Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management servicebased system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.

A Multi-layer Anomaly Detector for Dynamic Service-Based Systems / Tommaso Zoppi; Andrea Bondavalli; Andrea Ceccarelli; Massimiliano Itria. - STAMPA. - 9337:(2015), pp. 166-180. (Intervento presentato al convegno INTERNATIONAL CONFERENCE ON COMPUTER SAFETY, RELIABILITY AND SECURITY tenutosi a Delft nel 22-09-2015) [10.1007/978-3-319-24255-2_13].

A Multi-layer Anomaly Detector for Dynamic Service-Based Systems

ZOPPI, TOMMASO;BONDAVALLI, ANDREA;CECCARELLI, ANDREA;
2015

Abstract

Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management servicebased system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.
2015
Computer Safety, Reliability, and Security: 34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015, Proceedings
INTERNATIONAL CONFERENCE ON COMPUTER SAFETY, RELIABILITY AND SECURITY
Delft
22-09-2015
Tommaso Zoppi; Andrea Bondavalli; Andrea Ceccarelli; Massimiliano Itria
4a - Articolo in atti di congresso
File in questo prodotto:
File Dimensione Formato  
SAFECOMP_CameraReady_V3_Fixed.pdf

Accesso chiuso

Descrizione: PDF dell'articolo
Tipologia: Pdf editoriale (Version of record)
Licenza: Open Access
Dimensione 512.71 kB
Formato Adobe PDF
  Richiedi una copia
512.71 kB Adobe PDF   Richiedi una copia

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1006756
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 4
social impact