Abstract
The objective of this chapter is to present the detection of anomalies in SOA system by learning algorithms. As it was not possible to inject errors into the “real” SOA system and to measure them, a special model of SOA system was designed and implemented. In this systems several anomalies were introduced and the effectiveness of algorithms in detecting them were measured. The results of experiments may be used to select efficient algorithm for anomaly detection. Two algorithms: K-Means clustering and emerging patterns were used to detect anomalies in the frequency of service call. The results of this experiment are discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BPEL Standard, http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.html (access July 2011)
SOA manifesto, http://www.soa-manifesto.org (access July 2011)
Lim, S.Y., Jones, A.: Network Anomaly Detection System: The State of Art of Network Behaviour Analysis. In: Proc. of the Int. Conference on Convergence and Hybrid Information Technology 2008, pp. 459–465 (2008), doi:10.1109/ICHIT2008.249
Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, USA (1997)
Lemonnier, E.: Protocol Anomaly Detection in Network-based IDSs. Defcom white paper (2001)
Sekar, R., Gupta, A., Frullo, J., Shanbag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based anomaly detection: A New Approach for Detecting Network Intrusions. In: ACM Computer and Communication Security Conference, Washington, DC, USA (2002)
Shan, Z., Chen, P., Xu, Y., Xu, K.: A Network State Based Intrusion Detection Model. In: Proc. of the 2001 International Conference on Computer Networks and Mobile Computing, ICCNMC 2001 (2001)
Buschkes, R., Borning, M., Kesdogan, D.: Transaction-based Anomaly Detection. In: Proc. of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA (1999)
Anderson, D., Frivold, T., Valdes: A Next-generation Intrusion Detection Expert System, NIDES (2005)
Owens, S., Levary, R.: An adaptive expert system approach for intrusion detection. International Journal of Security and Networks 1(3-4) (2006)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Symposium (1998)
Bivens, A., Palagrini, C., Smith, R., Szymański, B., Embrechts, M.: Network-based intrusion detection using neural networks. In: Proc. Intelligent Eng. Systems through Neural Networks, ANNIE 2002, St. Louis, MO, vol. 12, pp. 579–584. ASME Press, NY (2002)
C Neural network library, http://franck.fleurey.free.fr/NeuralNetwork/
NeuroBox, http://www.cdrnet.net/projects/neuro/
Fast Artificial Neural Network Library, http://sourceforge.net/projects/fann/
Ryan, J., Lin, M., Miikkulainen, M.: Intrusion Detection with Neural Networks. In: Advances in Neural Information Processing Systems, vol. 10 (1998)
Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proc. of the 8th USENIX Security Symposium, Washington, D.C., USA (1999)
Han, S.-J., Cho, S.-B.: Evolutionary Neural Networks for Anomaly Detection Based on the Behaviour of a Program. IEEE Transactions on Systems, Man and Cybernetics (2006)
Bivens, A., et al.: Network-based intrusion detection using neural networks. In: Proc. of Intelligent Engineering Systems through Artificial Neural Networks, ANNIE 2002, St.Luis, MO, vol. 12, pp. 579–584. ASME press, New York (2002)
Ceci, M., Appice, A., Caruso, C., Malerba, D.: Discovering Emerging Patterns for Anomaly Detection in Network Connection Data. In: An, A., Matwin, S., Raś, Z.W., Ślęzak, D. (eds.) Foundations of Intelligent Systems. LNCS (LNAI), vol. 4994, pp. 179–188. Springer, Heidelberg (2008)
Denning, D., Neumann, P.: Requirements and Model for IDES-A Real-Time Intrusion-Detection Expert System. SRI Project 6169, SRI International, Menlo Park, CA (1985)
Masum, S., Ye, E.M., Chen, Q., Noh, K.: Chi-square statistical profiling for anomaly detection. In: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security (2000)
Ye, N., Chen, Q.: An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Qual. Reliab. Engng. Int. 17, 105–112 (2001)
Tarka, M.: Anomaly detection in SOA systems. Msc Thesis, Institute of Computer Science, Warsaw University of Technology (2011)
The R Project for Statistical Computing, http://gcc.gnu.org/ (access September 2011)
Munz, G., Li, S., Carle, G.: Traffic Anomaly Detection Using K-Means Clustering, Wilhelm Schickard Institute for Computer Science, University of Tuebingen (2007)
Guozhu, D., Jinyan, L.: Efficient Mining of Emerging Patterns: Discovering Trends and Differences. Wright State University, The University of Melbourne (2007)
Hanley, J.A.: Receiver operating characteristic (ROC) methodology: the state of the art. Crit. Rev. Diagn. Imaging (1989)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bluemke, I., Tarka, M. (2013). Detection of Anomalies in a SOA System by Learning Algorithms. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Complex Systems and Dependability. Advances in Intelligent and Soft Computing, vol 170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30662-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-30662-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30661-7
Online ISBN: 978-3-642-30662-4
eBook Packages: EngineeringEngineering (R0)