Abstract
Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management service-based system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cinque, M., Cotroneo, D., Della Corte, R., Pecchia, A.: Assessing direct monitoring techniques to analyze failures of critical industrial systems. In: ISSRE 2014, pp. 212–222 (2014)
Bondavalli, A., Brancati, F., Ceccarelli, A.: Safe estimation of time uncertainty of local clocks. In: ISPCS, pp.1–6 (2009)
Esper Team and EsperTech Inc. “Esper Reference version 4.9.0”, Technical report (2012)
Oracle corporation., Java Management Extensions (JMX) Technology (2014). http://www.oracle.com. Accessed on 5 March 2015
Secure! project. http://secure.eng.it/. Accessed on 5 March 2015
IEEE. 1044-2009 - standard classification for software anomalies (2009)
Bovenzi, A., Brancati, F., Russo, S., Bondavalli, A.: An OS-level Framework for Anomaly Detection in Complex Software Systems. IEEE Transactions on Dependable and Secure Computing (in press)
Liferay. http://www.liferay.com. Accessed on 5 March 2015
Oracle Corp. Lesson: Introducing MBeans. https://docs.oracle.com. Accessed on 5 March 2015
System Tap. https://sourceware.org/systemtap/. Accessed on 5 March 2015
Wireshark. https://www.wireshark.org/. Accessed on 5 March 2015
Eom, S.B., Lee, S.M., Kim, E.B., Somarajan, C.: A survey of decision support system applications. Journal of the Operational Research Society, pp. 109–120 (1998)
Cameron, M.A., Power, R., Robinson, B., Yin, J.: Emergency situation awareness from twitter for crisis management. In: Proceedings of the 21st International Conference companion on World Wide Web, pp. 695–698 (2012)
https://rclserver.dsi.unifi.it/owncloud/public.php?service=files&t=e41b704d5d546f7e14808ed36a94b9e7 (web site)
Vianello, V., et al.: A Scalable SIEM correlation engine and its application to the olympic games IT infrastructure. In Proceeding of International Conference on Availability, Reliability and Security (2013)
Ficco, M., Romano, L.: A generic intrusion detection and diagnoser system based on complex event processing. CCP 2011, 275–284 (2011)
Cherkasova, L., et al.: Anomaly application change or workload change? towards automated detection of application performance anomaly and change. DSN 2008, 452–461 (2008)
Khanna, G., Varadharajan, P., Bagchi, S.: Automated online monitoring of distributed applications through external monitors. IEEE TDSC 3(2), 115–129 (2006)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection, In: Proceedings of the 7th conference on USENIX Security Symposium, vol. 7, pp. 7–21 (1998)
Duchi, F., Antunes, N., Ceccarelli, A., Vella, G., Rossi, F., Bondavalli, A.: Cost-effective testing for critical off-the-shelf services. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 231–242. Springer, Heidelberg (2014)
Bondavalli, A., Ceccarelli, A., Falai, L., Vadursi, M.: Foundations of measurement theory applied to the evaluation of dependability attributes. In: DSN 2007, pp. 522–531 (2007)
Bondavalli, A., Ceccarelli, A., Falai, L., Vadursi, M.: A new approach and a related tool for dependability measurements on distributed systems. IEEE Trans. Instrum. Meas. 59(4), 820–831 (2010)
Bose, S., Bharathimurugan, S., Kannan, A.: Multi-layer integrated anomaly intrusion detection system for mobile AdHoc networks. In: International Conference on Signal Processing, Communications and Networking, ICSCN 2007. IEEE (2007)
Yongguang, Z., Lee, W.: Intrusion detection in wireless ad-hoc networks. In: Proceedings of the 6th annual international conference on Mobile computing and networking. ACM (2000)
Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB J. 17(5), 1063–1077 (2008)
Acknowledgements
This work has been partially supported by the European Project FP7-PEOPLE-2013-IRSES DEVASSES, the Regional Project POR-CREO 2007-2013 Secure!, and the TENACE PRIN Project (n. 20103P34XC) funded by the Italian Ministry of Education, University and Research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ceccarelli, A., Zoppi, T., Itria, M., Bondavalli, A. (2015). A Multi-layer Anomaly Detector for Dynamic Service-Based Systems. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9337. Springer, Cham. https://doi.org/10.1007/978-3-319-24255-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-24255-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24254-5
Online ISBN: 978-3-319-24255-2
eBook Packages: Computer ScienceComputer Science (R0)