TIMING BEHAVIOR ANOMALY DETECTION IN ENTERPRISE INFORMATION SYSTEMS

Matthias Rohr, Simon Giesecke, Wilhelm Hasselbring

2007

Abstract

Business-critical enterprise information systems (EIS) have to satisfy high availability requirements. In order to achieve the required availability, automatic failure detection and diagnosis techniques must be used. A major cause of failures in EIS are software faults in the application layer. In this paper, we propose to use anomaly detection to diagnose failures in the application layer of EIS. Anomaly detection aims to identify unusual system behavior in monitoring data. These anomalies can be valuable indicators for availability or security problems, and support failure diagnosis. In this paper we outline the basic principles of anomaly detection, present the state of the art, and typical application challenges. We outline a new approach for anomaly detection in Enterprise Information Systems that addresses some of these challenges.

References

  1. Agarwal, M. K., Appleby, K., Gupta, M., Kar, G., Neogi, A., and Sailer, A. (2004). Problem determination using dependency graphs and run-time behavior models. In 15th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM'04), volume 3278 of Lecture Notes in Computer Science, pages 171-182. Springer.
  2. Aviz?ienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11-33.
  3. Bocaniala, C. D. and Palade, V. (2006). Computational intelligence methodologies in fault diagnosis: Review and state of the art. In Computational Intelligence in Fault Diagnosis, Advanced Information and Knowledge Processing, chapter 1, pages 1-36. Springer.
  4. Denning, D. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2):222- 232.
  5. Focke, T., Hasselbring, W., Rohr, M., and Schute, J.-G. (2007). Instrumentierung zum Monitoring mittels Aspekt-orientierter Programmierung. In Proceedings Software Engineering 2007, Hamburg, GI-Edition - Lecture Notes in Informatics. Bonner Köllen Verlag.
  6. Hoke, E., Sun, J., Strunk, J. D., Ganger, G. R., and Faloutsos, C. (2006). Intemon: continuous mining of sensor data in large-scale self-infrastructures. SIGOPS Oper. Syst. Rev., 40(3):38-44.
  7. Kiciman, E. (2005). Using Statistical Monitoring to Detect Failures in Internet Services. PhD thesis, Stanford University.
  8. Maxion, R. A. (1990). Anomaly detection for network diagnosis. In Randell, B., editor, Proceedings of the 20th International Symposium on Fault-Tolerant Computing (FTCS 7890), pages 20-27. IEEE.
  9. Maxion, R. A. and Olszewski, R. T. (1993). Detection and discrimination of injected network faults. In Digest of Papers of the 23rd Internation Symposium on FaultTolerant Computing, pages 198-207. IEEE.
  10. Mielke, A. (2006). Elements for response-time statistics in ERP transaction systems. Performance Evaluation, 63(7):635-653.
  11. Steinder, M. and Sethi, A. S. (2004). A survey of fault localization techniques in computer networks. Science of Computer Programming, 53(2):165-194.
Download


Paper Citation


in Harvard Style

Rohr M., Giesecke S. and Hasselbring W. (2007). TIMING BEHAVIOR ANOMALY DETECTION IN ENTERPRISE INFORMATION SYSTEMS . In Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-972-8865-88-7, pages 494-497. DOI: 10.5220/0002412004940497


in Bibtex Style

@conference{iceis07,
author={Matthias Rohr and Simon Giesecke and Wilhelm Hasselbring},
title={TIMING BEHAVIOR ANOMALY DETECTION IN ENTERPRISE INFORMATION SYSTEMS},
booktitle={Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2007},
pages={494-497},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002412004940497},
isbn={978-972-8865-88-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - TIMING BEHAVIOR ANOMALY DETECTION IN ENTERPRISE INFORMATION SYSTEMS
SN - 978-972-8865-88-7
AU - Rohr M.
AU - Giesecke S.
AU - Hasselbring W.
PY - 2007
SP - 494
EP - 497
DO - 10.5220/0002412004940497