Towards identifying OS-level anomalies to detect application software failures

Bovenzi, Antonio; Russo, Stefano; Brancati, Francesco; Bondavalli, Andrea

doi:10.1109/iwmn.2011.6088494

Cited by 5 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent studies [8] and our earlier works [9], [10] show that revealing anomalies at operating system (OS) level is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) have poor performance or have limited applicability. 1 The driving idea is to shift the observation perspective to the OS, monitoring its behavior and interactions with the applications.…”

Section: Introductionmentioning

confidence: 99%

An OS-level Framework for Anomaly Detection in Complex Software Systems

Bovenzi¹,

Brancati

Russo³

et al. 2015

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Revealing anomalies at the operating system (OS) level to support online diagnosis activities of complex software systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are inadequate or cannot be applied. In this paper we propose a configurable detection framework to reveal anomalies in the OS behavior, related to system misbehaviors. The detector is based on online statistical analyses techniques, and it is designed for systems that operate under variable and non-stationary conditions.\ud The framework is evaluated to detect the activation of software faults in a complex distributed system for Air Traffic Management (ATM). Results of experiments with two different OSs, namely Linux Red Hat EL5 and Windows Server 2008, show that the detector is effective for mission-critical systems. The framework can be configured to select the monitored indicators so as to tune the level of intrusivity. A sensitivity analysis of the detector parameters is carried out to show their impact on the performance and to give to practitioners guidelines for its field tuning

show abstract

Section: Introductionmentioning

confidence: 99%

An OS-level Framework for Anomaly Detection in Complex Software Systems

Bovenzi¹,

Brancati

Russo³

et al. 2015

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…This dataset is the result of the experimental campaign performed in [2], where the authors implemented an instrumentation infrastructures able to collect OS-level indicators, both for Linux and Windows environments. The testing activity was performed analyzing a large amount of data monitored in a real and complex case application, namely the SWIM-BOX® [2], a prototype to support global interoperability for the novel Air Traffic Management (ATM) systems. SWIM-BOX is deployed on Windows and Linux platforms.…”

Section: The Experimental Datasetmentioning

confidence: 99%

“…The model is then used to detect performance anomalies, namely those changes in CPU usage not clearly justified by the actual workload. In [2] the authors propose a configurable detection framework to reveal anomalies in the OS behavior, related to system misbehaviors (software faults injected at the application level). For each monitored OS indicator, the framework computes lower and upper adaptive thresholds in order to take into account the dynamic behavior of the system.…”

Section: Introductionmentioning

confidence: 99%

“…All suspicious indicators are combined to reveal an anomaly. The work in [2] models the behavior and dynamics of the OS indicators using the random walk model [10], [11], so that changes in the features of indicators caused by non-random factors are considered suspicious. The random walk model is intuitive and easy-to-model, thus resulting practical in many scenarios e.g., for the modeling of a software clock in [12]- [15].…”

Section: Introductionmentioning

confidence: 99%

“…The random walk model is intuitive and easy-to-model, thus resulting practical in many scenarios e.g., for the modeling of a software clock in [12]- [15]. While the results shown in [2] are encouraging, it has to be noted that the random walk model is empirically used without any assessment of its validity for the indicators taken into consideration.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Experimental analysis of the first order time difference of indicators used in the monitoring of complex systems

Bondavalli

Brancati

Ceccarelli

et al. 2013

2013 IEEE International Workshop on Measurements &Amp; Networking (M&N)

Self Cite

View full text Add to dashboard Cite

Complex and real time systems often operate under variable and non-stationary conditions, thus requiring efficient and extensive monitoring and error detection solutions. Amongst the many, we focus on anomaly detection techniques, which require measuring the evolution of the monitored indicators through time to identify anomalies i.e., deviations from the expected operational behavior. In this paper, we investigate the possibility to model the evolution of indicators through time using the random walk model. In particular, we focus on the detection of system anomalies at the application level (software errors), based on the monitoring of indicators at the Operating System level. The approach is based on the experimental evaluation of a large set of heterogeneous indicators, acquired under different operating conditions, both in terms of workload and faultload, on an air traffic management target system. The results of the analysis show that for a large number of cases, the histogram of the first order time differences well approximates a Gaussian distribution, independently of the nature of the indicator and its statistical distribution. Such outcomes suggest that the idea of adopting a Gaussian random walk model for several monitoring indicators has an experimental support and deserves be further investigated on a wider scale, in order to determine its range of applicability and representativeness.

show abstract

Monitoring Infrastructure for Diagnosing Complex Software

Bovenzi

Carrozza²

2013

Innovative Technologies for Dependable OTS-Based Critical Systems

View full text Add to dashboard Cite

Towards identifying OS-level anomalies to detect application software failures

Cited by 5 publications

References 7 publications

An OS-level Framework for Anomaly Detection in Complex Software Systems

An OS-level Framework for Anomaly Detection in Complex Software Systems

Experimental analysis of the first order time difference of indicators used in the monitoring of complex systems

Monitoring Infrastructure for Diagnosing Complex Software

Contact Info

Product

Resources

About