Haoyu Liu,Chongrong Fang,Yining Qi,Jian Bai,Shaozhe Wang,Xiong Xiao,Daxiang Kang,Biao Lyu,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/noms47738.2020.9110414

2020-01-01

Abstract:Core devices form the critical components of the cloud network and provide service to multiple tenants simultaneously. The anomalies that happened in core devices impact network availability of a large number of users, meanwhile, lead to the degradation of cloud providers' profits. However, direct monitoring of core devices needs to deploy massive heartbeat checking tools on numerous related components, which will be extremely laborious. In this paper, we deploy RAIN to reduce the number of devices that need to be detailed investigated for anomalies. The session traffic data among core devices and served virtual machines are utilized to conduct the analyzing. To guarantee near real-time monitoring, RAIN is designed as a two-step structure and incorporating four feature-based detection methods. RAIN has been deployed in Alibaba's production cloud network for over 6 months and is analyzing terabytes of traffic flow metrics per day.

Jianping Weng,Jessie Hui Wang,Jiahai Yang,Yang

DOI: https://doi.org/10.1109/tnet.2018.2843805

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:Anomalies of multitier services running in cloud platform can be caused by components of the same tenant or performance interference from other tenants. If the performance of a multitier service degrades, we need to find out the root causes precisely to recover the service as soon as possible. In this paper, we argue that cloud providers are in a better position than tenants to solve this problem, and the solution should be non-intrusive to tenants' services or applications. Based on these two considerations, we propose a solution for cloud providers to help tenants to localize root causes of any anomaly. We design a non-intrusive method to capture the dependency relationships of components, which improves the feasibility of root cause localization system. Our solution can find out root causes no matter they are in the same tenant as the anomaly or from other tenants. Our proposed two-step localization algorithm exploits measurement data of both application layer and underlay infrastructure and a random walk procedure to improve its accuracy. Our real-world experiments of a three-tier web application running in a small-scale cloud platform show a 38.9% improvement in mean average precision compared to current methods.

Yining Qi,Chongrong Fang,Haoyu Liu,Daxiang Kang,Biao Lyu,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1631/FITEE.2000153

IF: 2.526

2021-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Recently, cloud computing has become a vital part that supports people’s normal lives and production. However, accompanied by the increasing complexity of the cloud network, failures constantly keep coming up and cause huge economic losses. Thus, to guarantee the cloud network performance and prevent execrable effects caused by failures, cloud network diagnostics has become of great interest for cloud service providers. Due to the characteristics of cloud network (e.g., virtualization and multi-tenancy), transplanting traditional network diagnostic tools to the cloud network face several difficulties. Additionally, many existing tools cannot solve problems in the cloud network. In this paper, we summarize and classify the state-of-the-art technologies of cloud diagnostics which can be used in the production cloud network according to their features. Moreover, we analyze the differences between cloud network diagnostics and traditional network diagnostics based on the characteristics of the cloud network. Considering the operation requirements of the cloud network, we propose the points that should be cared about when designing a cloud network diagnostic tool. Also, we discuss the challenges that cloud network diagnostics will face in future development.

Shunmin Zhu,Jianyuan Lu,Biao Lyu,Tian Pan,Shize Zhang,Xiaoqing Sun,Chenhao Jia,Xin Cheng,Daxiang Kang,Yilong Lv,Fukun Yang,Xiaobo Xue,Xihui Yang,Zhiliang Wang,Jiahai Yang

