An event processing approach for threats monitoring of service compositions

The Future Internet will be populated by not just data and devices, but also services. Approaches in Service-Oriented Architectures are allowing new ways for users and developers to manage, control and benefit from the services that are being made available. However, this also introduces new threats for service ecosystems and with wider deployment comes a greater need to identify and tackle threats before they become attacks. In this paper we introduce a new Threat Monitoring approach based on filtering and pattern-detection of a variety of event types. The approach enables threat monitoring across multiple composite services with a capability to integrate dynamic changes from various subsystems and offers high flexibility through the use of CEP (Complex Event Processing). Appropriate events are identified in the context of Service-Oriented Architectures and the Threat Monitoring Module described and implemented as part of the Aniketos platform. This module is able to pull threat descriptions from a repository and apply appropriate detection techniques at run-time in order to identify potential problems. The approach is novel in both its flexibility and applicability. Threats can be chosen by service developers from a community-managed repository and the process extends to both the identification and prediction of threats. The solution is evaluated through a future telecommunication services case study.