Communications of the ACM
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Security in an autonomic computing environment
IBM Systems Journal
Bayesian network model for semi-structured document classification
Information Processing and Management: an International Journal - Special issue: Bayesian networks and information retrieval
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
SigFree: a signature-free buffer overflow attack blocker
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
Improving complex distributed software system availability through information hiding
Proceedings of the 2010 ACM Symposium on Applied Computing
Adding resilience to message oriented middleware
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
| Hi-index | 0.00 |
Message Oriented Middleware (MOM), provides a reliable messaging service and transparent interoperation mechanism for different kinds of distributed web based applications. Different MOMs have also been providing basic security services such as authentication, access control, and communication encryption. These basic security services do not necessarily prevent compromised or malicious clients from delivering attack across MOM platforms. This paper presents our preliminary research on an anomaly detection system to detect attacks that leverage on the messaging service provided by MOM, and other kinds of fault in a domain within MOM. This system detects anomalies in messages to a client's message queue using a number of different anomaly detection techniques. Through anomalies the system can detect potential attacks or other faults passing through a MOM domain. The system analyzes messages passing to each message queue and derives a client specific profile of normal messages with a range of different features. Utilizing client specific characteristics, the system efficiently provides protection for each client in a MOM domain. The learning approach anomaly detection techniques employed also ensure that the system can be easily adopted by different implementations of MOM systems.