DOI: https://doi.org/10.1109/tnet.2024.3381786

2024-01-01

Abstract:At present, public clouds have served millions of tenants. To provide reliable services, cloud vendors need to perceive health status of the cloud network by building a telemetry system to detect possible network failures. While telemetry systems for physical networks have been extensively studied, research on telemetry systems for virtual networks is still insufficient. Different from physical networks, we conclude that building a virtual network telemetry system faces new challenges of feasibility, efficiency, and effectiveness. Specifically, we need to 1) protect privacy of tenants and adapt to heterogeneous middleboxes at the data plane; 2) handle frequent virtual network topology updates and compress large-scale measurement paths for millions of tenants at the control plane; 3) analyze telemetry results to locate network failures at the analysis plane. To address these challenges, we present Zoonet, a proactive virtual network telemetry system for multi-tenant clouds. At the data plane, Zoonet uses host agent and arp-ping to protect tenants’ privacy and defines an elegant generalization of ping and traceroute, which can work on heterogeneous middleboxes. At the control plane, Zoonet conducts update batch processing and substantial probing path pruning to lessen the overhead. At the analysis plane, Zoonet reduces noises and aggregates alerts based on temporal and spatial correlation and conducts the hop-by-hop telemetry mode to locate failures. Zoonet has been deployed in Alibaba Cloud for over two years, covering tens of cloud regions, hundreds of thousands of servers. We become increasingly reliant on Zoonet as it reduces 86% of the personnel engaged in troubleshooting.

Ashkan Aghdai,Kang Xi,H. Jonathan Chao

DOI: https://doi.org/10.48550/arXiv.1906.06388

2019-06-15

Abstract:Data centers play a key role in today's Internet. Cloud applications are mainly hosted on multi-tenant warehouse-scale data centers. Anomalies pose a serious threat to data centers' operations. If not controlled properly, a simple anomaly can spread throughout the data center, resulting in a cascading failure. Amazon AWS had been affected by such incidents recently. Although some solutions are proposed to detect anomalies and prevent cascading failures, they mainly rely on application-specific metrics and case-based diagnosis to detect the anomalies. Given the variety of applications on a multi-tenant data center, proposed solutions are not capable of detecting anomalies in a timely manner. In this paper we design an application-agnostic anomaly detection scheme. More specifically, our design uses a highly distributed data mining scheme over network-level traffic metrics to detect anomalies. Once anomalies are detected, simple actions are taken to mitigate the damage. This ensures that errors are confined and prevents cascading failures before administrators intervene.

Networking and Internet Architecture

Ruopeng Geng,Chongrong Fang,Shiyang Guo,Daxiang Kang,Biao Lyu,Shunmin Zhu,Peng Cheng

DOI: https://doi.org/10.1109/tcc.2023.3257162

IF: 5.697

2023-01-01

IEEE Transactions on Cloud Computing

Abstract:For public cloud providers, it is of great significance to maintain the availability of their cloud services, which requires efficient anomaly diagnosis and recovery. To achieve such properties, the first step is to localize the anomalies, i.e., determining where they happen in the network path of cloud-client services. We propose FlowPinpoint to perform anomaly localization for cloud providers. FlowPinpoint collects statistics of each network flow at the cloud network gateways (i.e., gateway flowlog), where the collected data can reflect the information from both the cloud side and the Internet side. Aggregation and association are conducted on the datacenter-scale gateway flowlogs by Alibaba's big data computing platform. In order to preclude the disturbance of anomaly-unrelated flowlogs, a two-layer filter is proposed which consists of an indicator-based filter and an isolation forest filter. Finally, the anomaly localization analyzer classifies the flowlogs and determines whether the anomaly is inside the cloud network or not according to the classification results. FlowPinpoint is implemented and tested in the production environment of Alibaba Cloud, and it correctly localizes 1 anomaly inside the cloud and 6 anomalies on the Internet over 4 months.

computer science, information systems, theory & methods

Zhe Wang,Teng Ma,Linghe Kong,Zhenzao Wen,Jingxuan Li,Zhuo Song,Yang Lu,Yong Yang,Tao Ma,Guihai Chen,Wei Cao

