A runtime attack can be detected on a big data system while processes are executed on various computing devices. A behavior profile can be maintained for tasks or processes running on different computing devices. The existence of a call variance in one of the traces for one of the behavior profiles can be determined. A memory variance can also be detected in one of the behavior profiles. A runtime attack has occurred when both the memory variance and the call variance are determined to exist.
Aditham, Santosh K. and Ranganathan, Nagarajan, "Detecting threats in big data platforms based on call trace and memory access patterns" (2020). USF Patents. 1174.
University of South Florida