On the effectiveness of isolation-based anomaly detection in cloud data centers

Rodrigo N. Calheiros; Kotagiri Ramamohanarao; Rajkumar Buyya; Christopher Leckie; Steve Versteeg

On the effectiveness of isolation-based anomaly detection in cloud data centers

Rodrigo N. Calheiros
, Kotagiri Ramamohanarao
, Rajkumar Buyya
, Christopher Leckie
, Steve Versteeg

Research output: Contribution to journal › Article › peer-review

37 Citations (Scopus)

Abstract

The high volume of monitoring information generated by large-scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource-intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large-scale environment such as clouds. Isolation-based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation-based anomaly detection method, to detect anomalies in large-scale cloud data centers. We propose a method to code time-series information as extra attributes that enable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time-series and to be applied online and in real-time.

Original language	English
Article number	e4169
Number of pages	12
Journal	Concurrency and Computation: Practice & Experience
Volume	29
Issue number	18
Publication status	Published - 25 Sept 2017

Bibliographical note

Publisher Copyright:
Copyright © 2017 John Wiley & Sons, Ltd.

Keywords

anomaly detection (computer security)
cloud computing
data processing service centers
time-series analysis

Cite this

@article{adb65953b6ca48aa925cecf1c512da8d,

title = "On the effectiveness of isolation-based anomaly detection in cloud data centers",

abstract = "The high volume of monitoring information generated by large-scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource-intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large-scale environment such as clouds. Isolation-based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation-based anomaly detection method, to detect anomalies in large-scale cloud data centers. We propose a method to code time-series information as extra attributes that enable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time-series and to be applied online and in real-time.",

keywords = "anomaly detection (computer security), cloud computing, data processing service centers, time-series analysis",

author = "Calheiros, \{Rodrigo N.\} and Kotagiri Ramamohanarao and Rajkumar Buyya and Christopher Leckie and Steve Versteeg",

note = "Publisher Copyright: Copyright {\textcopyright} 2017 John Wiley \& Sons, Ltd.",

year = "2017",

month = sep,

day = "25",

language = "English",

volume = "29",

journal = "Concurrency and Computation: Practice \& Experience",

issn = "1532-0626",

publisher = "Wiley \& Sons",

number = "18",

}

TY - JOUR

T1 - On the effectiveness of isolation-based anomaly detection in cloud data centers

AU - Calheiros, Rodrigo N.

AU - Ramamohanarao, Kotagiri

AU - Buyya, Rajkumar

AU - Leckie, Christopher

AU - Versteeg, Steve

PY - 2017/9/25

Y1 - 2017/9/25

N2 - The high volume of monitoring information generated by large-scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource-intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large-scale environment such as clouds. Isolation-based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation-based anomaly detection method, to detect anomalies in large-scale cloud data centers. We propose a method to code time-series information as extra attributes that enable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time-series and to be applied online and in real-time.

AB - The high volume of monitoring information generated by large-scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource-intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large-scale environment such as clouds. Isolation-based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation-based anomaly detection method, to detect anomalies in large-scale cloud data centers. We propose a method to code time-series information as extra attributes that enable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time-series and to be applied online and in real-time.

KW - anomaly detection (computer security)

KW - cloud computing

KW - data processing service centers

KW - time-series analysis

UR - http://handle.westernsydney.edu.au:8081/1959.7/uws:40620

M3 - Article

SN - 1532-0626

VL - 29

JO - Concurrency and Computation: Practice & Experience

JF - Concurrency and Computation: Practice & Experience

IS - 18

M1 - e4169

ER -

On the effectiveness of isolation-based anomaly detection in cloud data centers

Abstract

Bibliographical note

Keywords

Other files and links

Fingerprint

Cite this