2022-01-01

Abstract:Cloud services have recently undergone a major shift from monolithic designs to microservices running on the cloud-native infrastructure, where monitoring systems are widely deployed to ensure the service level agreement (SLA). Nevertheless, the traditional monitoring system no longer fulfills the demands of cloud-native monitoring, which is observed from the practical experience in Alibaba cloud. Specifically, the monitor occupies resources (e.g., CPU) of the monitored infrastructure, disturbing services running on it. For example, enabling monitor causes jitters/declines of online services in Alibaba's "double eleven" shopping festival with high loads. On the other hand, the quality of service (QoS) of monitoring itself, which is vital to track and ensure SLA, is not guaranteed with the high loaded system. In this paper, we design and implement a novel monitoring system, named ZERO, for cloud-native monitoring. First, ZERO achieves zero overhead to collect raw metrics from the monitored hosts using one-sided remote direct memory access (RDMA) operations, thus avoiding any interferences to cloud services. Second, ZERO adopts receiver-driven model to collect monitoring metrics with high QoS, where credit-based flow control and hybrid I/O model are proposed to mitigate network congestion/interference and CPU bottlenecks. ZERO has been deployed and evaluated in Alibaba cloud. Deployment results show that ZERO achieves no CPU occupation at the monitored host and supports 1 similar to 10k hosts with 0.1 similar to 1s sampling interval using single thread for network I/O.

Kaicheng Yang,Yuanpeng Li,Sheng Long,Tong Yang,Ruijie Miao,Yikai Zhao,Chaoyang Ji,Penghui Mi,Guodong Yang,Qiong Xie,Hao Wang,Yinhua Wang,Bo Deng,Zhiqiang Liao,Chengqiang Huang,Yongqiang Yang,Xiang Huang,Wei Sun,Xiaoping Zhu

2023-01-01

Abstract:Network faults occur frequently in the Internet. From the perspective of cloud service providers, network faults can be classified into three categories: cloud faults, client faults, and middle faults. This paper mainly focuses on middle faults. To minimize the harm of middle faults, we build a fully automatic system in Huawei Cloud, namely AAsclepius, which consists of a monitoring subsystem, a diagnosing subsystem, and a detouring subsystem. Through the collaboration of the three subsystems, AAsclepius monitors network faults, diagnoses network faults, and detours the traffic to circumvent middle faults at the Internet peering edge. The key innovation of AAsclepius is to identify the fault direction with a novel technique, namely PathDebugging. AAsclepius has been running for two years stable, protecting Huawei Cloud from major accidents in 2021 and 2022. Our evaluation on three major points of presence in December 2021 shows that AAsclepius can efficiently and safely detour the traffic to circumvent outbound faults within a few minutes.

Chongrong Fang,Haoyu Liu,Mao Miao,Jie Ye,Lei Wang,Wansheng Zhang,Daxiang Kang,Biao Lyu,Shunmin Zhu,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tnet.2021.3137557

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Persistent packet loss in the cloud-scale overlay network severely compromises tenant experiences. Cloud providers are keen to diagnose such problems efficiently. However, existing work is either designed for the physical network or insufficient to present the concrete reason of packet loss. We propose to record and analyze the on-site forwarding condition of packets during packet-level tracing. The cloud-scale overlay network presents great challenges to achieve this goal with its high network complexity, multi-tenant nature, and diversity of root causes. To address these challenges, we present VTrace, an automatic diagnostic system for persistent packet loss over the cloud-scale overlay network. Utilizing the ''fast path-slow path'' structure of virtual forwarding devices (VFDs), e.g., vSwitches, VTrace installs several ''coloring-matching-logging'' rules in VFDs to selectively track the target packets and inspect them in depth. The detailed forwarding situation at each hop is logged and then assembled to perform analysis with an efficient path reconstruction scheme. Experiments are conducted to demonstrate VTrace's low overhead and quick response. Besides, based on the idea ''coloring-matching-counting'', VTrace can be easily extended to VTrace-stats to identify the culprit device for transient packet loss. We share experiences of how VTrace and VTrace-stats efficiently work after deploying them in Alibaba Cloud for years.

