Browse > Article
http://dx.doi.org/10.3837/tiis.2016.08.024

An Anomaly Detection Framework Based on ICA and Bayesian Classification for IaaS Platforms  

Wang, GuiPing (College of Information Science and Engineering, Chongqing Jiaotong University)
Yang, JianXi (College of Information Science and Engineering, Chongqing Jiaotong University)
Li, Ren (College of Information Science and Engineering, Chongqing Jiaotong University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.8, 2016 , pp. 3865-3883 More about this Journal
Abstract
Infrastructure as a Service (IaaS) encapsulates computer hardware into a large amount of virtual and manageable instances mainly in the form of virtual machine (VM), and provides rental service for users. Currently, VM anomaly incidents occasionally occur, which leads to performance issues and even downtime. This paper aims at detecting anomalous VMs based on performance metrics data of VMs. Due to the dynamic nature and increasing scale of IaaS, detecting anomalous VMs from voluminous correlated and non-Gaussian monitored performance data is a challenging task. This paper designs an anomaly detection framework to solve this challenge. First, it collects 53 performance metrics to reflect the running state of each VM. The collected performance metrics are testified not to follow the Gaussian distribution. Then, it employs independent components analysis (ICA) instead of principal component analysis (PCA) to extract independent components from collected non-Gaussian performance metric data. For anomaly detection, it employs multi-class Bayesian classification to determine the current state of each VM. To evaluate the performance of the designed detection framework, four types of anomalies are separately or jointly injected into randomly selected VMs in a campus-wide testbed. The experimental results show that ICA-based detection mechanism outperforms PCA-based and LDA-based detection mechanisms in terms of sensitivity and specificity.
Keywords
Anomaly detection; feature extraction; ICA; Bayesian classification; IaaS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. C. Meng, L. Liu, and T. Wang, "State Monitoring in Cloud Datacenters," IEEE Trans. on Knowledge and Data Engineering, vol. 23, no. 9, pp. 1328-1344, 2011. Article (CrossRef Link).   DOI
2 Q. Guan, C. C. Chiu, and S. Fu, "CDA: A cloud dependability analysis framework for characterizing system dependability in cloud computing," in Proc. of IEEE Pacific Rim International Symposium on Dependable Computing, pp. 11-20, 2012. Article (CrossRef Link).
3 Z. L. Lan, Z. M. Zheng, and Y. W. Li, "Toward automated anomaly identification in large-scale systems," IEEE Trans. on Parallel and Distributed Systems, vol. 21, no. 2, pp. 174-187, 2010. Article (CrossRef Link).   DOI
4 F. Marcelloni, "Feature selection based on a modified fuzzy C-means algorithm with supervision," Information Science, vol. 151, pp. 201-226, 2003. Article (CrossRef Link).   DOI
5 L. I. Kuncheva, "A stability index for feature selection," in Proc. of the 25th IASTED International Multi-Conference: artificial intelligence and applications, pp. 390-395, 2007.
6 R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification, 2nd ed., Wiley Interscience, 2001.
7 K. Pearson, "On Lines and Planes of Closest Fit to Systems of Points in Space," Philosophical Magazine, vol. 2, no. 11, pp. 559-572, 1901. Article (CrossRef Link).   DOI
8 M. Pechenizkiy, S. Puuronen, and A. Tsymbal, "The Impact of Sample Reduction on PCA-based Feature Extraction for Supervised Learning," in Proc. of the 21st Annual ACM Symposium on Applied Computing, pp. 553-558, April 2006. Article (CrossRef Link).
9 O. Ibidunmoye, F. Hernandez-Rodriguez, and E. Elmroth, "Performance Anomaly Detection and Bottleneck Identification," ACM Computing Surveys, vol. 48, no. 1, Sep. 2015. Article (CrossRef Link).   DOI
10 A. Hyvarinen, J. Karhunen, and E. Oja, Independent Component Analysis, John-Wiley & Sons, Inc., 2001.
11 J. Herault, and C. Jutten, "Space or time adaptive signal processing by neural network models," in Proc. of AIP Conference Proceedings, vol. 15, no. 1 (on Neural Networks for Computing), pp. 206-211, Aug. 1986. Article (CrossRef Link).
