Anomaly detection in the case of message oriented middleware

Message Oriented Middleware (MOM), provides a reliable messaging service and transparent interoperation mechanism for different kinds of distributed web based applications. Different MOMs have also been providing basic security services such as authentication, access control, and communication encryption. These basic security services do not necessarily prevent compromised or malicious clients from delivering attack across MOM platforms. This paper presents our preliminary research on an anomaly detection system to detect attacks that leverage on the messaging service provided by MOM, and other kinds of fault in a domain within MOM. This system detects anomalies in messages to a client's message queue using a number of different anomaly detection techniques. Through anomalies the system can detect potential attacks or other faults passing through a MOM domain. The system analyzes messages passing to each message queue and derives a client specific profile of normal messages with a range of different features. Utilizing client specific characteristics, the system efficiently provides protection for each client in a MOM domain. The learning approach anomaly detection techniques employed also ensure that the system can be easily adopted by different implementations of MOM systems.