MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems

Anomaly detection can infer the presence of errors without observing the target services, but detecting variations in the observable parts of the system on which the services reside. This is a promising technique in complex software-intensive systems, because either instrumenting the services'...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2021-03, Vol.18 (2), p.796-809
Main Authors: Zoppi, Tommaso, Ceccarelli, Andrea, Bondavalli, Andrea
Format: Article
Language:English
Subjects:
Adaptive systems
Anomalies
Anomaly detection
Complex systems
context-awareness
Detectors
dynamicity
Fault detection
Heuristic algorithms
MADneSs
Monitoring
multi-layer
Multilayers
Service oriented architecture
SOA
Software
software-intensive system
Target detection
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3
cites cdi_FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3
container_end_page 809
container_issue 2
container_start_page 796
container_title IEEE transactions on dependable and secure computing
container_volume 18
creator Zoppi, Tommaso
Ceccarelli, Andrea
Bondavalli, Andrea
description Anomaly detection can infer the presence of errors without observing the target services, but detecting variations in the observable parts of the system on which the services reside. This is a promising technique in complex software-intensive systems, because either instrumenting the services' internals is exceedingly time-consuming, or encapsulation makes them not accessible. Unfortunately, in such systems anomaly detection is often ineffective due to their dynamicity, which implies changes in the services or their expected workload. Here we present our approach to enhance the efficacy of anomaly detection in complex, dynamic software-intensive systems. After discussing the related challenges, we present MADneSs, an anomaly detection framework tailored for the above systems that includes an adaptive multi-layer monitoring module. Monitored data are then processed by the anomaly detector, which adapts its parameters depending on the current system behavior. An anomaly alert is provided if the analysis conducted by the anomaly detector identify unexpected trends in the data. MADneSs is evaluated through an experimental campaign on two service-oriented architectures; software faults are injected in the application layer, and detected through monitoring of underlying system layers. Lastly, we quantitatively and qualitatively discuss our results with respect to state-of-the-art solutions, highlighting the key contributions of MADneSs.
doi_str_mv 10.1109/TDSC.2019.2908366
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2501327638</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8726140</ieee_id><sourcerecordid>2501327638</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3</originalsourceid><addsrcrecordid>eNo9kD1PwzAURS0EEqXwAxCLJeYUf8Wx2aKEAlILQ8tsOcmLlJLExU4F-fekKmJ6dzj3PukgdEvJglKiH7b5JlswQvWCaaK4lGdoRrWgESFUnU85FnEU64ReoqsQdoQwobSYobd1mvewCY84xetDOzTRyo7gcdq7zrYjzmGAcmhcj5fedvDt_CeunceZ6_Yt_OB87G3XlHgzhgG6cI0uatsGuPm7c_SxfNpmL9Hq_fk1S1dRybkcImCCJTEwW1dFIepYC0ZBJTERgnGpdFzURIGwipYSqpqUUFQFKZgVVCrKKj5H96fdvXdfBwiD2bmD76eXhsWEcpZIriaKnqjSuxA81Gbvm8760VBijtrMUZs5ajN_2qbO3anTAMA_rxImqSD8FyqWZ-0</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2501327638</pqid></control><display><type>article</type><title>MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems</title><source>IEEE Xplore (Online service)</source><creator>Zoppi, Tommaso ; Ceccarelli, Andrea ; Bondavalli, Andrea</creator><creatorcontrib>Zoppi, Tommaso ; Ceccarelli, Andrea ; Bondavalli, Andrea</creatorcontrib><description>Anomaly detection can infer the presence of errors without observing the target services, but detecting variations in the observable parts of the system on which the services reside. This is a promising technique in complex software-intensive systems, because either instrumenting the services' internals is exceedingly time-consuming, or encapsulation makes them not accessible. Unfortunately, in such systems anomaly detection is often ineffective due to their dynamicity, which implies changes in the services or their expected workload. Here we present our approach to enhance the efficacy of anomaly detection in complex, dynamic software-intensive systems. After discussing the related challenges, we present MADneSs, an anomaly detection framework tailored for the above systems that includes an adaptive multi-layer monitoring module. Monitored data are then processed by the anomaly detector, which adapts its parameters depending on the current system behavior. An anomaly alert is provided if the analysis conducted by the anomaly detector identify unexpected trends in the data. MADneSs is evaluated through an experimental campaign on two service-oriented architectures; software faults are injected in the application layer, and detected through monitoring of underlying system layers. Lastly, we quantitatively and qualitatively discuss our results with respect to state-of-the-art solutions, highlighting the key contributions of MADneSs.