Abstract
Revealing anomalies to support error detection in software-intensive systems is a promising approach when traditional detection mechanisms are considered inadequate or not applicable. The core of anomaly detection lies in the definition of the expected behavior of the observed system. Unfortunately, the behavior of complex and dynamic systems is particularly difficult to understand. To improve the accuracy of anomaly detection in such systems, in this paper we present a context-aware anomaly detection framework which acquires information on the running services to calibrate the anomaly detection. To cope with system dynamicity, our framework avoids instrumenting probes into the application layer of the observed system monitoring multiple underlying layers instead. Experimental evaluation shows that the detection accuracy is increased considerably through context-awareness and multiple layers monitoring. Results are compared to state-of-the-art anomaly detectors exercised in demanding more static contexts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
Baldoni, R., Montanari, L., Rizzuto, M.: On-line failure prediction in safety-critical systems. Future Gener. Comput. Syst. 45, 123–132 (2015)
Williams, A.W., Pertet, S.M., Narasimhan, P.: Tiresias: black-box failure prediction in distributed systems. In: Parallel and Distributed Processing Symposium, IPDPS 2007. IEEE (2007)
Tanenbaum, A.S., Van Steen, M.: Distributed Systems. Prentice-Hall, Upper saddle River (2007)
Bose, S., Bharathimurugan, S., Kannan, A.: Multi-layer integrated anomaly intrusion detection system for mobile adhoc networks. In: 2007 International Conference on Signal Processing, Communications and Networking, ICSCN 2007. IEEE (2007)
Ceccarelli, A., Zoppi, T., Itria, M., Bondavalli, A.: A multi-layer anomaly detector for dynamic service-based systems. In: Koornneef, F. (ed.) SAFECOMP 2015. LNCS, vol. 9337, pp. 166–180. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24255-2_13
Jyothsna, V., Rama Prasad, V.V., Munivara Prasad, K.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)
Secure! project. http://secure.eng.it/ Accessed 1 Mar 2016
Bondavalli, A., et al.: Resilient estimation of synchronisation uncertainty through software clocks. Int. J. Crit. Comput.-Based Syst. 4(4), 301–322 (2013)
Modi, C., et al.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Shabtai, A., et al.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Sokolova, M., Japkowicz, N., Szpakowicz, S.: Beyond accuracy, F-score and ROC: a family of discriminant measures for performance evaluation. In: Sattar, A., Kang, B. (eds.) AI 2006, pp. 1015–1021. Springer, Heidelberg (2006)
Liferay. http://www.liferay.com Accessed 1 Mar 2016
Bovenzi, A., et al.: An OS-level framework for anomaly detection in complex software systems. IEEE Trans. Dependable Secure Comput. 12(3), 366–372 (2015)
Erl, T.: SOA: Principles of Service Design, vol. 1. Prentice Hall, Upper Saddle River (2008)
Truong, H.-L., Dustdar, S.: A survey on context-aware web service systems. Int. J. Web Inf. Syst. 5(1), 5–31 (2009)
Loos, C.: E-health with mobile grids: the akogrimo heart monitoring and emergency scenario. Akogrimo White Paper (2006). online
Esper Team and EsperTech Inc.: Esper reference version 4.9.0. Technical report (2012)
Valls, M.G., Iago, R.L., Villar, L.F.: iLAND: an enhanced middleware for real-time reconfiguration of service oriented distributed real-time systems. IEEE Trans. Ind. Inf. 9(1), 228–236 (2013)
rclserver.dsi.unifi.it/owncloud/public.php?service=files&t=89f4b993136bda20ae9cfb3f32ac62da
Thramboulidis, K., Doukas, G., Koumoutsos, G.: A SOA-based embedded systems development environment for industrial automation. EURASIP J. Embed. Syst. 2008, 1–15 (2008). Article no. 3
Bondavalli, A., et al.: Differential analysis of operating system indicators for anomaly detection in dependable systems: an experimental study. Measurement 80, 229–240 (2016)
Zoppi, T.: Multi-layer anomaly detection in complex dynamic critical systems. In: Dependable Systems and Networks – Student Forum Session, DSN (2015)
Cotroneo, D., et al.: Failure classification and analysis of the java virtual machine, ICDCS 2006. In: 26th IEEE International Conference on Distributed Computing Systems. IEEE (2006)
Acknowledgements
This work has been partially supported by the Joint Program Initiative (JPI) Urban Europe via the IRENE project, by the European FP7-ICT-2013-10-610535 AMADEOS project and by the European FP7-IRSES DEVASSES.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Zoppi, T., Ceccarelli, A., Bondavalli, A. (2016). Context-Awareness to Improve Anomaly Detection in Dynamic Service Oriented Architectures. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)