Workload-intensity-sensitive timing behavior analysis for distributed multi-user software systems

Röhr, Matthias; Hoorn, André van; Hasselbring, Wilhelm; Lübcke, Marco; Alekseev, Sergej

doi:10.1145/1712605.1712621

Cited by 10 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A complex application may behave more diversely if it is considered as a whole entity, however, considering different legitimate paths can result in more accurate analysis. Although the current profiling literature – which is more concerned with the distribution of task response‐times – looks coarse‐grained for security related attack detection, however, some statistical ideas exist for profiling multi‐modal timing behaviour [65] or workload‐sensitive [66] software can be mapped for modelling complex software with multiple menu options and behaviours. Another difficulty in mapping noted topics is that the source code is not available when working with commodity software.…”

Section: Discussionmentioning

confidence: 99%

HPCgnature: a hardware‐based application‐level intrusion detection system

Musavi

Hashemi

2019

IET Information Security

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

HPCgnature: a hardware‐based application‐level intrusion detection system

Musavi

Hashemi

2019

IET Information Security

View full text Add to dashboard Cite

“…In this paper, we apply the model introduced in [1] to the performance analysis of denial of service attacks in multi-server systems. Security implications of [1] have been briefly pointed out by [35]. In this work, we take a step further, studying how the mean and standard deviation of response times may impact decisions related to the setup of service infrastructures.…”

Section: A Multi-server Queues and Optimal Number Of Serversmentioning

confidence: 97%

Improving Predictability of User-Affecting Metrics to Support Anomaly Detection in Cloud Services

Rufino

Nogueira

Avritzer³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Anomaly detection systems aim to detect and report attacks or unexpected behavior in networked systems. Previous work has shown that anomalies have an impact on system performance, and that performance signatures can be effectively used for implementing an IDS. In this paper, we present an analytical and an experimental study on the trade-off between anomaly detection based on performance signatures and system scalability. The proposed approach combines analytical modeling and load testing to find optimal configurations for the signature-based IDS. We apply a heavy-tail bi-modal modeling approach, where "long" jobs represent large resource consuming transactions, e.g., generated by DDoS attacks; the model was parametrized using results obtained from controlled experiments. For performance purposes, mean response time is the key metric to be minimized, whereas for security purposes, response time variance and classification accuracy must be taken into account. The key insights from our analysis are: (i) there is an optimal number of servers which minimizes the response time variance, (ii) the sweet-spot number of servers that minimizes response time variance and maximizes classification accuracy is typically smaller than or equal to the one that minimizes mean response time. Therefore, for security purposes, it may be worth slightly sacrificing performance to increase classification accuracy. CCS Concepts: • Security and privacy → Intrusion detection systems.

show abstract

“…6. The access pattern of our object system was modeled after a real web application access pattern which is detailed in [11].…”

Section: Workloadmentioning

confidence: 99%

Elastic Application-Level Monitoring for Large Software Landscapes in the Cloud

Fittkau

Hasselbring

2015

Service Oriented and Cloud Computing

Self Cite

View full text Add to dashboard Cite

Abstract. Application-level monitoring provides valuable, detailed insights into running applications. However, many approaches often only employ a single analysis application. This analysis application may become a performance bottleneck when monitoring several programs resulting in reduced monitoring quality or violated service level agreements of the monitored applications. We present an approach for elastic, distributed application-level monitoring for large software landscapes consisting of several hundreds of applications by utilizing cloud computing. Our approach dynamically inserts and removes worker levels to circumvent overloading the analysis master application without interrupting or pausing the actual live analysis of the monitored data. To evaluate our approach, we conduct an experiment in which we generate load -following a real workload pattern -on web applications in a 24 hour experiment. In our experiment, 160 monitored JPetStore instances generate roughly 20 million analyzed method calls per second in the peak. Furthermore, two worker levels are dynamically started and removed in line with the imposed workload on the monitored applications. The experiment shows that our monitoring approach is capable of live analyzing several millions of monitored method calls per second without overloading the analysis master application.

show abstract

Workload-intensity-sensitive timing behavior analysis for distributed multi-user software systems

Cited by 10 publications

References 7 publications

HPCgnature: a hardware‐based application‐level intrusion detection system

HPCgnature: a hardware‐based application‐level intrusion detection system

Improving Predictability of User-Affecting Metrics to Support Anomaly Detection in Cloud Services

Elastic Application-Level Monitoring for Large Software Landscapes in the Cloud

Contact Info

Product

Resources

About