Ameen Alkasem,Hongwei Liu,Decheng Zuo

DOI: https://doi.org/10.1145/3034950.3034967

2017-01-01

Abstract:Diagnosis and self-healing anomalies are an important as pectin the operations for data centers and for computing in utility clouds. Data centers which offer greater size along with heterogeneous and complex applications, software and workload systems such as anomaly/fault detection require automatic operation with runtime self-healing. Moreover, they must do so without requirement of having previous knowledge regarding normal and/or anomalous performance. Diagnosis must function for levels of different abstraction such as hardware and software, along with multiple time-series metrics for the use in environments like cloud computing. By classifying and analyzing metrics that are qualitative can offer new methods for anomaly and fault diagnosis for their distribution instead of simply providing individual metric thresholds. Categorical counterparts (binning) and normal distribution are used as a measurement that captures the extent of the distributions for concentration or dispersion so that raw metric data can be gathered across the cloud stack to create a time-series for entropy (e.g. symptoms).These symptoms can be organized hierarchically and across many cloud-ecosystems to increase scalability. These symptoms can also address the uncertainty in anomaly data. This contribution is possible since the multi-value decision diagram (MDD) for the structure of Multiple-Valued Logic (MVL) is shown to be highly efficient in terms of rapid analytical performance and is adapted to integrate the effects of measurements for multiple values. Naive Bayes Classifier (NBC) with an influence diagram (ID) are used to create time-series diagnosis technique to categorize and detect anomalies/faults during runtime to approximate the influence of each self-healing system component as to systems functioning and reliability. For the utility cloud service scenarios, the results of experiment show the viability of the presented approach. With an average of 0.89% improvement in the accuracy of anomaly diagnosis on threshold methods and an average improvement of 0.04% for false alarm rates with the near-optimum threshold method the presented approach outperforms other methods.

Daniel Sun,Min Fu,Liming Zhu,Guoqiang Li,Qinghua Lu

DOI: https://doi.org/10.1109/tetc.2016.2520883

2016-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Public clouds are a style of computing platforms, where scalable and elastic Information Technology-enabled capabilities are provided as a service to external customers using Internet technologies. Using public cloud services can reduce costs and increase the choices of technologies, but it also implies limited system information for users. Thus, anomaly detection at user end has to be non-intrusive and hence difficult, particularly during DevOps operations because the impacts from both anomalies and these operations are often indistinguishable, and hence, it is hard to detect the anomalies. In this paper, our work is specific to a successful public cloud, Amazon Web Service, and a representative DevOps operation, rolling upgrade, on which we report our anomaly detection that can effectively detect anomalies. Our anomaly detection requires only metrics data and logs supplied by most public clouds officially. We use support vector machine to train multiple classifiers from monitored data for different system environments, on which the log information can indicate the best suitable classifier. Moreover, our detection aims at finding anomalies over every time interval, called window, such that the features include not only some indicative performance metrics but also the entropy and the moving average of metrics data in each window. Our experimental evaluation systematically demonstrates the effectiveness of our approach.

Chengkun Wei,Xing Li,Ye Yang,Xiaochong Jiang,Tianyu Xu,Bowen Yang,Taotao Wu,Chao Xu,Yilong Lv,Haifeng Gao,Zhentao Zhang,Zikang Chen,Zeke Wang,Zihui Zhang,Shunmin Zhu,Wenzhi Chen

DOI: https://doi.org/10.1145/3603269.3604859

2023-01-01

Abstract:Cloud computing has witnessed tremendous growth, prompting enterprises to migrate to the cloud for reliable and on-demand computing. Within a single Virtual Private Cloud (VPC), the number of instances (such as VMs, bare metals, and containers) has reached millions, posing challenges related to supporting millions of instances with network location decoupling from the underlying hardware, high elastic performance, and high reliability. However, academic studies have primarily focused on specific issues like high-speed data plane and virtualized routing infrastructure, while existing industrial network technologies fail to adequately address these challenges. In this paper, we report on the design and experience of Achelous , Alibaba Cloud's network virtualization platform. Achelous consists of three key designs to enhance hyperscale VPC: ( i ) a novel hierarchical programming architecture based on the collaborative design of both data plane and control plane; ( ii ) elastic performance strategy and distributed ECMP schemes for seamless scale-up and scale-out, respectively; ( iii ) health check scheme and transparent VM live migration mechanisms that ensure stateful flow continuity during the failover. The evaluation results demonstrate that, Achelous scales to over 1, 500, 000 of VMs with elastic network capacity in a single VPC, and reduces 25× programming time, with 99% updating can be completed within 1 second. For failover, it condenses 22.5× downtime during VM live migration, and ensures 99.99% of applications do not experience stall. More importantly, the experience from three years of operation proves the Achelous 's serviceability, and versatility independent of any specific hardware platforms.

