Bridges, Susan M.

Committee Member

Vaughn, Rayford B.

Committee Member

Hansen, Eric

Committee Member

Reese, Donna S.

Date of Degree


Document Type

Graduate Thesis - Open Access

Degree Name

Master of Science


Several algorithms have been proposed to implement intrusion detection systems (IDS) based on the idea that anomalies in the behavior of a system might be produced by a set of actions of an intruder or by a system fault. Almost no previous research has been conducted in the area of anomaly detection for high performance clusters. The research reported in this thesis demonstrates that the analysis of sequences of function calls issued by one or more processes can be used to verify the correct execution of parallel programs written in C/C++ with the Message Passing Interface (MPI) in a cluster of Linux workstations. The functions calls were collected via library interposition. Two anomaly detection algorithms previously reported to be effective methods for anomaly detection in sequences of system calls, Hidden Markov Model and sequence matching, were implemented and tested. In general, the simpler sequence matching algorithm out-performed the Hidden Markov Model.