LS-ADT: lightweight and scalable anomaly detection for cloud datacentres

Sakil Barbhuiya, Zafeirios Papazachos*, Peter Kilpatrick, Dimitrios S. Nikolopoulos

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)

Abstract

Cloud data centres are implemented as large-scale clusters with demanding requirements for service performance, availability and cost of operation. As a result of scale and complexity, data centres typically exhibit large numbers of system anomalies resulting from operator error, resource over/under provisioning, hardware or software failures and security issus anomalies are inherently difficult to identify and resolve promptly via human inspection. Therefore, it is vital in a cloud system to have automatic system monitoring that detects potential anomalies and identifies their source. In this paper we present a lightweight anomaly detection tool for Cloud data centres which combines extended log analysis and rigorous correlation of system metrics, implemented by an efficient correlation algorithm which does not require training or complex infrastructure set up. The LADT algorithm is based on the premise that there is a strong correlation between node level and VM level metrics in a cloud system. This correlation will drop significantly in the event of any performance anomaly at the node-level and a continuous drop in the correlation can indicate the presence of a true anomaly in the node. The log analysis of LADT assists in determining whether the correlation drop could be caused by naturally occurring cloud management activity such as VM migration, creation, suspension, termination or resizing. In this way, any potential anomaly alerts are reasoned about to prevent false positives that could be caused by the cloud operator’s activity. We demonstrate LADT with log analysis in a Cloud environment to show how the log analysis is combined with the correlation of systems metrics to achieve accurate anomaly detection.

Original languageEnglish
Title of host publicationCloud computing and services science: 5th International Conference, CLOSER 2015, Lisbon, Portugal, May 20-22, 2015, revised selected papers
PublisherSpringer Cham
Pages135-152
ISBN (Electronic)9783319295824
ISBN (Print)9783319295817
DOIs
Publication statusPublished - 03 Feb 2016
Event5th International Conference on Cloud Computing and Services Science, CLOSER 2015 - Lisbon, Portugal
Duration: 20 May 201522 May 2015

Publication series

NameCommunications in Computer and Information Science
Volume581
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference5th International Conference on Cloud Computing and Services Science, CLOSER 2015
Country/TerritoryPortugal
CityLisbon
Period20/05/201522/05/2015

Fingerprint

Dive into the research topics of 'LS-ADT: lightweight and scalable anomaly detection for cloud datacentres'. Together they form a unique fingerprint.

Cite this