Zhuo Song,Jiejian Wu,Teng Ma,Zhe Wang,Linghe Kong,Zhenzao Wen,Jingxuan Li,Yang Lu,Yong Yang,Tao Ma,Zheng Liu,Guihai Chen

DOI: https://doi.org/10.1109/tnet.2024.3394514

2024-08-25

IEEE/ACM Transactions on Networking

Abstract:Cloud services have shifted from monolithic designs to microservices running on cloud-native infrastructure with monitoring systems to ensure service level agreements (SLAs). However, traditional monitoring systems no longer meet the demands of cloud-native monitoring. In Alibaba's "double eleven" shopping festival, it is observed that the monitor occupies resources of the monitored infrastructure and even disrupts services. In this paper, we propose a novel monitoring system named Zero+ for cloud-native monitoring. Zero+ achieves zero overhead in collecting raw metrics using one-sided remote direct memory access (RDMA) and remedies network congestion by adopting a receiver-driven flow control scheme. Zero+ also features a priority queue mechanism to meet different quality of service requirements and an efficient batch processing design to relieve CPU occupation. Zero+ has been deployed and evaluated in four different clusters with heterogeneous RDMA NIC devices and architectures in Alibaba Cloud. Results show that Zero+ achieves no CPU occupation at the monitored host and supports hosts with sampling interval using a single thread for network I/O. Zero+ significantly relieves the incast issue and maintains of bandwidth utilization in several clusters when monitoring hosts. Zero+ also ensures services with high priority accomplish collecting metrics earlier than low priority ones by at least when monitoring hosts.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jia-Qi Wei,Qian-Li Zhang,Xing Li

DOI: https://doi.org/10.1109/iccwamtip.2016.8079795

2016-01-01

Abstract:With the increasing scale and complexity of the network, how to maintain a level of network performance and robustness for network operators to satisfy customers becomes more and more challenging. Network anomaly detection and localization are critical for ensuring network performance. In this paper, a novel framework for detecting and localizing network anomalies using active measurements is presented. The framework is composed of three steps: the first step is to detect network anomalies on network path under monitoring, the second step is to cluster destination IPs on the monitored path using unsupervised learning methods, the last step is to localize network anomalies that induce anomalous network performance and behaviors. The last step is designed to reveal the possible cause for each IP set clustered in the second step and localize root cause at every moment by analyzing the inclusion relation between detected anomalous destination IPs and clustered IP sets. The efficacy of the framework to diagnose network anomalies is demonstrated by several real-world cases, which have been recorded in three years of network monitoring experience.

Zhengong Cai,Wei Li,Wanyi Zhu,Lu Liu,Bowei Yang

DOI: https://doi.org/10.1109/access.2019.2944456

IF: 3.9

2019-01-01

IEEE Access

Abstract:Root-cause analysis (RCA) for service performance degradation can be a challenging exercise given the increasingly complex, inter-related, distributed infrastructure environment in today's enterprises. Many approaches have been applied into enterprise datacenters to improve the maintenance efficiency. A novel graph-level RCA approach is introduced in this paper, including tracing, weighted graph matching and suspicion ranking. The approach is developed based on performance profiling, tracing, and logging systems in Alibaba datacenters to speed up the real-time root-cause diagnosis. Our system allows the discovery of normative patterns and the corresponding key graph properties, which are stored and updated offline as a knowledge base for subsequently being used in trace-level risk estimation and identification of transitions that are unexpected deviations from the normative patterns. Through testing in production, we show the effectiveness of applying the graph-level RCA to discover the origins of problems and generate real-time operational support. It greatly decreases the workload for locating the root-cause of the anomaly.

