Yi Zhu

2011-01-01

Abstract:: The Internet is the platform for most of our communications needs today. The networks underlying the Internet undergo continual change - both planned changes (e.g., adding a new router) or unplanned failures. Unfortunately, these changes can lead to performance disruptions, which affect the user experience. Because of this, network operators have to quickly diagnose and fix any problems that arise. Diagnosing wide-area performance disruptions is challenging: first, each network has limited visibility into other networks so network operators must collect and analyze measurements of routing and traffic data in order to infer the root cause of the disruption; second, there are so many potential factors which might lead to performance disruptions, and these factors are usually interdependent of each other; third, there are no formalized ways to define metrics and classify the performance disruption according to the causes, thus network diagnosis is usually done in an ad-hoc manner. The thesis conducts two case studies to diagnose wide-area performance disruptions from the perspectives of a large tier-1 Internet Service Provider (ISP) and a large content distribution network (CDN): i) From the ISP's perspective, we designed and implemented a system that tracks inter-domain route changes at scale and in real time. Our system can be used as the building block for many diagnosis tools for the ISPs. ii) From the CDN's perspective, we focus on diagnosing wide-area network changes which resulted in latency increases to access the services in the CDN. We designed a method for automatically classifying large increases of latency, and evaluated our techniques on one month of measurement data to identify major sources of high latency for the CDN. Stepping back, the difficulties in network diagnosis can be traced back to the inter-domain routing protocol itself.

Pengfei Chen,Yong Qi,Di Hou

DOI: https://doi.org/10.1109/tsc.2016.2607739

IF: 11.019

2019-01-01

IEEE Transactions on Services Computing

Abstract:Modern computing systems especially cloud-based and cloud-centric systems always consist of a mass of components running in large distributed environments with complicated interactions. They are vulnerable to performance problems due to the highly dynamic runtime environment changes (e.g., overload and resource contention) or software bugs (e.g., memory leak). Unfortunately, it is notoriously difficult to diagnose the root causes of these performance problems in a fine granularity due to complicated interactions and a large cardinality of potential cause set. In this paper, we build an automated, black-box and end-to-end cause inference system named CauseInfer to pinpoint the root causes or at least provide some hints. CauseInfer can automatically map a distributed system to a two-layer hierarchical causality graph and infer the root causes along the causal paths in the causality graph. CauseInfer models the fault propagation paths in an explicit way and works without instrumentation to the running production system, which makes CauseInfer more effective and practical than previous approaches. The experimental evaluations in two benchmark systems show that CauseInfer can identify the root causes in a high accuracy. Compared to several state-of-the-art approaches, CauseInfer can achieve over 10 percent improvement. Moreover, CauseInfer is lightweight and flexible enough to readily scale out in large distributed systems. With CauseInfer, the mean time to recovery (MTTR) of the cloud systems can be significantly reduced.

Xinrui Jiang,Yang Zhang,Tingzhu Bi,Xiangzhuang Shen,Yu Zhang,Yicheng Pan,Meng Ma,Linlin Han,Feng Wang,Xian Liu,Ping Wang

DOI: https://doi.org/10.1109/icws62655.2024.00119

2024-01-01

Abstract:Hyperscale web service infrastructures are becoming increasingly complex and facing a variety of threats, raising the demand for more sophisticated automated operations and diagnosis solutions. Existing anomaly root cause localization approaches often focus on Service-level components without drilling down to the lower-level resources where services are deployed, hindering the implementation of fine-grained failure fix measures. This paper introduces a challenging task called global diagnosis and addresses it by proposing a technique called G-Cause, which is applicable to both Service-level and host-level root cause analysis scenarios. G-Cause builds a highly adaptive diagnostic framework based on the frequency-domain and time-domain characteristics of monitoring metrics, allowing it to handle global diagnosis requirements from app to host with minimal parameter adjustments. We deploy and validate our approach in two typical scenarios: homogeneous metric diagnosis from app to microservice, and heterogeneous metric diagnosis for various host resources. The results demonstrate that G-Cause outperforms state-of-the-art diagnosis algorithms while providing strong interpretability. Our approach helps operators understand the core mechanism of anomaly propagation and adjust their management strategies more effectively. With these strengths, G-Cause successfully services our global product operations and also makes an impressive contribution in many other workflows.

