Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems

A two dimensional time approach is introduced in order to classify a periodic, adaptive threshold for service level anomaly detection. An iterative algorithm is applied to history analysis on this periodic time to provide a the smooth roll-off in the significance of the data with time. The algorithm described leads to an approximately ten-fold compression in data storage, and thousand fold improvement in computation cycles, compared to a naive time-series approach. The behaviour of this anomaly detector is discussed, and the result is implemented in cfengine for direct use in system management.

[1]  Mark Burgess,et al.  Adaptive Locks For Frequently Scheduled Tasks With Unpredictable Runtimes , 1997, LISA.

[2]  Joseph L. Hellerstein,et al.  An approach to predictive detection for service management , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[3]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[4]  Mark Burgess,et al.  Measuring system normality , 2002, TOCS.

[5]  Marcus J. Ranum,et al.  Implementing a generalized tool for network monitoring , 1997, Inf. Secur. Tech. Rep..

[6]  Mark Burgess,et al.  A Site Configuration Engine , 1995, Comput. Syst..

[7]  Michael D. Smith,et al.  The measured performance of personal computer operating systems , 1995, SOSP.

[8]  Mark Burgess The Kinematics Of Distributed Computer Transactions , 2001 .

[9]  Mark Burgess Automated system administration with feedback regulation , 1998 .

[10]  Margo I. Seltzer,et al.  Self-monitoring and self-adapting operating systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[11]  Jay Lepreau,et al.  Computer System Performance Problem Detection Using Time Series Model , 1993, USENIX Summer.

[12]  Michael Carney,et al.  A Comparison of Methods for Implementing Adaptive Security Policies , 1998, USENIX Security Symposium.

[13]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[14]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[15]  Mark Burgess,et al.  Theoretical System Administration , 2000, LISA.

[16]  Fan Zhang,et al.  A statistical approach to predictive detection , 2001, Comput. Networks.