Minhui Ke,Qingsong Wen,L. Fan,Huajie Qian,Liang Sun,Leili Xu,Yingying Zhang,Zhengxiong Guan,Junwei Jiang,Hengbo Liu

DOI: https://doi.org/10.1145/3459637.3481903

2021-10-26

Abstract:As business of Alibaba expands across the world among various industries, higher standards are imposed on the service quality and reliability of big data cloud computing platforms which constitute the infrastructure of Alibaba Cloud. However, root cause analysis in these platforms is non-trivial due to the complicated system architecture. In this paper, we propose a root cause analysis framework called CloudRCA which makes use of heterogeneous multi-source data including Key Performance Indicators (KPIs), logs, as well as topology, and extracts important features via state-of-the-art anomaly detection and log analysis techniques. The engineered features are then utilized in a Knowledge-informed Hierarchical Bayesian Network (KHBN) model to infer root causes with high accuracy and efficiency. Ablation study and comprehensive experimental comparisons demonstrate that, compared to existing frameworks, CloudRCA 1) consistently outperforms existing approaches in f1-score across different cloud systems; 2) can handle novel types of root causes thanks to the hierarchical structure of KHBN; 3) performs more robustly with respect to algorithmic configurations; and 4) scales more favorably in the data and feature sizes. Experiments also show that a cross-platform transfer learning mechanism can be adopted to further improve the accuracy by more than 10%. CloudRCA has been integrated into the diagnosis system of Alibaba Cloud and employed in three typical cloud computing platforms including MaxCompute, Realtime Compute and Hologres. It saves Site Reliability Engineers (SREs) more than 20% in the time spent on resolving failures in the past twelve months and improves service reliability significantly.

Engineering,Computer Science

Shize Zhang,Yunfeng Zhao,Jianyuan Lu,Shuai Yang,Biao Lyu,Shunmin Zhu,Enhuan Dong,Zhiliang Wang,Jiahai Yang

DOI: https://doi.org/10.1109/issre52982.2021.00046

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Due to the sharing nature of public cloud, most of the cloud services use a sharing bandwidth package (sBwp) model to conduct inbound/outbound communication. The sBwp model allows users to purchase a sharing bandwidth for plenty of virtual machines instead of purchasing bandwidth for each virtual machine separately. The advantage of sBwp is that it can provide users with convenient configuration and lower economic cost. However, the sBwp model brings new challenges for operators to localize the root cause of traffic anomalies of a sharing bandwidth, especially for a globally distributed large-scale public cloud with millions of users. In this paper, we first formalize the sBwp problem on the cloud and propose CloudPin, a root cause localization framework for this problem. Our framework solves all the challenges by employing a multi-dimensional algorithm with three sub-models of prediction deviation, anomaly ampli-tude, and shape similarity, and an overall ranking algorithm. Evaluations on real-world data, from one of the world-renowned public cloud vendors, show that our algorithm precision reaches 97.8% for the top 1 of the ranking list, outperforming multiple baseline algorithms.

Ke Xu,Yun Wang,Leni Yang,Yifang Wang,Bo Qiao,Si Qin,Yong Xu,Haidong Zhang,Huamin Qu

DOI: https://doi.org/10.1109/tvcg.2019.2934613

IF: 5.2

2019-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Detecting and analyzing potential anomalous performances in cloud computing systems is essential for avoiding losses to customers and ensuring the efficient operation of the systems. To this end, a variety of automated techniques have been developed to identify anomalies in cloud computing. These techniques are usually adopted to track the performance metrics of the system (e.g., CPU, memory, and disk I/O), represented by a multivariate time series. However, given the complex characteristics of cloud computing data, the effectiveness of these automated methods is affected. Thus, substantial human judgment on the automated analysis results is required for anomaly interpretation. In this paper, we present a unified visual analytics system named CloudDet to interactively detect, inspect, and diagnose anomalies in cloud computing systems. A novel unsupervised anomaly detection algorithm is developed to identify anomalies based on the specific temporal patterns of the given metrics data (e.g., the periodic pattern). Rich visualization and interaction designs are used to help understand the anomalies in the spatial and temporal context. We demonstrate the effectiveness of CloudDet through a quantitative evaluation, two case studies with real-world data, and interviews with domain experts.