Shruti Bothe,Usama Masood,Hasan Farooq,Ali Imran

DOI: https://doi.org/10.1109/blackseacom48709.2020.9235002

2020-05-26

Abstract:Mobile cellular network operators spend nearly a quarter of their revenue on network maintenance and management. A significant portion of that budget is spent on resolving faults diagnosed in the system that disrupt or degrade cellular services. Historically, the operations to detect, diagnose and resolve issues were carried out by human experts. However, with diversifying cell types, increased complexity and growing cell density, this methodology is becoming less viable, both technically and financially. To cope with this problem, in recent years, research on self-healing solutions has gained significant momentum. One of the most desirable features of the self-healing paradigm is automated fault diagnosis. While several fault detection and diagnosis machine learning models have been proposed recently, these schemes have one common tenancy of relying on human expert contribution for fault diagnosis and prediction in one way or another. In this paper, we propose an AI-based fault diagnosis solution that offers a key step towards a completely automated self-healing system without requiring human expert input. The proposed solution leverages Random Forests classifier, Convolutional Neural Network and neuromorphic based deep learning model which uses RSRP map images of faults generated. We compare the performance of the proposed solution against state-of-the-art solution in literature that mostly use Naive Bayes models, while considering seven different fault types. Results show that neuromorphic computing model achieves high classification accuracy as compared to the other models even with relatively small training data.

Ankur Mahida,

DOI: https://doi.org/10.47363/jeast/2023(5)230

2023-12-31

Journal of Engineering and Applied Sciences Technology

Abstract:Identifying the root cause analysis is the key to the timely detection of errors in massive, multiple-functional software systems. Meanwhile, network development will become more intricate and non-transparent, leaving the human algorithm behind. The paper dedicates its resources to discussing ways to automate root cause analysis based on observability data, such as logs, metrics, and traces. Technologies including causal inference, anomaly detection, and pattern recognition are specialized techniques that allow us to identify the breach in the background of thousands of connected events. Data-driven tools in research and industry that consume observability data as input, uncover anomalies, model system topology, and rank probable root causes use these technologies. This should give the customer a shorter mean repair time, higher reliability, and security. Deeper adoption is perfect for chain management and the performance gains of individual developers. The coverage includes strategies of algorithmic and implementation of root cause analysis with the observability data. Related topics like service maps and anomalous numbers are also discussed where necessary. Scaling out the automatic diagnosis entity is investigated as an automated means to replace the manual ones faced with elaborate models.

Yicheng Pan,Meng Ma,Xinrui Jiang,Ping Wang

DOI: https://doi.org/10.1109/tdsc.2022.3233915

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Today many web applications in the cloud (apps) are built based on microservices. However, as the anomaly propagates in a highly dynamic and complex way, troubleshooting them becomes full of challenges. Existing diagnostic methods are mostly designed based on monitoring metrics retrieved from the microservice system kernel. Therefore, application owners and even site reliability engineers (SREs) cannot effectively resort to those methods when the microservice systems lack such a comprehensive monitoring infrastructure. In this article, we develop DyCause, a crowdsourcing solution to the asymmetric diagnostic information problem. Our solution collects the operational status of kernel services collaboratively from the user space and initiates diagnosis on demand. Without the requirement of any architectural or functional infrastructure, it is both fast and lightweight to deploy DyCause in a microservice system. In order to discover the fine-grained dynamic causalities between services during the anomaly, we also design an efficient algorithm based on statistical analysis. Based on this algorithm, we can also analyze the anomaly propagation paths within the microservice system and generate a better interpretable diagnosis. In our evaluation, we test DyCause in a controlled simulation environment and a real-world cloud system. Our results have shown that DyCause has the best accuracy and efficiency among several state-of-the-art methods and is more robust in terms of parameters.

