Improving Predictability of User-Affecting Metrics to Support Anomaly Detection in Cloud Services

by   Vilc Rufino, et al.

Anomaly detection systems aim to detect and report attacks or unexpected behavior in networked systems. Previous work has shown that anomalies have an impact on system performance, and that performance signatures can be effectively used for implementing an IDS. In this paper, we present an analytical and an experimental study on the trade-off between anomaly detection based on performance signatures and system scalability. The proposed approach combines analytical modeling and load testing to find optimal configurations for the signature-based IDS. We apply a heavy-tail bi-modal modeling approach, where "long" jobs represent large resource consuming transactions, e.g., generated by DDoS attacks; the model was parametrized using results obtained from controlled experiments. For performance purposes, mean response time is the key metric to be minimized, whereas for security purposes, response time variance and classification accuracy must be taken into account. The key insights from our analysis are: (i) there is an optimal number of servers which minimizes the response time variance, (ii) the sweet-spot number of servers that minimizes response time variance and maximizes classification accuracy is typically smaller than or equal to the one that minimizes mean response time. Therefore, for security purposes, it may be worth slightly sacrificing performance to increase classification accuracy.



There are no comments yet.


page 1

page 2

page 3

page 4


A Model-Based Approach to Anomaly Detection Trading Detection Time and False Alarm Rate

The complexity and ubiquity of modern computing systems is a fertile gro...

RADS: Real-time Anomaly Detection System for Cloud Data Centres

Cybersecurity attacks in Cloud data centres are increasing alongside the...

TracInAD: Measuring Influence for Anomaly Detection

As with many other tasks, neural networks prove very effective for anoma...

Online Anomaly Detection Systems Using Incremental Commute Time

Commute Time Distance (CTD) is a random walk based metric on graphs. CTD...

Anomaly Detection in Emails using Machine Learning and Header Information

Anomalies in emails such as phishing and spam present major security ris...

A secondary immune response based on co-evolutive populations of agents for anomaly detection and characterization

The detection of anomalies in unknown environments is a problem that has...

State Compression and Quantitative Assessment Model for Assessing Security Risks in the Oil and Gas Transmission Systems

The SCADA system is the foundation of the large-scale industrial control...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.