PhD4: Anomaly detection in Systems of Systems
Title: Anomaly detection in Systems of Systems
Advisors:
Abstract:
Systems of Systems (SoSs) as Service Oriented Architectures (SOAs), clouds environment, large scale critical infrastructures, consist of many interacting components and layers as operating-systems and network protocols, virtual machines, middleware technologies, off-the-shelf items. Revealing all software faults with pre-operational testing is very difficult and expensive - indeed, exhaustive testing is typically unfeasible. This is due to the evolutionary nature of such systems, their complexity and the dimension of the software. As a result, such systems suffer from residual faults i.e., faults that escape testing and get activated only during operation; additionally, they are often exposed to intentional faults (malicious activities, intrusions and cyber-attacks).
The activation of residual faults, overload conditions and intentional faults can result in failures and system downtime with huge costs. In business and mission-critical infrastructures – e.g., power grids, transportation systems, financial services – this cannot be admitted because of economical losses and consumer dissatisfaction.
Anomaly detection is an emerging technology for the dependability and security monitoring of complex systems, since anomalies may be related to the activation of faults, to performance issues, and to malicious activities that occur in parts of the systems potentially different (and distant) from the observed one. Anomaly detection in Systems of Systems with a strong attitude of complexity, evolution and dynamicity will be investigated. In anomaly detection, components should be monitored, to detect the relevant quantities and consequently detect anomalies. These components usually offer interfaces and libraries/plugins to monitor variables and their execution. It is necessary to understand which are the relevant variables and how they behave when an anomaly occurs. A fundamental step to be performed is to establish profiling approaches for the monitored variables and developing adaptive and self-configuring approaches. Thus a deep focus shall be devoted on the profiling of attributes to be monitored and on determining their evolution through time, due to system dynamicity and emergent properties (System-of-Systems are built to realize novel services that go beyond the services that can be provided by any of the CSs in isolation; we call these novel services emergent services).
Some notes:
- Training and neural networks are difficult to apply, given the complexity and dynamicity of the system.
- Virtualization platforms that are commonly applied may reduce the visibility to the anomaly detectors of the lower system levels.
Bibliography:
- A. Bovenzi, F. Brancati, S. Russo and A. Bondavalli. "A Statistical Anomaly-Based Algorithm for On-line Fault Detection in Complex Software Critical Systems". Computer Safety, Reliability, and Security. Flammini et al eds. 2011. pp. 128-142.
- Carlo Ghezzi and Sam Guinea Run-Time Monitoring in Service-Oriented Architectures, Springer
- Hershey, P., "SOA Monitoring for Enterprise Computing Systems," Enterprise Distributed Object Computing Conference, 2007. EDOC 2007. 11th IEEE International, pp.443, 15-19 Oct. 2007
- H. Kopetz, “Towards an Understanding of Emergence in a System of Systems”.
This page corresponds to a PhD proposal that will be Co-Advised by experienced researchers of at least two of the partners of the project. If you are interested in pursuing this proposal, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.
