Please use this identifier to cite or link to this item:
Main Title: Automated Anomaly Detection in Virtualized Services Using Deep Packet Inspection
Author(s): Wallschläger, Marcel
Gulenko, Anton
Schmidt, Florian
Kao, Odej
Liu, Feng
Type: Article
Language Code: en
Abstract: Virtualization technologies have proven to be important drivers for the fast and cost-efficient development and deployment of services. While the benefits are tremendous, there are many challenges to be faced when developing or porting services to virtualized infrastructure. Especially critical applications like Virtualized Network Functions must meet high requirements in terms of reliability and resilience. An important tool when meeting such requirements is detecting anomalous system components and recovering the anomaly before it turns into a fault and subsequently into a failure visible to the client. Anomaly detection for virtualized services relies on collecting system metrics that represent the normal operation state of every component and allow the usage of machine learning algorithms to automatically build models representing such state. This paper presents an approach for collecting service-layer metrics while treating services as black-boxes. This allows service providers to implement anomaly detection on the application layer without the need to modify third-party software. Deep Packet Inspection is used to analyse the traffic of virtual machines on the hypervisor layer, producing both generic and protocol-specific communication metrics. An evaluation shows that the resulting metrics represent the normal operation state of an example Virtualized Network Function and are therefore a valuable contribution to automatic anomaly detection in virtualized services.
Issue Date: 2017
Date Available: 18-Sep-2019
DDC Class: 004 Datenverarbeitung; Informatik
Subject(s): cloud
deep packet inspection
network function virtualization
anomaly detection
Journal Title: Procedia Computer Science
Publisher: Elsevier
Publisher Place: Amsterdam
Volume: 110
Publisher DOI: 10.1016/j.procs.2017.06.137
Page Start: 510
Page End: 515
EISSN: 1877-0509
Appears in Collections:FG Komplexe und Verteilte IT-Systeme » Publications

Files in This Item:
File Description SizeFormat 
1-s2.0-S1877050917313170-main.pdf862.36 kBAdobe PDFThumbnail

This item is licensed under a Creative Commons License Creative Commons