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2019.2908366</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Adaptive systems ; Anomalies ; Anomaly detection ; Complex systems ; context-awareness ; Detectors ; dynamicity ; Fault detection ; Heuristic algorithms ; MADneSs ; Monitoring ; multi-layer ; Multilayers ; Service oriented architecture ; SOA ; Software ; software-intensive system ; Target detection</subject><ispartof>IEEE transactions on dependable and secure computing, 2021-03, Vol.18 (2), p.796-809</ispartof><rights>Copyright IEEE Computer Society 2021</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3</citedby><cites>FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3</cites><orcidid>0000-0001-9820-6047 ; 0000-0002-2291-2428 ; 0000-0001-7366-6530</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8726140$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,777,781,27905,27906,54777</link.rule.ids></links><search><creatorcontrib>Zoppi, Tommaso</creatorcontrib><creatorcontrib>Ceccarelli, Andrea</creatorcontrib><creatorcontrib>Bondavalli, Andrea</creatorcontrib><title>MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Anomaly detection can infer the presence of errors without observing the target services, but detecting variations in the observable parts of the system on which the services reside. This is a promising technique in complex software-intensive systems, because either instrumenting the services' internals is exceedingly time-consuming, or encapsulation makes them not accessible. Unfortunately, in such systems anomaly detection is often ineffective due to their dynamicity, which implies changes in the services or their expected workload. Here we present our approach to enhance the efficacy of anomaly detection in complex, dynamic software-intensive systems. After discussing the related challenges, we present MADneSs, an anomaly detection framework tailored for the above systems that includes an adaptive multi-layer monitoring module. Monitored data are then processed by the anomaly detector, which adapts its parameters depending on the current system behavior. An anomaly alert is provided if the analysis conducted by the anomaly detector identify unexpected trends in the data. MADneSs is evaluated through an experimental campaign on two service-oriented architectures; software faults are injected in the application layer, and detected through monitoring of underlying system layers. Lastly, we quantitatively and qualitatively discuss our results with respect to state-of-the-art solutions, highlighting the key contributions of MADneSs.</description><subject>Adaptive systems</subject><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>Complex systems</subject><subject>context-awareness</subject><subject>Detectors</subject><subject>dynamicity</subject><subject>Fault detection</subject><subject>Heuristic algorithms</subject><subject>MADneSs</subject><subject>Monitoring</subject><subject>multi-layer</subject><subject>Multilayers</subject><subject>Service oriented architecture</subject><subject>SOA</subject><subject>Software</subject><subject>software-intensive system</subject><subject>Target detection</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><recordid>eNo9kD1PwzAURS0EEqXwAxCLJeYUf8Wx2aKEAlILQ8tsOcmLlJLExU4F-fekKmJ6dzj3PukgdEvJglKiH7b5JlswQvWCaaK4lGdoRrWgESFUnU85FnEU64ReoqsQdoQwobSYobd1mvewCY84xetDOzTRyo7gcdq7zrYjzmGAcmhcj5fedvDt_CeunceZ6_Yt_OB87G3XlHgzhgG6cI0uatsGuPm7c_SxfNpmL9Hq_fk1S1dRybkcImCCJTEwW1dFIepYC0ZBJTERgnGpdFzURIGwipYSqpqUUFQFKZgVVCrKKj5H96fdvXdfBwiD2bmD76eXhsWEcpZIriaKnqjSuxA81Gbvm8760VBijtrMUZs5ajN_2qbO3anTAMA_rxImqSD8FyqWZ-0</recordid><startdate>20210301</startdate><enddate>20210301</enddate><creator>Zoppi, Tommaso</creator><creator>Ceccarelli, Andrea</creator><creator>Bondavalli, Andrea</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><orcidid>https://orcid.org/0000-0001-9820-6047</orcidid><orcidid>https://orcid.org/0000-0002-2291-2428</orcidid><orcidid>https://orcid.org/0000-0001-7366-6530</orcidid></search><sort><creationdate>20210301</creationdate><title>MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems</title><author>Zoppi, Tommaso ; Ceccarelli, Andrea ; Bondavalli, Andrea</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Adaptive systems</topic><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>Complex systems</topic><topic>context-awareness</topic><topic>Detectors</topic><topic>dynamicity</topic><topic>Fault detection</topic><topic>Heuristic algorithms</topic><topic>MADneSs</topic><topic>Monitoring</topic><topic>multi-layer</topic><topic>Multilayers</topic><topic>Service oriented architecture</topic><topic>SOA</topic><topic>Software</topic><topic>software-intensive system</topic><topic>Target detection</topic><toplevel>online_resources</toplevel><creatorcontrib>Zoppi, Tommaso</creatorcontrib><creatorcontrib>Ceccarelli, Andrea</creatorcontrib><creatorcontrib>Bondavalli, Andrea</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998–Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zoppi, Tommaso</au><au>Ceccarelli, Andrea</au><au>Bondavalli, Andrea</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2021-03-01</date><risdate>2021</risdate><volume>18</volume><issue>2</issue><spage>796</spage><epage>809</epage><pages>796-809</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Anomaly detection can infer the presence of errors without observing the target services, but detecting variations in the observable parts of the system on which the services reside. This is a promising technique in complex software-intensive systems, because either instrumenting the services' internals is exceedingly time-consuming, or encapsulation makes them not accessible. Unfortunately, in such systems anomaly detection is often ineffective due to their dynamicity, which implies changes in the services or their expected workload. Here we present our approach to enhance the efficacy of anomaly detection in complex, dynamic software-intensive systems. After discussing the related challenges, we present MADneSs, an anomaly detection framework tailored for the above systems that includes an adaptive multi-layer monitoring module. Monitored data are then processed by the anomaly detector, which adapts its parameters depending on the current system behavior. An anomaly alert is provided if the analysis conducted by the anomaly detector identify unexpected trends in the data. MADneSs is evaluated through an experimental campaign on two service-oriented architectures; software faults are injected in the application layer, and detected through monitoring of underlying system layers. Lastly, we quantitatively and qualitatively discuss our results with respect to state-of-the-art solutions, highlighting the key contributions of MADneSs.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2019.2908366</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0001-9820-6047</orcidid><orcidid>https://orcid.org/0000-0002-2291-2428</orcidid><orcidid>https://orcid.org/0000-0001-7366-6530</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2021-03, Vol.18 (2), p.796-809
issn 1545-5971
1941-0018
language eng
recordid cdi_proquest_journals_2501327638
source IEEE Xplore (Online service)
subjects Adaptive systems
Anomalies
Anomaly detection
Complex systems
context-awareness
Detectors
dynamicity
Fault detection
Heuristic algorithms
MADneSs
Monitoring
multi-layer
Multilayers
Service oriented architecture
SOA
Software
software-intensive system
Target detection
title MADneSs: A Multi-Layer Anomaly Detection Framework for Complex Dynamic Systems
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T21%3A54%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=MADneSs:%20A%20Multi-Layer%20Anomaly%20Detection%20Framework%20for%20Complex%20Dynamic%20Systems&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Zoppi,%20Tommaso&rft.date=2021-03-01&rft.volume=18&rft.issue=2&rft.spage=796&rft.epage=809&rft.pages=796-809&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2019.2908366&rft_dat=%3Cproquest_cross%3E2501327638%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c336t-e24275e2afdbb4f59421e875044236895bf08e4a81c6edf0cebdb0b2a416812d3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2501327638&rft_id=info:pmid/&rft_ieee_id=8726140&rfr_iscdi=true