Context-Awareness to Improve Anomaly Detection in Dynamic Service Oriented Architectures

  • Tommaso ZoppiEmail author
  • Andrea Ceccarelli
  • Andrea Bondavalli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9922)


Revealing anomalies to support error detection in software-intensive systems is a promising approach when traditional detection mechanisms are considered inadequate or not applicable. The core of anomaly detection lies in the definition of the expected behavior of the observed system. Unfortunately, the behavior of complex and dynamic systems is particularly difficult to understand. To improve the accuracy of anomaly detection in such systems, in this paper we present a context-aware anomaly detection framework which acquires information on the running services to calibrate the anomaly detection. To cope with system dynamicity, our framework avoids instrumenting probes into the application layer of the observed system monitoring multiple underlying layers instead. Experimental evaluation shows that the detection accuracy is increased considerably through context-awareness and multiple layers monitoring. Results are compared to state-of-the-art anomaly detectors exercised in demanding more static contexts.


Anomaly detection Monitoring Service Oriented Architecture SOA Context aware Multi-layer 



This work has been partially supported by the Joint Program Initiative (JPI) Urban Europe via the IRENE project, by the European FP7-ICT-2013-10-610535 AMADEOS project and by the European FP7-IRSES DEVASSES.


  1. 1.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)CrossRefGoogle Scholar
  2. 2.
    Baldoni, R., Montanari, L., Rizzuto, M.: On-line failure prediction in safety-critical systems. Future Gener. Comput. Syst. 45, 123–132 (2015)CrossRefGoogle Scholar
  3. 3.
    Williams, A.W., Pertet, S.M., Narasimhan, P.: Tiresias: black-box failure prediction in distributed systems. In: Parallel and Distributed Processing Symposium, IPDPS 2007. IEEE (2007)Google Scholar
  4. 4.
    Tanenbaum, A.S., Van Steen, M.: Distributed Systems. Prentice-Hall, Upper saddle River (2007)zbMATHGoogle Scholar
  5. 5.
    Bose, S., Bharathimurugan, S., Kannan, A.: Multi-layer integrated anomaly intrusion detection system for mobile adhoc networks. In: 2007 International Conference on Signal Processing, Communications and Networking, ICSCN 2007. IEEE (2007)Google Scholar
  6. 6.
    Ceccarelli, A., Zoppi, T., Itria, M., Bondavalli, A.: A multi-layer anomaly detector for dynamic service-based systems. In: Koornneef, F. (ed.) SAFECOMP 2015. LNCS, vol. 9337, pp. 166–180. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24255-2_13 CrossRefGoogle Scholar
  7. 7.
    Jyothsna, V., Rama Prasad, V.V., Munivara Prasad, K.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)Google Scholar
  8. 8.
    Secure! project. Accessed 1 Mar 2016
  9. 9.
    Bondavalli, A., et al.: Resilient estimation of synchronisation uncertainty through software clocks. Int. J. Crit. Comput.-Based Syst. 4(4), 301–322 (2013)CrossRefGoogle Scholar
  10. 10.
    Modi, C., et al.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Shabtai, A., et al.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)CrossRefGoogle Scholar
  12. 12.
    Sokolova, M., Japkowicz, N., Szpakowicz, S.: Beyond accuracy, F-score and ROC: a family of discriminant measures for performance evaluation. In: Sattar, A., Kang, B. (eds.) AI 2006, pp. 1015–1021. Springer, Heidelberg (2006)Google Scholar
  13. 13.
    Liferay. Accessed 1 Mar 2016
  14. 14.
    Bovenzi, A., et al.: An OS-level framework for anomaly detection in complex software systems. IEEE Trans. Dependable Secure Comput. 12(3), 366–372 (2015)CrossRefGoogle Scholar
  15. 15.
    Erl, T.: SOA: Principles of Service Design, vol. 1. Prentice Hall, Upper Saddle River (2008)Google Scholar
  16. 16.
    Truong, H.-L., Dustdar, S.: A survey on context-aware web service systems. Int. J. Web Inf. Syst. 5(1), 5–31 (2009)CrossRefGoogle Scholar
  17. 17.
    Loos, C.: E-health with mobile grids: the akogrimo heart monitoring and emergency scenario. Akogrimo White Paper (2006). onlineGoogle Scholar
  18. 18.
    Esper Team and EsperTech Inc.: Esper reference version 4.9.0. Technical report (2012)Google Scholar
  19. 19.
    Valls, M.G., Iago, R.L., Villar, L.F.: iLAND: an enhanced middleware for real-time reconfiguration of service oriented distributed real-time systems. IEEE Trans. Ind. Inf. 9(1), 228–236 (2013)CrossRefGoogle Scholar
  20. 20.
  21. 21.
    Thramboulidis, K., Doukas, G., Koumoutsos, G.: A SOA-based embedded systems development environment for industrial automation. EURASIP J. Embed. Syst. 2008, 1–15 (2008). Article no. 3CrossRefGoogle Scholar
  22. 22.
    Bondavalli, A., et al.: Differential analysis of operating system indicators for anomaly detection in dependable systems: an experimental study. Measurement 80, 229–240 (2016)CrossRefGoogle Scholar
  23. 23.
    Zoppi, T.: Multi-layer anomaly detection in complex dynamic critical systems. In: Dependable Systems and Networks – Student Forum Session, DSN (2015)Google Scholar
  24. 24.
    Cotroneo, D., et al.: Failure classification and analysis of the java virtual machine, ICDCS 2006. In: 26th IEEE International Conference on Distributed Computing Systems. IEEE (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Tommaso Zoppi
    • 1
    Email author
  • Andrea Ceccarelli
    • 1
  • Andrea Bondavalli
    • 1
  1. 1.University of FlorenceFlorenceItaly

Personalised recommendations