D2: Anomaly Detection and Diagnosis in Networked Embedded Systems by Program Profiling and Symptom Mining
2013 IEEE 34th Real-Time Systems Symposium (2013)
Vancouver, BC, Canada Canada
Dec. 3, 2013 to Dec. 6, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/RTSS.2013.28
Detecting and diagnosing anomalies in networked embedded systems like sensor networks is a very difficult task, due to the variable workloads and severe resource constraints. We notice that most node-level debugging tools can provide detailed program information inside the node but fail to detect when and where a problem occurs in the network. On the other hand, most network-level diagnosis tools can effectively detect a problem from the network but fail to narrow down the problem within the node because they lack detailed program information. To close the gap, we propose D2, a new anomaly detection and diagnosis method by combining program profiling and symptom mining. D2 employs binary instrumentation to perform lightweight function count profiling. Based on the statistics, D2 uses PCA (Principal Component Analysis) based approach for automatically detecting network anomalies. Compared to previous methods, D2 is able to point programmers closer to the most likely causes by a novel approach combining statistical tests and program call graph analysis. We implement our method based on TinyOS 2.1.1 and evaluate its effectiveness by case studies in the development of a working sensor network. Results show that our method is effective for detecting and diagnosing problems in real-world sensor network systems, and at the same time, incurs an acceptable overhead.
symptom mining, networked embedded systems, sensor networks, diagnosis, program profiling
W. Dong, C. Chen, J. Bu, X. Liu and Y. Liu, "D2: Anomaly Detection and Diagnosis in Networked Embedded Systems by Program Profiling and Symptom Mining," 2013 IEEE 34th Real-Time Systems Symposium(RTSS), Vancouver, BC, Canada Canada, 2014, pp. 202-211.