Abstract
In this paper, we present a research work on a novel methodology of identifying abnormal behaviors at the underlying network monitor layer during runtime based on the execution patterns of Web of Things (WoT) applications. An execution pattern of a WoT application is a sequence of profiled time delays between the invocations of involved Web services, and it can be obtained from WoT platforms. We convert the execution pattern to a time sequence of network flows that are generated when the WoT applications are executed. We consider such time sequences as a whitelist. This whitelist reflects the valid application execution patterns. At the network monitor layer, our applied RETE algorithm examines whether any given runtime sequence of network flow instances does not conform to the whitelist. Through this approach, it is possible to interpret a sequence of network flows with regard to application logic. Given such contextual information, we believe that the administrators can detect and reason about any abnormal behaviors more effectively. Our empirical evaluation shows that our RETE-based algorithm outperforms the baseline algorithm in terms of memory usage.
Highlights
In this paper, we aim to develop a novel technique for detecting abnormal situations proactively at the network monitor layer during runtime, based on the execution patterns of Webbased applications
We present a novel research work that suggests to distinguish between normal and abnormal behaviors at the network layer based on a whitelist compiled out of the application execution patterns from Web of Things (WoT) platforms
WoT Application Simulator (WAS) can confirm the validity of a time sequence of flow instances that are identified by the Matching Engine
Summary
We aim to develop a novel technique for detecting abnormal situations proactively at the network monitor layer during runtime, based on the execution patterns of Webbased applications. Gaining the awareness of the Web-based application behaviors at the network layer has been a non-trivial task. Asking every single independent server for their application execution patterns is not feasible. New opportunities for gaining application awareness are arising, as Web of Things (WoT) platforms such as IFTTT [1] and Zapier [2] are emerging. These platforms came into service to support flexible composition of applications with various things connected to the Web. A user can select an application component from a pool of building blocks such as sensor information, actuation functions and data services to create and deploy personalized applications. We think inquiring WoT platforms for the application behaviors is a more feasible approach compared to the method of inquiring every individual Web server
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
