Automatic Anomaly Detection in the Cloud Via Statistical Learning

Performance and high availability have become increasingly important drivers, amongst other drivers, for user retention in the context of web services such as social networks, and web search. Exogenic and/or endogenic factors often give rise to anomalies, making it very challenging to maintain high availability, while also delivering high performance. Given that service-oriented architectures (SOA) typically have a large number of services, with each service having a large set of metrics, automatic detection of anomalies is non-trivial. Although there exists a large body of prior research in anomaly detection, existing techniques are not applicable in the context of social network data, owing to the inherent seasonal and trend components in the time series data. To this end, we developed two novel statistical techniques for automatically detecting anomalies in cloud infrastructure data. Specifically, the techniques employ statistical learning to detect anomalies in both application, and system metrics. Seasonal decomposition is employed to filter the trend and seasonal components of the time series, followed by the use of robust statistical metrics -- median and median absolute deviation (MAD) -- to accurately detect anomalies, even in the presence of seasonal spikes. We demonstrate the efficacy of the proposed techniques from three different perspectives, viz., capacity planning, user behavior, and supervised learning. In particular, we used production data for evaluation, and we report Precision, Recall, and F-measure in each case.

[1]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[2]  Alexander Ilic,et al.  Privacy and Security Implications of the Internet of Things , 2014 .

[3]  Mona Attariyan,et al.  X-ray: Automating Root-Cause Diagnosis of Performance Anomalies in Production Software , 2012, OSDI.

[4]  Allan Timmermann,et al.  Dangers of data mining: the case of calendar effects in stock returns , 2001 .

[5]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[6]  Peter J. Rousseeuw,et al.  Robust regression and outlier detection , 1987 .

[7]  W. A. Shewhart,et al.  Quality control charts , 1926 .

[8]  Vanish Talwar,et al.  Online detection of utility cloud anomalies using metric distributions , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[10]  M. Kendall,et al.  The advanced theory of statistics , 1945 .

[11]  Guangmin Hu,et al.  Anomaly Detection of Network Traffic Based on Wavelet Packet , 2006, 2006 Asia-Pacific Conference on Communications.

[12]  Martti Juhola,et al.  Informal identification of outliers in medical data , 2000 .

[13]  Lingsong Zhang Signal Processing Methods for Network Anomaly Detection , 2005 .

[14]  J. Manyika Big data: The next frontier for innovation, competition, and productivity , 2011 .

[15]  James M. Lucas,et al.  Exponentially weighted moving average control schemes: Properties and enhancements , 1990 .

[16]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[17]  Douglas C. Montgomery,et al.  A review of multivariate control charts , 1995 .

[18]  Fred C. Kelly Why You Win or Lose: The Psychology of Speculation , 2003 .

[19]  Victoria J. Hodge,et al.  A Survey of Outlier Detection Methodologies , 2004, Artificial Intelligence Review.

[20]  Philippe Jorion,et al.  The January Effect: Still There after All These Years , 1996 .

[21]  M. Kendall Statistical Methods for Research Workers , 1937, Nature.

[22]  Glenn N. Pettengill A Survey of the Monday Effect Literature , 2003 .

[23]  R. Koenker,et al.  Regression Quantiles , 2007 .

[24]  Marina Vannucci,et al.  Detecting Traffic Anomalies through Aggregate Analysis of Packet Header Data , 2004, NETWORKING.

[25]  B. Ripley,et al.  Robust Statistics , 2018, Encyclopedia of Mathematical Geosciences.

[26]  Peter Kulchyski and , 2015 .

[27]  R. H. Moore,et al.  Some Grubbs-Type Statistics for the Detection of Several Outliers , 1972 .

[28]  Christophe Ley,et al.  Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median , 2013 .

[29]  Gyungho Lee,et al.  DDoS Attack Detection and Wavelets , 2003, Proceedings. 12th International Conference on Computer Communications and Networks (IEEE Cat. No.03EX712).

[30]  Anu Ramanathan,et al.  WADeS: a tool for Distributed Denial of Service Attack detection , 2002 .

[31]  F. Garcia Tests to Identify Outliers in Data Series , 2010 .

[32]  Daniel Bernoulli,et al.  The most probable choice between several discrepant observations and the formation therefrom of the most likely induction , 1961 .

[33]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[34]  Fugee Tsung,et al.  Statistical process control for multistage manufacturing and service operations: A review and some extensions , 2008 .

[35]  Michael R. Gibbons,et al.  Day of the Week Effects and Asset Returns , 1981 .

[36]  Vic Barnett,et al.  The Study of Outliers: Purpose and Model , 1978 .

