Shariyar wrote:
> Dear all,
>
> I would like to introduce a new plugin for Tracecompass, called TotalADS
> (Total Anomaly Detection System). Here is a brief introduction:
>
> TotalADS is a novel framework for automated host-based anomaly detection.
> TotalADS is an open source tool developed as a plug-in for Eclipse. It
> integrates different anomaly detection algorithms (or techniques),
> different trace readers and a rich set of trace views in one common
> platform.
>
> Currently, TotalADS encompasses three different algorithms, such as
> Sequence Matching (SQM), Kernel State Modeling (KSM), and Hidden Markov
> Model (HMM). It supports execution traces and logs in CTF, XML and text
> format. It also supports live anomaly detection using trace streaming along
> with real time training and testing.
>
> TotalADS also extends another Eclipse plugin called Tracecompass by using
> the rich set of views present in it for the visualization of traces, such
> as control flow of processes,resource usages and etc.
>
> TotalADS has a number of applications, such as automatic detection of zero
> day attacks, diagnosis of anomalous paths in failure traces, and diagnosis
> of performance faults in the system.
>
> TotalADS is extendible through simple Java interfaces: new algorithms and
> trace readers can be easily added.algorithms and trace readers can be
> easily added.
>
> Here is the wiki of TotalADS:
> https://github.com/sshahriyar/org.eclipse.tracecompass/wiki
>
> The fork repository of Tracecompass and the new plugin TotalADS:
> https://github.com/sshahriyar/org.eclipse.tracecompass
>
> TotalADS adds four new plugins to Tracecompass, namely:
>   totalads.core
>   totalads.core.tests
>   totalads.ui
>   totalads.ui.swtbot.tests
> TotalADS does not make changes to the source code of existing plugins of
> Tracecompass except adding references to the plugins where necessary.
>
> Screenshots are available here:
> http://users.encs.concordia.ca/~abdelw/sba/totalads/features.html
>
> A Use Case:
> https://github.com/sshahriyar/org.eclipse.tracecompass/wiki/Use-Case
>
> Let me know how can I push the code for review.
>
> Regards,
> Shariyar
>
>
>
> _______________________________________________
> tracecompass-dev mailing list
> tracecompass-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/tracecompass-dev