skip to main content
10.1145/3373477.3373501acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaissConference Proceedingsconference-collections
research-article

CPU and network traffic anomaly detection method for cloud data center

Published: 15 January 2020 Publication History

Abstract

With the development of the cloud service market, the number of network security attacks on cloud data centers is gradually increasing. The existing anomaly detection methods are all aimed at the research of known attacks, and there is not much progress on the research of some unknown attacks and workload peaks of cloud platforms. In order to deal with the unknown attack of the cloud platform and distinguish the behavior after the attack from the peak load under normal work, this paper studies a cloud data center anomaly detection method for Distributed Denial of Service(DDoS) attacks. We built a virtual machine cluster on openstack, simulated DDoS attacks on virtual machines, collected CPU utilization and network traffic data before and after the attack, and performed anomaly detection and analysis through a single class classification algorithm and analysis of time window sequences. We evaluated the performance of this method through lab-based experiments and real-world cloud data center experiments.

References

[1]
Renesse R, Birman K, Vogels W. Astrolabe: A Robust and Scalable Technology for Distributed System Monitoring, Management, and Data Mining [J]. ACM Transactions on Computer Systems, 2003, 21(2):164--206
[2]
Kang H, Chen H, Jiang G. PeerWatch:A fault detection and diagnosis tool for virtualized consolidation system [C]. Proceeding of the 7th International Conference on Autonomic Computing, 2010:119--128.
[3]
Wang D Y. Research and implementation of anomaly detection technology for cloud computing[D]. Thesis of Shanghai Jiao Tong University, 2013.
[4]
Li D R. Service Performance Monitoring and Analysis System in Cloud Computing Platform[D]. Thesis of Huazhong University of Science and Technology, 2012.
[5]
Li M W. Research on Methods for Detecting Virtual Machine Abnormal Behaviors in Cloud Computing Platforms[D]. Thesis of Chongqing University, 2014.
[6]
Meng S, Liu L, Wang T. State monitoring in cloud datacenters [J]. IEEE Transactions on Knowledge and Data Engineering, 2011, 23(9): 1328-- 1344.
[7]
Stewart c, Shen K, Iyengar A, Yin J. Entomo Model: Understanding and avoiding performance anomaly manifestations [C]. 18th IEEE/ACM International Symposium on Modeling Analysis & Simulation of Computer and Telecommunications Systems, 2010: 3-- 13.
[8]
Smith D, Guan Q, Song F. An anomaly detection framework for automatic management of compute cloud systems[C]. 34th Annual IEEE International Computer Software and Applications Conference Workshop, 2010: 376--381.
[9]
Shen S, Beek.v.V, Iosup. Statistical characterization of business-critical workloads hosted in cloud datacenters[C] //ACM International Symposium on Cluster, Cloud and Grid Computing. IEEE. 2015: 465--474.
[10]
Li Z, Sun W, Wang L. A Neural Network Based Distributed Intrusion Detection System On Cloud Platform[C]// 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems (CCIS). 0.
[11]
Pandeeswari N, Kumar G. Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN[J]. Mobile Networks and Applications, 2016, 21(3):494--505.
[12]
Shirazi S N, Simpson S, Gouglidis A, et al. Anomaly Detection in the Cloud Using Data Density[C]// IEEE International Conference on Cloud Computing. IEEE, 2017.
[13]
Angelov P, Yager R. Simplified Fuzzy Rule-based Systems using Non-parametric Antecedents and relative Data Density[C]// Evolving & Adaptive Intelligent Systems. IEEE, 2011.
[14]
Luo N, Qian F. Estimation of Distribution Algorithm sampling under Gaussian and Cauchy distribution in continuous domain[C]//IEEE International Conference on Control & Automation. IEEE, 2010.
[15]
Cao J, Yu B, Dong F, et al. Entropy-Based Denial of Service Attack Detection in Cloud Data Center[C]// 2014 Second International Conference on Advanced Cloud and Big Data (CBD). IEEE, 2014.
[16]
Lakhina A, Crovella M, Diot C. [ACM Press the 2005 conference - Philadelphia, Pennsylvania, USA (2005.08.22-2005.08.26)] Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, - SIGCOMM \ - Mining anomalies using traffic feature distributions[J]. 2005:217.
[17]
Zhao L, Wang F. An efficient entropy-based network anomaly detection method using MIB[C]// International Conference on Progress in Informatics & Computing. IEEE, 2014.
[18]
Behal S, Kumar K. Detection of DDoS attacks and flash events using novel information theory metrics[J]. Computer Networks, 2017, 116:96--110.
[19]
Callegari C, Giordano S, Pagano M. Entropy-based network anomaly Detection[C]// International Conference on Computing. IEEE, 2017.

Cited By

View all
  • (2024)Swarm learning anomaly detection framework for cloud data center using multi-channel BiWGAN-GTN and CEEMDANDigital Communications and Networks10.1016/j.dcan.2024.08.009Online publication date: Aug-2024
  • (2022)DeepRestProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519564(181-198)Online publication date: 28-Mar-2022
  • (2021)Distributed denial‐of‐service attack mitigation in network functions virtualization‐based 5G networks using management and orchestrationInternational Journal of Communication Systems10.1002/dac.482534:9Online publication date: 14-Apr-2021

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
AISS '19: Proceedings of the 1st International Conference on Advanced Information Science and System
November 2019
253 pages
ISBN:9781450372916
DOI:10.1145/3373477
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DDoS attack
  2. anomaly detection
  3. cloud data center
  4. single class classification algorithm

Qualifiers

  • Research-article

Conference

AISS 2019

Acceptance Rates

AISS '19 Paper Acceptance Rate 41 of 95 submissions, 43%;
Overall Acceptance Rate 41 of 95 submissions, 43%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)1
Reflects downloads up to 28 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Swarm learning anomaly detection framework for cloud data center using multi-channel BiWGAN-GTN and CEEMDANDigital Communications and Networks10.1016/j.dcan.2024.08.009Online publication date: Aug-2024
  • (2022)DeepRestProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519564(181-198)Online publication date: 28-Mar-2022
  • (2021)Distributed denial‐of‐service attack mitigation in network functions virtualization‐based 5G networks using management and orchestrationInternational Journal of Communication Systems10.1002/dac.482534:9Online publication date: 14-Apr-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media