Yicheng Pan,Meng Ma,Xinrui Jiang,Ping Wang

DOI: https://doi.org/10.1145/3460319.3464805

2021-01-01

Abstract:With the widespread use of cloud-native architecture, increasing web applications (apps) choose to build on microservices. Simultaneously, troubleshooting becomes full of challenges owing to the high dynamics and complexity of anomaly propagation. Existing diagnostic methods rely heavily on monitoring metrics collected from the kernel side of microservice systems. Without a comprehensive monitoring infrastructure, application owners and even cloud operators cannot resort to these kernel-space solutions. This paper summarizes several insights on operating a top commercial cloud platform. Then, for the first time, we put forward the idea of user-space diagnosis for microservice kernel failures. To this end, we develop a crowdsourcing solution - DyCause, to resolve the asymmetric diagnostic information problem. DyCause deploys on the application side in a distributed manner. Through lightweight API log sharing, apps collect the operational status of kernel services collaboratively and initiate diagnosis on demand. Deploying DyCause is fast and lightweight as we do not have any architectural and functional requirements for the kernel. To reveal more accurate correlations from asymmetric diagnostic information, we design a novel statistical algorithm that can efficiently discover the time-varying causalities between services. This algorithm also helps us build the temporal order of the anomaly propagation. Therefore, by using DyCause, we can obtain more in-depth and interpretable diagnostic clues with limited indicators. We apply and evaluate DyCause on both a simulated test-bed and a real-world cloud system. Experimental results verify that DyCause running in the user-space outperforms several state-of-the-art algorithms running in the kernel on accuracy. Besides, DyCause shows superior advantages in terms of algorithmic efficiency and data sensitivity. Simply put, DyCause produces a significantly better result than other baselines when analyzing much fewer or sparser metrics. To conclude, DyCause is faster to act, deeper in analysis, and easier to deploy.

Meng Ma,Weilan Lin,Disheng Pan,Ping Wang

DOI: https://doi.org/10.1109/tsc.2020.2993251

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:The emergence of microservice architecture in Cloud systems poses a new challenges for the reliability operation and maintenance. Due to numerous services and diverse types of metrics, it is time-consuming and challenging to identify the root cause of anomaly in large-scale microservice architecture. To solve this issue, this article presents a multi-metric and self-adaptive root cause diagnosis framework, named MS-Rank. MS-Rank decomposes the task into four phases: impact graph construction, random walk diagnosis, result precision evaluation, metrics weight update. Initially, we introduce the concept of implicit metrics and propose a composite impact graph construction algorithm, using multiple types of metrics to discover causal relationships between services. Afterwards, we propose a diagnostic algorithm in which forward, selfward and backward transitions are designed to heuristically identify the root cause services. In addition, we establish a self-adaptive mechanism to update the confidence of different metrics dynamically according to their diagnostic precision. Lastly, we develop a prototype system and integrate MS-Rank into real production system - IBM Cloud. Experimental results show that MS-Rank has a high diagnostic precision and its performance outperforms several selected benchmarks. Through multiple rounds of diagnosis, MS-Rank can optimize itself effectively. MS-Rank can be rapidly deployed in various microservice-based systems and applications, requiring no predefined knowledge. MS-Rank also allows us to introduce expert experiences into its framework to improve the diagnostic efficiency and precision.

Chaoli Zhang,Zhiqiang Zhou,Yingying Zhang,Linxiao Yang,Kai He,Qingsong Wen,Liang Sun

DOI: https://doi.org/10.48550/arXiv.2202.11269

2022-03-07

Abstract:Localizing the root cause of network faults is crucial to network operation and maintenance. However, due to the complicated network architectures and wireless environments, as well as limited labeled data, accurately localizing the true root cause is challenging. In this paper, we propose a novel algorithm named NetRCA to deal with this problem. Firstly, we extract effective derived features from the original raw data by considering temporal, directional, attribution, and interaction characteristics. Secondly, we adopt multivariate time series similarity and label propagation to generate new training data from both labeled and unlabeled data to overcome the lack of labeled samples. Thirdly, we design an ensemble model which combines XGBoost, rule set learning, attribution model, and graph algorithm, to fully utilize all data information and enhance performance. Finally, experiments and analysis are conducted on the real-world dataset from ICASSP 2022 AIOps Challenge to demonstrate the superiority and effectiveness of our approach.

