Context-Awareness to Improve Anomaly Detection in Dynamic Service Oriented Architectures
Revealing anomalies to support error detection in software-intensive systems is a promising approach when traditional detection mechanisms are considered inadequate or not applicable. The core of anomaly detection lies in the definition of the expected behavior of the observed system. Unfortunately, the behavior of complex and dynamic systems is particularly difficult to understand. To improve the accuracy of anomaly detection in such systems, in this paper we present a context-aware anomaly detection framework which acquires information on the running services to calibrate the anomaly detection. To cope with system dynamicity, our framework avoids instrumenting probes into the application layer of the observed system monitoring multiple underlying layers instead. Experimental evaluation shows that the detection accuracy is increased considerably through context-awareness and multiple layers monitoring. Results are compared to state-of-the-art anomaly detectors exercised in demanding more static contexts.
KeywordsAnomaly detection Monitoring Service Oriented Architecture SOA Context aware Multi-layer
This work has been partially supported by the Joint Program Initiative (JPI) Urban Europe via the IRENE project, by the European FP7-ICT-2013-10-610535 AMADEOS project and by the European FP7-IRSES DEVASSES.
- 3.Williams, A.W., Pertet, S.M., Narasimhan, P.: Tiresias: black-box failure prediction in distributed systems. In: Parallel and Distributed Processing Symposium, IPDPS 2007. IEEE (2007)Google Scholar
- 5.Bose, S., Bharathimurugan, S., Kannan, A.: Multi-layer integrated anomaly intrusion detection system for mobile adhoc networks. In: 2007 International Conference on Signal Processing, Communications and Networking, ICSCN 2007. IEEE (2007)Google Scholar
- 7.Jyothsna, V., Rama Prasad, V.V., Munivara Prasad, K.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)Google Scholar
- 8.Secure! project. http://secure.eng.it/ Accessed 1 Mar 2016
- 12.Sokolova, M., Japkowicz, N., Szpakowicz, S.: Beyond accuracy, F-score and ROC: a family of discriminant measures for performance evaluation. In: Sattar, A., Kang, B. (eds.) AI 2006, pp. 1015–1021. Springer, Heidelberg (2006)Google Scholar
- 13.Liferay. http://www.liferay.com Accessed 1 Mar 2016
- 15.Erl, T.: SOA: Principles of Service Design, vol. 1. Prentice Hall, Upper Saddle River (2008)Google Scholar
- 17.Loos, C.: E-health with mobile grids: the akogrimo heart monitoring and emergency scenario. Akogrimo White Paper (2006). onlineGoogle Scholar
- 18.Esper Team and EsperTech Inc.: Esper reference version 4.9.0. Technical report (2012)Google Scholar
- 23.Zoppi, T.: Multi-layer anomaly detection in complex dynamic critical systems. In: Dependable Systems and Networks – Student Forum Session, DSN (2015)Google Scholar
- 24.Cotroneo, D., et al.: Failure classification and analysis of the java virtual machine, ICDCS 2006. In: 26th IEEE International Conference on Distributed Computing Systems. IEEE (2006)Google Scholar