A Statistical Anomaly-Based Algorithm for On-line Fault Detection in Complex Software Critical Systems

Bovenzi, Antonio; Brancati, Francesco; Russo, Stefano; Bondavalli, Andrea

doi:10.1007/978-3-642-24270-0_10

Cited by 10 publications

(17 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bovenzi et al [19] proposes an anomaly-based approach for the online detection of faults based on Statistical Predictor and Safety Margin (SPS). The proposed SPS anomaly detection algorithm has been applied on the Air Traffic Management domain.…”

Section: The Case Of Critical Infrastructuresmentioning

confidence: 99%

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Ntalampiras¹,

Soupionis²,

Giannopoulos³

2015

Reliability Engineering & System Safety

View full text Add to dashboard Cite

Modern society depends on the smooth functioning of critical infrastructures which provide services of fundamental importance, e.g. telecommunications and water supply. These infrastructures may suffer from faults/malfunctions coming e.g. from aging effects or they may even comprise targets of terrorist attacks. Prompt detection and accommodation of these situations is of paramount significance. This paper proposes a probabilistic modeling scheme for analyzing malicious events appearing in interdependent critical infrastructures. The proposed scheme is based on modeling the relationship between datastreams coming from two network nodes by means of a hidden Markov model (HMM) trained on the parameters of linear time-invariant dynamic systems which estimate the relationships existing among the specific nodes over consecutive time windows. Our study includes an energy network (IEEE 30 model bus) operated via a telecommunications infrastructure. The relationships among the elements of the network of infrastructures are represented by an HMM and the novel data is categorized according to its distance (computed in the probabilistic space) from the training ones. We considered two types of cyber-attacks (denial of service and integrity/replay) and report encouraging results in terms of false positive rate, false negative rate and detection delay

show abstract

Section: The Case Of Critical Infrastructuresmentioning

confidence: 99%

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Ntalampiras¹,

Soupionis²,

Giannopoulos³

2015

Reliability Engineering & System Safety

View full text Add to dashboard Cite

show abstract

“…The detection approach was originally proposed in [5] and further improved in [6]. In [5], Authors proposed a detection framework based on indirectly (and locally) inferring the health of the monitored application by observing its behavior and interactions with the external environment.…”

Section: The Detection Approachmentioning

confidence: 99%

“…The former are computed after a preliminary training phase, while the latter are computed online by the SPS algorithm [6][7] to avoid the training phase. However experimental results, reported in [6], showed limitations of static thresholds algorithms in highly variable scenarios, where the operational conditions of system differ from those of the training phase. In such environment adaptive thresholds performs better in terms of coverage and accuracy.…”

Section: The Detection Approachmentioning

confidence: 99%

“…Since in [6] performance of two anomaly-based detection algorithms was compared under the Linux environment, in this work the same set of experiments has been replicated in Windows environment in order to explore the performance of detection algorithms for a different OS.…”

Section: Introductionmentioning

confidence: 99%

“…network interfaces and disks), number of system call errors, number of processes/threads creation and termination and number of signals handled. This detection framework has been further improved to cope with variable and non-stationary behavior and to work without any initial training phase [6]. In particular the original detector has been equipped with a recent algorithm, i.e., Statistical Predictor and Safety margin [7], which continuously processes data received from monitors.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards identifying OS-level anomalies to detect application software failures

Bovenzi

Russo

Brancati

et al. 2011

2011 IEEE International Workshop on Measurements and Networking Proceedings (M&N)

Self Cite

View full text Add to dashboard Cite

The next generation of critical systems, namely complex Critical Infrastructures (LCCIs), require efficient runtime management, reconfiguration strategies, and the ability to take decisions on the basis of current and past behavior of the system. Anomaly-based detection, leveraging information gathered at Operating System (OS) level (e.g., number of system call errors, signals, and holding semaphores in the time unit), seems to be a promising approach to reveal online application faults. Recently an experimental campaign to evaluate the performance of two anomaly detection algorithms was performed on a case study from the Air Traffic Management (ATM) domain, deployed under the popular OS used in the production environment, i.e., Red Hat 5 EL. In this paper we investigate the impact of the OS and the monitored resources on the quality of the detection, by executing experiments on Windows Server 2008. Experimental results allow identifying which of the two operating systems provides monitoring facilities best suited to implement the anomaly detection algorithms that we have considered. Moreover numerical sensitivity analysis of the detector parameters is carried out to understand the impact of their setting on the performance.

show abstract

Monitoring Infrastructure for Diagnosing Complex Software

Bovenzi

Carrozza²

2013

Innovative Technologies for Dependable OTS-Based Critical Systems

View full text Add to dashboard Cite

A Statistical Anomaly-Based Algorithm for On-line Fault Detection in Complex Software Critical Systems

Cited by 10 publications

References 7 publications

A fault diagnosis system for interdependent critical infrastructures based on HMMs

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Towards identifying OS-level anomalies to detect application software failures

Monitoring Infrastructure for Diagnosing Complex Software

Contact Info

Product

Resources

About