Machine Learning,Artificial Intelligence,Networking and Internet Architecture,Signal Processing

Srikanth Kandula,Ratul Mahajan,Patrick Verkaik,Sharad Agarwal,Jitendra Padhye,Paramvir Bahl

DOI: https://doi.org/10.1145/1592568.1592597

2009-01-01

Abstract:By studying trouble tickets from small enterprise networks, we conclude that their operators need detailed fault diagnosis. That is, the diagnostic system should be able to diagnose not only generic faults (e.g., performance-related) but also application specific faults (e.g., error codes). It should also identify culprits at a fine granularity such as a process or firewall configuration. We build a system, called NetMedic, that enables detailed diagnosis by harnessing the rich information exposed by modern operating systems and applications. It formulates detailed diagnosis as an inference problem that more faithfully captures the behaviors and interactions of fine-grained network components such as processes. The primary challenge in solving this problem is inferring when a component might be impacting another. Our solution is based on an intuitive technique that uses the joint behavior of two components in the past to estimate the likelihood of them impacting one another in the present. We find that our deployed prototype is effective at diagnosing faults that we inject in a live environment. The faulty component is correctly identified as the most likely culprit in 80% of the cases and is almost always in the list of top five culprits.

Mingjie Li,Zeyan Li,Kanglin Yin,Xiaohui Nie,Wenchi Zhang,Kaixin Sui,Dan Pei

DOI: https://doi.org/10.1145/3534678.3539041

2022-06-13

Abstract:Fault diagnosis is critical in many domains, as faults may lead to safety threats or economic losses. In the field of online service systems, operators rely on enormous monitoring data to detect and mitigate failures. Quickly recognizing a small set of root cause indicators for the underlying fault can save much time for failure mitigation. In this paper, we formulate the root cause analysis problem as a new causal inference task named intervention recognition. We proposed a novel unsupervised causal inference-based method named Causal Inference-based Root Cause Analysis (CIRCA). The core idea is a sufficient condition for a monitoring variable to be a root cause indicator, i.e., the change of probability distribution conditioned on the parents in the Causal Bayesian Network (CBN). Towards the application in online service systems, CIRCA constructs a graph among monitoring metrics based on the knowledge of system architecture and a set of causal assumptions. The simulation study illustrates the theoretical reliability of CIRCA. The performance on a real-world dataset further shows that CIRCA can improve the recall of the top-1 recommendation by 25% over the best baseline method.

Software Engineering,Artificial Intelligence

Li Liu,Ke Zhang,Linjun Liu,Le Zhang,Jun Zhang

DOI: https://doi.org/10.1109/CCISP55629.2022.9974518

2022-01-01

Abstract:Artificial intelligence (AI) has become an important means of network anomaly detection and fault root cause analysis (RCA), but most applications are only for a certain segment of the network. In the process of our research on the end-to-end experience analysis of mobile Internet services, we have summarized a set of network end-to-end root cause analysis methods, mainly using non-orthogonal random forest modeling method, AI-based dynamic threshold adjustment and indicator feature extraction, classification modeling and cross-validation of the poor quality of the entire network and the poor quality of the cells. This method has been verified in practice in the production network. The results of root cause analysis are consistent with the actual situation of the production network up to 96%. Practice has proved that this method has played a positive role in supporting the network operation, and greatly improved the production efficiency.

Yunfeng Zhao,Wenchi Zhang,Zhiliang Wang,Shize Zhang,Kaixin Sui,Enhuan Dong,Jiahai Yang

DOI: https://doi.org/10.1109/NOMS56928.2023.10154325

2023-01-01

Abstract:The failure of the online service system will seriously affect the user experience and bring huge economic losses. Therefore, the operators usually monitor service-level metrics and machine-level metrics to help quickly find failures, locate root-cause metrics, and reduce MTTR(mean time to repair). Many methods have emerged in recent years to automatically locate root-cause metrics. However, the existing methods cannot meet the requirements of efficiency, accuracy, and ease of deployment at the same time, and are difficult to use in practice. To overcome their limitations, we propose MetricMiner- a multi-stage location method for root-cause metrics in online service systems. Our approach is based on a key observation from numerous real-world cases: root-cause metrics tend to be unique in both the time dimension and the machine dimension. Therefore, we divide the root-cause metrics localization into three stages: first, quickly filter out normal metrics with limited historical data; second, obtain sufficient historical data to eliminate abnormal metrics; finally, according to the clustering of abnormal metrics between machines to sort and locate root-cause metrics. Experimental results on two real-world datasets with 194 cases show that our method can significantly outperform the state-of-the-art methods. Moreover, MetricMiner has been deployed to multiple banking services for more than six months, and we also shared some lessons learned from real deployment.