12 C. H. Li, B. C. Kuo, and C. T. Lin, "LDA-based Clustering Algorithm and Its Application to an Unsupervised Feature Extraction," IEEE Trans. on Fuzzy Systems, vol. 19, no. 1, pp.152-163, 2011. Article (CrossRef Link).   DOI
13 P. Comon, "Independent component analysis, a new concept?" Signal Processing, vol. 36, no. 3, pp. 287-314, 1994. Article (CrossRef Link).   DOI
14 F. Palmieri, U. Fiore, and A. Castiglione, "A distributed approach to network anomaly detection based on independent component analysis," Concurrency and Computation: Practice and Experience, vol. 26, no. 5, pp. 1113-1129, 2014. Article (CrossRef Link).   DOI
15 A. Hyvärinen, and E. Oja, "A fast fixed-point algorithm for independent component analysis," Neural Computation, vol. 9, no. 7, pp. 1483-1492, 1997. Article (CrossRef Link).   DOI
16 V. Chandola, A. Banerjee, and V. Kumar, "Anomaly Detection: A Survey," ACM Computing Surveys, vol. 41, No. 3, Article 15, 2009. Article (CrossRef Link).   DOI
17 M. Jo, L. Z. Han, D. Kim, and H. P. In, "Selfish Attacks and Detection in Cognitive Radio Ad-hoc Networks," IEEE Network, vol. 27, no. 3, pp. 46-50, 2013. Article (CrossRef Link).   DOI
18 T. H. Hai, E. N. Huh, and M. Jo, "A Lightweight Intrusion Detection Framework for Wireless Sensor Networks," Wireless Communications and Mobile Computing, vol. 10, no. 4, pp. 559-572, 2010. Article (CrossRef Link).   DOI
19 H. B. Mi, H. M. Wang, Y. F. Zhou, et al, "Toward Fine-Grained, Unsupervised, Scalable Performance Diagnosis for Production Cloud Computing Systems," IEEE Transactions on Parallel and Distributed Systems, pp. 1245-1255, 2013. Article (CrossRef Link).   DOI
20 Q. Guan, Z. M. Zhang, and S. Fu, "Ensemble of Bayesian predictors and decision trees for proactive failure management in cloud computing systems," Journal of Communications, vol. 7, no. 1, pp. 52-61, 2012. Article (CrossRef Link).   DOI
21 M. R. Watson, N. H. Shirazi, A. K. Marnerides, et al. "Malware Detection in Cloud Computing Infrastructures," IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 2, pp. 192-205, 2016. Article (CrossRef Link).   DOI
22 A. B. Sharma, H. F. Chen, M. Ding, et al, "Fault detection and localization in distributed systems using invariant relationships," in Proc. of 43rd Annual IEEE/IFIP Int. Conf. on Dependable Systems and Networks, pp. 1-8, June 2013. Article (CrossRef Link).
23 Y. B. Liu, Z. Yuan, C. C. Xing, et al., "A behavioral anomaly detection strategy based on time series process portraits for desktop virtualization systems," Cluster Computing, vol. 18, no. 2, pp. 979-988, 2015. Article (CrossRef Link).   DOI
24 H. S. Pannu, J. G. Liu, and S. Fu, "AAD: Adaptive anomaly detection system for cloud computing infrastructures," in Proc. of the IEEE Symposium on Reliable Distributed Systems, 2012 Article (CrossRef Link).
25 T. Huang, Y. X. Zhu, and Y. F. Wu, et al. "Anomaly detection and identification scheme for VM live migration in cloud infrastructure," Future Generation Computer Systems, vol. 56, pp. 736-745, 2016. Article (CrossRef Link).   DOI
26 J. Shlens, "A Tutorial on Principal Component Analysis," (Dated: April 22, 2009; Version 3.01). http://www.snl.salk.edu/-shlens/pub/notes/pca.pdf.