Marcel Wallschläger, Anton Gulenko, Florian Schmidt, Alexander Acker, O. Kao
{"title":"基于数据包大小分布的边缘云黑匣子业务异常检测","authors":"Marcel Wallschläger, Anton Gulenko, Florian Schmidt, Alexander Acker, O. Kao","doi":"10.1109/CloudNet.2018.8549546","DOIUrl":null,"url":null,"abstract":"Future services in fields like autonomous driving and virtual reality rely on cloud computing resources located at the edge of Internet Service Provider(ISP) networks. Instead of deploying many service-specific monitoring and reliability platforms, a centralized monitoring solution can reduce the usage of the already sparse edge cloud resources. The ISP can offer such a service using the black box monitoring approach presented in this paper. Current cloud providers already collect data about customer services for cloud performance and cloud reliability. We propose to extend current monitoring solutions for virtual machines by real-time analysis of network packet headers. In particular, we use the packet size distribution and the TCP connection time to infer the operational state of the service. We conduct an evaluation of the presented approach using a content delivery system which is set into different load and anomaly states. The random forest algorithm trained to differentiate normal from abnormal service states based on the collected data resulted in an accuracy of 94%. The overhead of collecting the data on a commodity hardware hypervisor using eBPF is about 3% CPU at 10GB/s.","PeriodicalId":436842,"journal":{"name":"2018 IEEE 7th International Conference on Cloud Networking (CloudNet)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Anomaly Detection for Black Box Services in Edge Clouds Using Packet Size Distribution\",\"authors\":\"Marcel Wallschläger, Anton Gulenko, Florian Schmidt, Alexander Acker, O. Kao\",\"doi\":\"10.1109/CloudNet.2018.8549546\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Future services in fields like autonomous driving and virtual reality rely on cloud computing resources located at the edge of Internet Service Provider(ISP) networks. Instead of deploying many service-specific monitoring and reliability platforms, a centralized monitoring solution can reduce the usage of the already sparse edge cloud resources. The ISP can offer such a service using the black box monitoring approach presented in this paper. Current cloud providers already collect data about customer services for cloud performance and cloud reliability. We propose to extend current monitoring solutions for virtual machines by real-time analysis of network packet headers. In particular, we use the packet size distribution and the TCP connection time to infer the operational state of the service. We conduct an evaluation of the presented approach using a content delivery system which is set into different load and anomaly states. The random forest algorithm trained to differentiate normal from abnormal service states based on the collected data resulted in an accuracy of 94%. The overhead of collecting the data on a commodity hardware hypervisor using eBPF is about 3% CPU at 10GB/s.\",\"PeriodicalId\":436842,\"journal\":{\"name\":\"2018 IEEE 7th International Conference on Cloud Networking (CloudNet)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 7th International Conference on Cloud Networking (CloudNet)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudNet.2018.8549546\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 7th International Conference on Cloud Networking (CloudNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudNet.2018.8549546","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Anomaly Detection for Black Box Services in Edge Clouds Using Packet Size Distribution
Future services in fields like autonomous driving and virtual reality rely on cloud computing resources located at the edge of Internet Service Provider(ISP) networks. Instead of deploying many service-specific monitoring and reliability platforms, a centralized monitoring solution can reduce the usage of the already sparse edge cloud resources. The ISP can offer such a service using the black box monitoring approach presented in this paper. Current cloud providers already collect data about customer services for cloud performance and cloud reliability. We propose to extend current monitoring solutions for virtual machines by real-time analysis of network packet headers. In particular, we use the packet size distribution and the TCP connection time to infer the operational state of the service. We conduct an evaluation of the presented approach using a content delivery system which is set into different load and anomaly states. The random forest algorithm trained to differentiate normal from abnormal service states based on the collected data resulted in an accuracy of 94%. The overhead of collecting the data on a commodity hardware hypervisor using eBPF is about 3% CPU at 10GB/s.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