Tingting Wang, Guilin Qi, Tianxing Wu

2024-02-12

Abstract:Fault localization is challenging in online micro-service due to the wide variety of monitoring data volume, types, events and complex interdependencies in service and components. Faults events in services are propagative and can trigger a cascade of alerts in a short period of time. In the industry, fault localization is typically conducted manually by experienced personnel. This reliance on experience is unreliable and lacks automation. Different modules present information barriers during manual localization, making it difficult to quickly align during urgent faults. This inefficiency lags stability assurance to minimize fault detection and repair time. Though actionable methods aimed to automatic the process, the accuracy and efficiency are less than satisfactory. The precision of fault localization results is of paramount importance as it underpins engineers trust in the diagnostic conclusions, which are derived from multiple perspectives and offer comprehensive insights. Therefore, a more reliable method is required to automatically identify the associative relationships among fault events and propagation path. To achieve this, KGroot uses event knowledge and the correlation between events to perform root cause reasoning by integrating knowledge graphs and GCNs for RCA. FEKG is built based on historical data, an online graph is constructed in real-time when a failure event occurs, and the similarity between each knowledge graph and online graph is compared using GCNs to pinpoint the fault type through a ranking strategy. Comprehensive experiments demonstrate KGroot can locate the root cause with accuracy of 93.5% top 3 potential causes in second-level. This performance matches the level of real-time fault diagnosis in the industrial environment and significantly surpasses state-of-the-art baselines in RCA in terms of effectiveness and efficiency.

Artificial Intelligence

Dewei Liu,Chuan He,Xin Peng,Fan Lin,Chenxi Zhang,Shengfang Gong,Ziang Li,Jiayu Ou,Zheshun Wu

DOI: https://doi.org/10.48550/arXiv.2103.01782

2021-03-01

Abstract:Availability issues of industrial microservice systems (e.g., drop of successfully placed orders and processed transactions) directly affect the running of the business. These issues are usually caused by various types of service anomalies which propagate along service dependencies. Accurate and high-efficient root cause localization is thus a critical challenge for large-scale industrial microservice systems. Existing approaches use service dependency graph based analysis techniques to automatically locate root causes. However, these approaches are limited due to their inaccurate detection of service anomalies and inefficient traversing of service dependency graph. In this paper, we propose a high-efficient root cause localization approach for availability issues of microservice systems, called MicroHECL. Based on a dynamically constructed service call graph, MicroHECL analyzes possible anomaly propagation chains, and ranks candidate root causes based on correlation analysis. We combine machine learning and statistical methods and design customized models for the detection of different types of service anomalies (i.e., performance, reliability, traffic). To improve the efficiency, we adopt a pruning strategy to eliminate irrelevant service calls in anomaly propagation chain analysis. Experimental studies show that MicroHECL significantly outperforms two state-of-the-art baseline approaches in terms of both accuracy and efficiency. MicroHECL has been used in Alibaba and achieves a top-3 hit ratio of 68% with root cause localization time reduced from 30 minutes to 5 minutes.

