Application-level anomaly detection

Assignee

• International Business Machines Corporation · US

Inventors

• Mauro Baluda · Bergamo, IT
• Paul C. Castro · White Plains, US
• Marco Pistoia · Amawalk, US
• John Ponzo · Yorktown Heights, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2115
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An example includes intercepting one or more activities performed by an application on a computing device. The intercepting uses an instrumentation layer separating the application from an operating system on the computing device. The one or more activities are compared with one or more anomaly detection policies in a policy configuration file to detect or not detect presence of one or more anomalies. In response to the comparison detecting presence of one or more anomalies, indication(s) of the one or more anomalies are stored. Another example includes receiving indication(s) of anomaly(ies) experienced by an application on computing device(s) and analyzing the indication(s) of the anomaly(ies) to determine whether corrective action(s) should be issued. Responsive to a determination corrective action(s) should be issued based on the analyzing, the corrective action(s) are issued to the computing device(s). Methods, program products, and apparatus are disclosed.