Metric selection and anomaly detection for cloud operations using log and metric correlation analysis

Farshchi, Mostafa; Schneider, Jean-Guy; Weber, Ingo; Grundy, John

doi:10.1016/j.jss.2017.03.012

Cited by 65 publications

(32 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In order to prevent severe failures, software developers invest efforts in mitigating the consequences of residual bugs. Examples are defensive programming practices, such as assertion checking and logging, to timely detect an incorrect state of the system [18,38] and for providing to system operators useful information for quick troubleshooting [17,76,77]. Another important approach to mitigate failures is to implement fault containment strategies.…”

Section: Introductionmentioning

confidence: 99%

How bad can a bug get? an empirical analysis of software failures in the OpenStack cloud computing platform

Cotroneo¹,

Simone²,

Liguori³

et al. 2019

Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of

View full text Add to dashboard Cite

Cloud management systems provide abstractions and APIs for programmatically configuring cloud infrastructures. Unfortunately, residual software bugs in these systems can potentially lead to highseverity failures, such as prolonged outages and data losses. In this paper, we investigate the impact of failures in the context widespread OpenStack cloud management system, by performing fault injection and by analyzing the impact of the resulting failures in terms of fail-stop behavior, failure detection through logging, and failure propagation across components. The analysis points out that most of the failures are not timely detected and notified; moreover, many of these failures can silently propagate over time and through components of the cloud management system, which call for more thorough run-time checks and fault containment.

show abstract

Section: Introductionmentioning

confidence: 99%

How bad can a bug get? an empirical analysis of software failures in the OpenStack cloud computing platform

Cotroneo¹,

Simone²,

Liguori³

et al. 2019

Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of

View full text Add to dashboard Cite

show abstract

“…Figure 4 gives an example of the position distribution of a word in messages. As we can see, the word shows high density in the intervals [0, 10) and [40, 50], but low density in the intervals [10,20), [20,30) and [30,40). Intuitively, a highdensity window (interval) is more likely to contain a keyword, while the low-density window may contain noise (false keywords) from payloads.…”

Section: Merging Positional Abstract Through Variation Analysis (Smentioning

confidence: 97%

P-Gram: Positional N-Gram for the Clustering of Machine-Generated Messages

et al. 2019

Self Cite

View full text Add to dashboard Cite

An IT system generates messages for other systems or users to consume, through direct interaction or as system logs. Automatically identifying the types of these machine-generated messages has many applications, such as intrusion detection and system behavior discovery. Among various heuristic methods for automatically identifying message types, the clustering methods based on keyword extraction have been quite effective. However, these methods still suffer from keyword misidentification problems, i.e., some keyword occurrences are wrongly identified as payload and some strings in the payload are wrongly identified as keyword occurrences, leading to the misidentification of the message types. In this paper, we propose a new machine language processing (MLP) approach, called P-gram, specifically designed for identifying keywords in, and subsequently clustering, machine-generated messages. First, we introduce a novel concept and technique, positional n-gram, for message keywords extraction. By associating the position as meta-data with each n-gram, we can more accurately discern which n-grams are keywords of a message and which n-grams are parts of the payload information. Then, the positional keywords are used as features to cluster the messages, and an entropy-based positional weighting method is devised to measure the importance or weight of the positional keywords to each message. Finally, a general centroid clustering method, K-Medoids, is used to leverage the importance of the keywords and cluster messages into groups reflecting their types. We evaluate our method on a range of machine-generated (text and binary) messages from the real-world systems and show that our method achieves higher accuracy than the current state-ofthe-art tools. INDEX TERMS Machine-generated messages, positional n-gram, clustering.

show abstract

“…Farshchi et al proposed a regression‐based approach for anomaly detection during DevOps application operations. It uses information from log files and infrastructure monitoring tools and can detect problems during operations such as backup, application upgrade, migration, reconfiguration, auto‐scaling, and deployment.…”

Section: Related Workmentioning

confidence: 99%

“…Our approach, on the other hand, targets nonsporadic events, specifically anomalies in resource utilization observed during application runtime.Huang et al33 proposed an approach that combines local outlier factors (a semisupervised anomaly detection algorithm) and symbolic aggregate approximation (a methodology to represent time-series) to identify anomalies in the process of live migration of virtual machines.It analyzes resource-level metrics and can identify machines that experienced issues during live migration. Rather than live migration of VMs, our approach focuses on unsupervised anomaly detection in the performance of running virtual machines.Farshchi et al34 proposed a regression-based approach for anomaly detection during DevOps application operations. It uses information from log files and infrastructure monitoring tools and can detect problems during operations such as backup, application upgrade, migration, reconfiguration, auto-scaling, and deployment.…”

mentioning

confidence: 99%

On the effectiveness of isolation‐based anomaly detection in cloud data centers

Calheiros

Ramamohanarao

Buyya

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary The high volume of monitoring information generated by large‐scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource‐intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large‐scale environment such as clouds. Isolation‐based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation‐based anomaly detection method, to detect anomalies in large‐scale cloud data centers. We propose a method to code time‐series information as extra attributes that enable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time‐series and to be applied online and in real‐time.

show abstract

Metric selection and anomaly detection for cloud operations using log and metric correlation analysis

Cited by 65 publications

References 6 publications

How bad can a bug get? an empirical analysis of software failures in the OpenStack cloud computing platform

How bad can a bug get? an empirical analysis of software failures in the OpenStack cloud computing platform

P-Gram: Positional N-Gram for the Clustering of Machine-Generated Messages

On the effectiveness of isolation‐based anomaly detection in cloud data centers

Contact Info

Product

Resources

About