Software Engineering

Yan Chen,Yao Zhao

2009-01-01

Abstract:The modern Internet is a large-scale distributed system composed of many complex, interoperating sub-networks. Network troubleshooting becomes a very broad, important and challenging problem in the current Internet. We studied the different problems in different diagnosis scenarios, involving different aspects on model, monitoring and diagnosis. Specifically, in this dissertation, we target and propose solutions in the following four concrete problems.First, we consider the monitor placement and path selection problem for active monitoring in the monitoring component. Targeting ISP VPN networks, our work is unique in taking the operational constraints into accounts. The operational constraints include the monitors' measurement ability ( e.g. throughput) and the link bandwidth allowed for measurement. Given these real-world challenges, we design a V Scope monitoring system with the following contributions. First, we design a greedy-assisted linear programming algorithm to select as few monitors as possible that can monitor the whole network under the operational constraints. Secondly, VScope takes a multi-round measurement approach which gives a smooth tradeoff between measurement frequency and monitors deployment/management cost. We propose three algorithms to schedule the path measurements in different rounds obeying the operational constraints. Finally, we design a continuous monitoring and diagnosis mechanism which selects the minimal extra paths to measure to identify the faulty links after the discovery of faulty paths. Second, in the diagnosis aspect, we propose a Least-biased End-to-end Network Diagnosis (in short, LEND) system for inferring link-level properties like loss rate. Unlike other statistics based inference approaches, LEND does not introduce any particular assumption except those in the linear algebraic model. We also found a surprisingly difference between the undirected graph and directed graph in link-level diagnosis and proposed corresponding solutions. We define a minimal identifiable link sequence (MILS) as a link sequence of minimal length whose properties can be uniquely identified from end-to-end measurements. We also design efficient algorithms to find all the MILSes and infer their loss rates for diagnosis. Our LEND system works for any network topology and for both directed and undirected properties, and incrementally adapts to network topology and property changes.Third, it is highly desirable and important for end users, with no special privileges, identify and pinpoint faults inside the network that degrade the performance of their applications. However, existing tools are inaccurate to infer the link-level loss rates and have large diagnosis granularity. We proposed a suite of simple loss rate diagnosis algorithms which only employ one or two ends of a target path. Basically, these algorithms probe the routers on the target path and infer the link-level loss rates based on the response. We propose a suite of user-level diagnosis approaches in two categories: (1) deployed only at the source and (2) deployed at both source and destination. For the former, we propose two fragmentation aided diagnosis approaches (FAD), Algebraic FAD and Opportunistic FAD, which uses IP fragmentation to enable accurate link-level loss rate inference. For the latter category, we propose Striped Probe Analysis (SPA) which significantly improves the diagnosis granularity over those of the source-only approaches.Finally, diagnosing fault and performance problems of large distributed system is an important and challenging problem. Previous research usually traces the requests and reconstructs the execution path, using either inaccurate black-box or intrusive white-box approaches. In this dissertation, we propose a novel semantics assisted gray-box diagnosing approach, Rake, which accurately reveals the execution path of each individualrequest from sniffed network traces. The core idea of Rake is to identify the polymorphic IDs in network messages and link the related messages together via the application semantics. To make Rake a universal tool for general applications, we design a simple Rake language to allow users to provide necessary semantics and hence reuse the core Rake linking component. We analyze, test and evaluate Rake on several popular distributed applications such as the web search system, distributed computing cluster, content provider networks, DNS and chat systems. The results show that Rake can be applied widely in distributed applications and is helpful in performance debugging. (Abstract shortened by UMI.)

Qingyang Yu,Changhua Pei,Bowen Hao,Mingjie Li,Zeyan Li,Shenglin Zhang,Xianglin Lu,Rui Wang,Jiaqi Li,Zhenyu Wu,Dan Pei

DOI: https://doi.org/10.1145/3543507.3583302

2023-01-01

Abstract:The availability of online services is vital as its strong relevance to revenue and user experience. To ensure online services’ availability, quickly localizing the root causes of system failures is crucial. Given the high resource consumption of traces, call metric data are widely used by existing approaches to construct call graphs in practice. However, ambiguous correspondences between upstream and downstream calls may exist and result in exploring unexpected edges in the constructed call graph. Conducting root cause localization on this graph may lead to misjudgments of real root causes. To the best of our knowledge, we are the first to investigate such ambiguity, which is overlooked in the existing literature. Inspired by the law of large numbers and the Markov properties of network traffic, we propose a regression-based method (named AmSitor) to address this problem effectively. Based on AmSitor, we propose an ambiguity-aware root cause localization approach based on Call Metric Data named CMDiagnostor, containing metric anomaly detection, ambiguity-free call graph construction, root cause exploration, and candidate root cause ranking modules. The comprehensive experimental evaluations conducted on real-world datasets show that our CMDiagnostor can outperform the state-of-the-art approaches by 14% on the top-5 hit rate. Moreover, AmSitor can also be applied to existing baseline approaches separately to improve their performances one step further. The source code is released at https://github.com/NetManAIOps/CMDiagnostor.

