Detecting and analyzing anomalies across historical data changes: A data-driven approach

The history of data changes can yield information about the nature of the change processes. Often, data evolve according to rules and constraints, making it possible to identify a profile of evolution: the values a data item assumes over time, the frequencies at which it changes, the temporal variation in relation to other data, or other constraints that are directly connected to the reference domain. A violation of these rules could be the signal of different menaces that threat the system, including: attempts of a tampering or a cyber attack, a failure in the operation of the system, a bug in the applications which manage the lifecycle of data. Detecting such violations is not straightforward, as rules could be unknown or hard to extract. In this paper we propose an approach to extract the legal or expected evolution of a database, by observing it in a frame of its lifecycle. The obtained profile of evolution is then used to detect anomalies in the database state evolution. The approach has been validated by an experiment that produced encouraging outcomes about its precision and efficacy.