MINES: Explainable Anomaly Detection through Web API Invariant Inference
Researchers have developed a new method called MINES for detecting anomalies in web applications by inferring explainable API invariants. This approach focuses on schema-level information rather than raw log data, which helps to filter out noise and identify precise normalities. MINES leverages Large Language Models (LLMs) to extract potential relationships between APIs and database tables, validating these with normal log instances. The system then translates these inferred constraints into invariants to generate Python code for runtime log verification, achieving state-of-the-art results with high recall and minimal false positives on various benchmarks. AI
IMPACT Introduces a novel approach for anomaly detection in web applications using LLMs, potentially improving system reliability and security.