Automated Traces-based Anomaly Detection and Root Cause Analysis in Cloud Platforms

Abstract

Current cloud infrastructures and their applications are increasingly complex, with confounding relationships among application elements and cloud infrastructure components. This makes timely identification of the root causes for faults that occur in such systems an important-yet-challenging task. In this paper, we propose a solution that automatically builds a correlation model and an anomaly detection model using kernel traces of cloud servers. The correlation model is used to capture the dependencies between the various elements of the cloud system while the anomaly detection model is used to identify anomalies related to specific elements of the system. Upon detection of a fault, our framework computes a dependency graph of detected anomalies using the models, which in turn is used to perform the root cause analysis. Evaluation results of our proposed framework on a Kubernetes cloud show that it can effectively find root causes of injected faults with an accuracy rate between 80% and 99.3%, with a low false negative rate.