Application Behavior Anomaly Detection

Motivation

In software development we often develop tests on various levels to ensure application behaves correctly. Many times there is lack of resources to test applications in detail, in different environments, in different configuration. Also maintenance of tests is time-consuming. Rapid development of test suites with little code (therefore easier to maintain) having only abstract terms. This can be applied to multiple environments and can help with regression.

There exist general solution, but they are very general. Having a common platform makes it easier to narrow the search space. The idea of AppBAD is to scan/record application behavior which has been thouroughly verified by other tools or people, create model out of it and then detect anomalous behaviour of the next version of application or in different environment. The idea is not to replace automated tests. It is intended to be an additional tool to perform verification. Functional testing - there has to be defined exact things to test. Code might be complicated. Visual testing compares snapshots of application so that any, even the valid, difference from baseline is considered as a failed test. Therefore such test requires precise setup to prevent many false positives.

Architecture

The system is intended to be used in the following flow:
  1. Scan behaviour of application.
  2. Create a model of application behavior ouf of collection of scans.
  3. Use the model to define a detection rule.
  4. Detect anomalous behavior of application based on detection rules.

What is meant by a scan?

It is a captured application state at certain point in time. Such state can be on different levels, e.g., data in database, api response, or rendered table in HTML or screenshot.

Challenges

Proof of concept

Intention of POC is to apply the idea on a simple use case where it brings benefit and implementation is not difficult.
For this purpose, web page (element) anomaly detection was implemented and is available at GH: https://github.com/dusann-dev/webapp-bad

Contact

Forward any questions to dusan.navratil.developer@gmail.com