Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework

Tsigkritis, Theocharis; Spanoudakis, George; Kloukinas, Christos; Lorenzoli, Davide

doi:10.1007/978-0-387-88775-3_14

Cited by 5 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Early versions of our event assessment approach have been presented in [39][40] [41]. The main contributions of this paper with respect to our earlier work are related to:…”

Section: Figure 1 Location Based Access Control System (Lbacs)mentioning

confidence: 99%

Assessing the genuineness of events in runtime monitoring of cyber systems

Tsigkritis¹,

Spanoudakis

2013

Computers & Security

Self Cite

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract -Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper. Permanent repository link

show abstract

“…Early versions of our event assessment approach have been presented in [39][40] [41]. The main contributions of this paper with respect to our earlier work are related to:…”

Section: Figure 1 Location Based Access Control System (Lbacs)mentioning

confidence: 99%

Assessing the genuineness of events in runtime monitoring of cyber systems

Tsigkritis¹,

Spanoudakis

2013

Computers & Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…EVEREST has been used for monitoring different types of properties of software systems including functional security and dependability properties [15]. It has also been applied for monitoring SLA guarantee terms for service-based systems [9].…”

Section: Background: the Everest Monitoring Frameworkmentioning

confidence: 99%

“…This work has focused on prediction related to different types of properties including, for example, software systems failures [13], system dependability [4], security [15], and parameters of system infrastructures such as server workloads, CPU loads, and network throughput [3] [6]. Related techniques have been based on wide spectrum of prediction algorithms ranging from time series analysis [2] to mean-value prediction techniques [3] or belief-based reasoning [8].…”

Section: Introductionmentioning

confidence: 99%

“…This framework has been developed as part of a generic monitoring framework for checking SLAs at run-time, called EVEREST [15]. Our prediction framework provides an integrated architecture for SLA monitoring and prediction that supports the latter activity through the deployment of a built-in set of model-based predictors (including for example a generic predictor for constraints regarding mean values of QoS properties).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Everest+

Lorenzoli¹,

Spanoudakis²

2010

Proceedings of the 5th International Workshop on Middleware for Service Oriented Computing

Self Cite

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Permanent repository link uk ABSTRACTMonitoring the preservation of QoS properties during the operation of service-based systems at run-time is an important verification measure for checking if the current service usage is compliant with agreed SLAs. Monitoring, however, does not always provide sufficient scope for taking control actions against violations as it only detects violations after they occur.In this paper we describe a model-based prediction framework, EVEREST+, for both QoS predictors development and execution. EVEREST+ was designed to provide a framework for developing in an easy and fast way QoS predictors only focusing on their prediction algorithms implementation without the need for caring about how to collect or retrieve historical data or how to infer models out of collected data. It also provides a run-time environment for executing QoS predictors and storing their predictions.

show abstract