Information and Communication technology (ICT) pervades every aspect of our daily lives to support us solving tasks and providing information. However, we are facing an increasing complexity in ICT due to interconnectedness and coupling of large-scale distributed systems. One particular challenge in this context is openness, i.e. systems and components are free to join and leave at any time, including those that are faulty or even malicious. In this article, we present a novel concept to master openness by detecting groups of similarly behaving systems in order to identify and finally isolate malicious elements. More precisely, we present a mechanism to cluster groups of systems at runtime and to estimate their contribution to the overall system utility. For evaluation and demonstration purposes, we use the Trusted Desktop Grid (TDG), where the system utility is an averaged speedup in job calculation for all benevolent participants. This TDG resembles typical Organic Computing characteristics such as self-organisation, adaptive behaviour of heterogeneous entities, and openness. We show that our concept is able to successfully identify groups of systems with undesired behaviour, ranging from freeriding to colluding attacks.