Zeyan Li,Chengyang Luo,Yiwei Zhao,Yongqian Sun,Kaixin Sui,Xiping Wang,Dapeng Liu,Xing Jin,Qi Wang,Dan Pei

DOI: https://doi.org/10.1109/issre.2019.00015

2019-01-01

Abstract:Operators of online software services periodically collect various measures with many attributes. When a measure becomes abnormal, indicating service problems such as reliability degrade, operators would like to rapidly and accurately localize the root cause attribute combinations within a huge multi-dimensional search space. Unfortunately, previous approaches are not generic or robust in that they all suffer from impractical root cause assumptions, handling only directly collected measures but not derived ones, handling only anomalies with signicant magnitudes but not those insignicant but important ones, requiring manual parameter ne-tuning, or being too slow. This paper proposes a generic and robust multi-dimensional root cause localization approach, Squeeze, that overcomes all above limitations, the first in the literature. Through our novel bottom-up then top-down searching strategy and the techniques based on our proposed generalized ripple effect and generalized potential score, Squeeze is able to reach a good trade off between search speed and accuracy in a generic and robust manner. Case studies in several banks and an Internet company show that Squeeze can localize root causes much more rapidly and accurately than the traditional manual analysis. Furthermore, our extensive experiments on semi-synthetic datasets show that the F1-score of Squeeze outperforms previous approaches by 0.4 on average, while its localization time is only about 10 seconds.

Shenglin Zhang,Jun Zhu,Bowen Hao,Yongqian Sun,Xiaohui Nie,Jingwen Zhu,Xilin Liu,Xiaoqian Li,Yuchi Ma,Dan Pei

DOI: https://doi.org/10.1145/3663529.3663833

2024-01-01

Abstract:Nowadays, the testing of large-scale microservices could produce an enormous number of test alarms daily. Manually diagnosing these alarms is time-consuming and laborious for the testers. Automatic fault diagnosis with fault classification and localization can help testers efficiently handle the increasing volume of failed test cases. However, the current methods for diagnosing test alarms struggle to deal with the complex and frequently updated microservices. In this paper, we introduce SynthoDiag, a novel fault diagnosis framework for test alarms in microservices through multi-source logs (execution logs, trace logs, and test case information) organized with a knowledge graph. An Entity Fault Association and Position Value (EFA-PV) algorithm is proposed to localize the fault-indicative log entries. Additionally, an efficient block-based differentiation approach is used to filter out fault-irrelevant entries in the test cases, significantly improving the overall performance of fault diagnosis. At last, SynthoDiag is systematically evaluated with a large-scale real-world dataset from a top-tier global cloud service provider, Huawei Cloud, which provides services for more than three million users. The results show the Micro-F1 and Macro-F1 scores improvement of SynthoDiag over baseline methods in fault classification are 21% and 30%, respectively, and its top-5 accuracy of fault localization is 81.9%, significantly surpassing the previous methods.

Maximilian Augustin,Yannic Neuhaus,Matthias Hein

2024-07-12

Abstract:While deep learning has led to huge progress in complex image classification tasks like ImageNet, unexpected failure modes, e.g. via spurious features, call into question how reliably these classifiers work in the wild. Furthermore, for safety-critical tasks the black-box nature of their decisions is problematic, and explanations or at least methods which make decisions plausible are needed urgently. In this paper, we address these problems by generating images that optimize a classifier-derived objective using a framework for guided image generation. We analyze the decisions of image classifiers by visual counterfactual explanations (VCEs), detection of systematic mistakes by analyzing images where classifiers maximally disagree, and visualization of neurons and spurious features. In this way, we validate existing observations, e.g. the shape bias of adversarially robust models, as well as novel failure modes, e.g. systematic errors of zero-shot CLIP classifiers. Moreover, our VCEs outperform previous work while being more versatile.

Computer Vision and Pattern Recognition,Artificial Intelligence,Machine Learning