Midiag: A Sequential Trace-Based Fault Diagnosis Framework for Microservices

Cloud applications are often deployed in shared data centers to optimize resource allocation and improve management efficiency. However, since a cloud application often has a large amount of different microservices, it is difficult for operators to analyze these microservices with a unified model. To deal with the above problem, this paper proposes a sequential trace-based fault diagnosis framework called as Midiag by mining the patterns of microservices’ system call sequences. Midiag collects system calls with a non-invasive lightweight tool, and then uses k-means to cluster system call sequences as patterns with the longest common subsequence. The GRU-based neural network is employed to model the patterns of system call sequences to predict the next system call, and thus we can diagnose faults by comparing the predicted next system call and the actual next one in the specific pattern. We have validated Midiag with many different types of applications deployed in containers. The results demonstrate that Midiag can well classify these applications as different types and accurately diagnose the injected faults.

[1]  Stephanie Forrest,et al.  The Evolution of System-Call Monitoring , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[2]  Franco Zambonelli,et al.  Engineering Pervasive Service Ecosystems: The SAPERE Approach , 2015, TAAS.

[3]  João Paulo Magalhães,et al.  SHõWA: A Self-Healing Framework for Web-Based Applications , 2015, TAAS.

[4]  Carey L. Williamson,et al.  Offline/realtime traffic classification using semi-supervised learning , 2007, Perform. Evaluation.

[5]  Yan Gao,et al.  Predicting the intrusion intentions by observing system call sequences , 2004, Comput. Secur..

[6]  Jie Wu,et al.  Robust Network Traffic Classification , 2015, IEEE/ACM Transactions on Networking.

[7]  Stefano Zanero,et al.  Detecting Intrusions through System Call Sequence and Argument Analysis , 2010, IEEE Transactions on Dependable and Secure Computing.

[8]  Claus Pahl,et al.  Microservices: The Journey So Far and Challenges Ahead , 2018, IEEE Softw..

[9]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[10]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[11]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[12]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.