An Anomaly Detection Method for Cloud Service Platform

Abstract

The cloud service platform is an open platform designed to provide various users with application services. The reliability of the platform is threatened by anomalous access behaviors such as resource abuse, DDoS attacks etc. Detecting anomalous behaviors to access the cloud service platform is an essential task. In this paper, an anomaly detection method based on Max-min distance and Support vector data description (MMD-SVDD) is proposed. The method identifies anomalous user access behaviors using CPU/memory/disk/network related system resource metrics. It firstly uses MMD to divide servers in the cloud service platform into multi-clusters. The servers in each of the clusters have similar running environment and can share an anomaly detection model. This process can effectively reduce the detection scale and system resource consumption. Then, aiming at the problem of incomplete abnormal data samples, the anomaly detection models are built based on SVDD algorithm, which utilizes normal data samples to construct a hypersphere for each cluster. Finally, the anomalous behavior is identified via judging whether the target data falls outside the hypersphere. The method is applied in cloud service platform and the result shows that it can accurately identity anomalies with lower system resource consumption.