Anomaly detection in the case of message oriented middleware

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Anomaly detection in the case of message oriented middleware

Full text

Pdf (122 KB)

Source

Middleware Conference archive
Proceedings of the 2008 workshop on Middleware security table of contents

Leuven, Belgium

Pages 40-42

Year of Publication: 2008

ISBN:978-1-60558-363-1

Authors

Jinfu Wang	University of London, Macao SAR, China
John Bigham	University of London, London, UK

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 100, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1463342.1463350 What is a DOI?

ABSTRACT

Message Oriented Middleware (MOM), provides a reliable messaging service and transparent interoperation mechanism for different kinds of distributed web based applications. Different MOMs have also been providing basic security services such as authentication, access control, and communication encryption. These basic security services do not necessarily prevent compromised or malicious clients from delivering attack across MOM platforms. This paper presents our preliminary research on an anomaly detection system to detect attacks that leverage on the messaging service provided by MOM, and other kinds of fault in a domain within MOM.

This system detects anomalies in messages to a client's message queue using a number of different anomaly detection techniques. Through anomalies the system can detect potential attacks or other faults passing through a MOM domain. The system analyzes messages passing to each message queue and derives a client specific profile of normal messages with a range of different features. Utilizing client specific characteristics, the system efficiently provides protection for each client in a MOM domain. The learning approach anomaly detection techniques employed also ensure that the system can be easily adopted by different implementations of MOM systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji, Computer immunology, Communications of the ACM, v.40 n.10, p.88-96, Oct. 1997 [doi>10.1145/262793.262811]
	2	Christopher Kruegel , Giovanni Vigna , William Robertson, A multi-model approach to the detection of web-based attacks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.48 n.5, p.717-738, 5 August 2005 [doi>10.1016/j.comnet.2005.01.009]
	3	Ludovic Denoyer , Patrick Gallinari, Bayesian network model for semi-structured document classification, Information Processing and Management: an International Journal, v.40 n.5, p.807-827, September 2004 [doi>10.1016/j.ipm.2004.04.009]
	4	Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu, SigFree: a signature-free buffer overflow attack blocker, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	5	Michael D. Ernst , Jeff H. Perkins , Philip J. Guo , Stephen McCamant , Carlos Pacheco , Matthew S. Tschantz , Chen Xiao, The Daikon system for dynamic detection of likely invariants, Science of Computer Programming, v.69 n.1-3, p.35-45, December, 2007 [doi>10.1016/j.scico.2007.01.015]
	6	D. M. Chess , C. Palmer , S. R. White, Security in an autonomic computing environment, IBM Systems Journal, v.42 n.1, p.107-118, January 2003
	7	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji , Thomas A. Longstaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.120, May 06-08, 1996