Abstract
Invariants are stable relationships among system metrics expected to hold during normal operating conditions. The violation of such relationships can be used to detect anomalies at runtime. However, this approach does not scale to large systems, as the number of invariants quickly grows with the number of considered metrics. The resulting “background noise” for the invariant-based detection system hinders its effectiveness. In this paper we propose a general and automatic approach for identifying a subset of mined invariants that properly model system runtime behavior with a reduced amount of background noise. This translates into better overall performance (i.e., less false positives).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A false positive is an error in the detection, in which an anomaly is reported when no anomalies occurred. A false negative is an omission of the detector, which does not report an occurred anomaly.
References
Jiang, G., Chen, H., Yoshihira, K.: Discovering likely invariants of distributed transaction systems for autonomic system management. Cluster Comput. 9(4), 385–399 (2006)
Lou, J.-G., et al.: Mining invariants from console logs for system problem detection. In: Proceedings of the USENIX Annual Technical Conference (2010)
Xu, X., Zhu, L., Weber, I., Bass, L., Sun, D.: POD-diagnosis: error diagnosis of sporadic operations on cloud applications. In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2014)
Sharma, A.B., et al.: Fault detection and localization in distributed systems using invariant relationships. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2013)
Sarkar, S., Ganesan, R., Cinque, M., Frattini, F., Russo, S., Savignano, A.: Mining invariants from SaaS application logs. In: Tenth European Dependable Computing Conference (EDCC 2014) (May 2014)
Frattini, F., Sarkar, S., Khasnabish, J., Russo, S.: Using invariants for anomaly detection: the case study of a SaaS application. In: IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) (2014)
Sahoo, S.K., et al.: Using likely program invariants to detect hardware errors. In: IEEE International Conference on Dependable Systems and Networks (DSN) (2008)
Ernst, M., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Trans. Softw. Eng. 27(2), 99–123 (2001)
Jain, R.: The Art of Computer Systems Performance Analysis. Wiley (1991)
Ticket Monster. http://www.jboss.org/ticket-monster/
Avizienis, A., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)
Zhang, J., et al.: Encore: exploiting system environment and correlation information for misconfiguration detection. SIGARCH Comput. Archit. News 42(1), 687–700 (2014)
Rice University - Division of Information Technology, Why Are My Jobs Not Running?, April 2013. http://rcsg.rice.edu/rcsg/shared/scheduling.html
IGI - Italian Grid Infrastructure, Troubleshooting guide for CREAM, April 2013. https://wiki.italiangrid.it/twiki/bin/view/CREAM/TroubleshootingGuide
Bovenzi, A., Cotroneo, D., Pietrantuono, R., Russo, S.: Workload characterization for software aging analysis. In: IEEE 22nd International Symposium on Software Reliability Engineering (ISSRE) (2011)
Goldberg, D.: Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Boston (1989)
Acknowledgments
This work has been supported by the TENACE PRIN Project (no. 20103P34XC) funded by MIUR. The work by Cinque and Russo has also been partially supported by EU under Marie Curie IAPP grant no. 324334 CECRIS (CErtification of CRItical Systems).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Aniello, L., Ciccotelli, C., Cinque, M., Frattini, F., Querzoni, L., Russo, S. (2016). Automatic Invariant Selection for Online Anomaly Detection. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)