[37]  Vanish Talwar,et al.  Statistical techniques for online anomaly detection in data centers , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[38]  A. R. Crathorne,et al.  Economic Control of Quality of Manufactured Product. , 1933 .

[39]  J. Coutts,et al.  The weekend effect, the Stock Exchange Account and the Financial Times Industrial Ordinary Shares Index: 1987-1994 , 1999 .

[40]  G. Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[41]  R. Fisher The Advanced Theory of Statistics , 1943, Nature.

[42]  B. Rosner Percentage Points for a Generalized ESD Many-Outlier Procedure , 1983 .

[43]  W. Ziemba,et al.  Investment Results from Exploiting Turn-of-the-Month Effects , 1996 .

[44]  F. E. Grubbs Procedures for Detecting Outlying Observations in Samples , 1969 .

[45]  Eric A. Brewer,et al.  Pinpoint: problem determination in large, dynamic Internet services , 2002, Proceedings International Conference on Dependable Systems and Networks.

[46]  W. J. Langford Statistical Methods , 1959, Nature.

[47]  João Paulo Magalhães,et al.  Root-cause analysis of performance anomalies in web-based applications , 2011, SAC.

[48]  K. French Stock returns and the weekend effect , 1980 .

[49]  W. Cleveland Robust Locally Weighted Regression and Smoothing Scatterplots , 1979 .

[50]  Thomas S. Ferguson,et al.  On the Rejection of Outliers , 1961 .

[51]  D. Ruppert Robust Statistics: The Approach Based on Influence Functions , 1987 .

[52]  P. J. Huber Robust Regression: Asymptotics, Conjectures and Monte Carlo , 1973 .

[53]  Gang Ren,et al.  Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers , 2010, IEEE Micro.

[54]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[55]  Vic Barnett,et al.  Outliers in Statistical Data , 1980 .

[56]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[57]  Xiaoyun Zhu,et al.  DAPA: Diagnosing Application Performance Anomalies for Virtualized Infrastructures , 2012, Hot-ICE.

[58]  V. Alarcón-Aquino,et al.  Anomaly detection in communication networks using wavelets , 2001 .

[59]  Douglas C. Montgomery,et al.  Research Issues and Ideas in Statistical Process Control , 1999 .

[60]  Bernard Rosner,et al.  On the Detection of Many Outliers , 1975 .

[61]  Julijana Angelovska An Econometric Analysis of Market Anomaly - Day of the Week Effect on a Small Emerging Market , 2013 .

[62]  Asger Lunde,et al.  Testing the Significance of Calendar Effects , 2005 .

[63]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[64]  Yingbing Yu,et al.  A survey of anomaly intrusion detection techniques , 2012 .

[65]  F. Hampel The Influence Curve and Its Role in Robust Estimation , 1974 .

[66]  Richard J. Rogalski New Findings Regarding Day‐of‐the‐Week Returns over Trading and Non‐Trading Periods: A Note , 1984 .

[67]  Kavé Salamatian,et al.  Signal Processing-based Anomaly Detection Techniques: A Comparative Analysis , 2011 .

[68]  Fred Spiring,et al.  Introduction to Statistical Quality Control , 2007, Technometrics.

[69]  Matthias Durr The Advanced Theory Of Statistics Vol 3 Design And Analysis And Time Series , 2016 .

[70]  P. Rousseeuw,et al.  Alternatives to the Median Absolute Deviation , 1993 .

[71]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[72]  F. Hampel Contributions to the theory of robust estimation , 1968 .

[73]  Leonardo Mariani,et al.  AVA: automated interpretation of dynamically detected anomalies , 2009, ISSTA.

[74]  Jugal K. Kalita,et al.  A Survey of Outlier Detection Methods in Network Anomaly Identification , 2011, Comput. J..

[75]  Kevin M. Carter,et al.  Probabilistic reasoning for streaming anomaly detection , 2012, 2012 IEEE Statistical Signal Processing Workshop (SSP).

[76]  F. E. Grubbs Sample Criteria for Testing Outlying Observations , 1950 .

[77]  Irma J. Terpenning,et al.  STL : A Seasonal-Trend Decomposition Procedure Based on Loess , 1990 .

[78]  Charu C. Aggarwal,et al.  Outlier Analysis , 2013, Springer New York.

[79]  York Marcel Dekker The State of Statistical Process Control as We Proceed into the 21st Century , 2000 .

[80]  References , 1971 .

[81]  S. W. Roberts Control chart tests based on geometric moving averages , 2000 .

[82]  Karsten Schwan,et al.  SysProf: Online Distributed Behavior Diagnosis through Fine-grain System Monitoring , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).