Detection of Anomalies in a SOA System by Learning Algorithms

  • Ilona Bluemke
  • Marcin Tarka
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 170)


The objective of this chapter is to present the detection of anomalies in SOA system by learning algorithms. As it was not possible to inject errors into the “real” SOA system and to measure them, a special model of SOA system was designed and implemented. In this systems several anomalies were introduced and the effectiveness of algorithms in detecting them were measured. The results of experiments may be used to select efficient algorithm for anomaly detection. Two algorithms: K-Means clustering and emerging patterns were used to detect anomalies in the frequency of service call. The results of this experiment are discussed.


False Alarm Intrusion Detection Anomaly Detection Service Oriented Architecture Service Call 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    SOA manifesto, (access July 2011)
  3. 3.
    Lim, S.Y., Jones, A.: Network Anomaly Detection System: The State of Art of Network Behaviour Analysis. In: Proc. of the Int. Conference on Convergence and Hybrid Information Technology 2008, pp. 459–465 (2008), doi:10.1109/ICHIT2008.249Google Scholar
  4. 4.
    Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, USA (1997)Google Scholar
  5. 5.
    Lemonnier, E.: Protocol Anomaly Detection in Network-based IDSs. Defcom white paper (2001)Google Scholar
  6. 6.
    Sekar, R., Gupta, A., Frullo, J., Shanbag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based anomaly detection: A New Approach for Detecting Network Intrusions. In: ACM Computer and Communication Security Conference, Washington, DC, USA (2002)Google Scholar
  7. 7.
    Shan, Z., Chen, P., Xu, Y., Xu, K.: A Network State Based Intrusion Detection Model. In: Proc. of the 2001 International Conference on Computer Networks and Mobile Computing, ICCNMC 2001 (2001)Google Scholar
  8. 8.
    Buschkes, R., Borning, M., Kesdogan, D.: Transaction-based Anomaly Detection. In: Proc. of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA (1999)Google Scholar
  9. 9.
    Anderson, D., Frivold, T., Valdes: A Next-generation Intrusion Detection Expert System, NIDES (2005)Google Scholar
  10. 10.
    Owens, S., Levary, R.: An adaptive expert system approach for intrusion detection. International Journal of Security and Networks 1(3-4) (2006)Google Scholar
  11. 11.
    Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Symposium (1998)Google Scholar
  12. 12.
    Bivens, A., Palagrini, C., Smith, R., Szymański, B., Embrechts, M.: Network-based intrusion detection using neural networks. In: Proc. Intelligent Eng. Systems through Neural Networks, ANNIE 2002, St. Louis, MO, vol. 12, pp. 579–584. ASME Press, NY (2002)Google Scholar
  13. 13.
  14. 14.
  15. 15.
    Fast Artificial Neural Network Library,
  16. 16.
    Ryan, J., Lin, M., Miikkulainen, M.: Intrusion Detection with Neural Networks. In: Advances in Neural Information Processing Systems, vol. 10 (1998)Google Scholar
  17. 17.
    Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. of the 8th USENIX Security Symposium, Washington, D.C., USA (1999)Google Scholar
  18. 18.
    Han, S.-J., Cho, S.-B.: Evolutionary Neural Networks for Anomaly Detection Based on the Behaviour of a Program. IEEE Transactions on Systems, Man and Cybernetics (2006)Google Scholar
  19. 19.
    Bivens, A., et al.: Network-based intrusion detection using neural networks. In: Proc. of Intelligent Engineering Systems through Artificial Neural Networks, ANNIE 2002, St.Luis, MO, vol. 12, pp. 579–584. ASME press, New York (2002)Google Scholar
  20. 20.
    Ceci, M., Appice, A., Caruso, C., Malerba, D.: Discovering Emerging Patterns for Anomaly Detection in Network Connection Data. In: An, A., Matwin, S., Raś, Z.W., Ślęzak, D. (eds.) Foundations of Intelligent Systems. LNCS (LNAI), vol. 4994, pp. 179–188. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Denning, D., Neumann, P.: Requirements and Model for IDES-A Real-Time Intrusion-Detection Expert System. SRI Project 6169, SRI International, Menlo Park, CA (1985)Google Scholar
  22. 22.
    Masum, S., Ye, E.M., Chen, Q., Noh, K.: Chi-square statistical profiling for anomaly detection. In: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security (2000)Google Scholar
  23. 23.
    Ye, N., Chen, Q.: An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Qual. Reliab. Engng. Int. 17, 105–112 (2001)CrossRefGoogle Scholar
  24. 24.
  25. 25.
    Tarka, M.: Anomaly detection in SOA systems. Msc Thesis, Institute of Computer Science, Warsaw University of Technology (2011)Google Scholar
  26. 26.
    The R Project for Statistical Computing, (access September 2011)
  27. 27.
    Munz, G., Li, S., Carle, G.: Traffic Anomaly Detection Using K-Means Clustering, Wilhelm Schickard Institute for Computer Science, University of Tuebingen (2007)Google Scholar
  28. 28.
    Guozhu, D., Jinyan, L.: Efficient Mining of Emerging Patterns: Discovering Trends and Differences. Wright State University, The University of Melbourne (2007)Google Scholar
  29. 29.
    Hanley, J.A.: Receiver operating characteristic (ROC) methodology: the state of the art. Crit. Rev. Diagn. Imaging (1989)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Institute of Computer ScienceWarsaw University of TechnologyWarsawPoland

Personalised recommendations