Guoping Rong,Hao Wang,Shenghui Gu,Yangchen Xu,Jialin Sun,Dong Shao,He Zhang

DOI: https://doi.org/10.1109/tdsc.2022.3181143

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Continuity and steadiness are vital for services with massive users, which requires the anomalies of services should be detected and resolved in a timely manner. Our previous work proposed a tool, namely ImpAPTr (Impact Analysis based on Pruning Tree), to identify the combination of multiple dimensional attributes as the clues leading to the root cause of service anomalies. However, ImpAPTr applies a threshold driven strategy, i.e. it needs to be triggered by a ≥ drop of the success rate of the service calls (abbr. SRSC), which may face problems in an atypical yet pervasive situation in field application. For example, the combination of trivial anomalies (i.e. each causes a drop less than 0.05% to SRSC) can lead to a far more than 0.05% drop on SRSC. Besides, a suitable threshold is usually hard to be determined, etc. To address these problems, we propose a new method, namely ImpAPTr+ in this paper to free the constraint of the 0.05% threshold. The basic idea is to involve time dimension and identify clues across multiple time intervals of data. We performed evaluation on three typical methods (i.e. ImpAPTr+, R-Adtributor and Squeeze) with both production environment dataset and simulation dataset. The former dataset is directly retrieved from the service monitoring data in Meituan, one of the largest on-line service providers worldwide. The latter dataset is fabricated also using the monitoring data from the same company. The results indicate: (1) ImpAPTr+ outperforms previous approaches to a large degree in terms of accuracy. (2) Both ImpAPTr+ and R-Adtributor are able to find proper clues within seconds. (3) ImpAPTr+ tends to find proper clues with shorter time intervals (i.e. less data), which implies that the method is more suitable for near real-time monitoring scenarios.

computer science, information systems, software engineering, hardware & architecture

Ameen Alkasem,Hongwei Liu,Decheng Zuo

DOI: https://doi.org/10.1145/3034950.3034967

2017-01-01

Abstract:Diagnosis and self-healing anomalies are an important as pectin the operations for data centers and for computing in utility clouds. Data centers which offer greater size along with heterogeneous and complex applications, software and workload systems such as anomaly/fault detection require automatic operation with runtime self-healing. Moreover, they must do so without requirement of having previous knowledge regarding normal and/or anomalous performance. Diagnosis must function for levels of different abstraction such as hardware and software, along with multiple time-series metrics for the use in environments like cloud computing. By classifying and analyzing metrics that are qualitative can offer new methods for anomaly and fault diagnosis for their distribution instead of simply providing individual metric thresholds. Categorical counterparts (binning) and normal distribution are used as a measurement that captures the extent of the distributions for concentration or dispersion so that raw metric data can be gathered across the cloud stack to create a time-series for entropy (e.g. symptoms).These symptoms can be organized hierarchically and across many cloud-ecosystems to increase scalability. These symptoms can also address the uncertainty in anomaly data. This contribution is possible since the multi-value decision diagram (MDD) for the structure of Multiple-Valued Logic (MVL) is shown to be highly efficient in terms of rapid analytical performance and is adapted to integrate the effects of measurements for multiple values. Naive Bayes Classifier (NBC) with an influence diagram (ID) are used to create time-series diagnosis technique to categorize and detect anomalies/faults during runtime to approximate the influence of each self-healing system component as to systems functioning and reliability. For the utility cloud service scenarios, the results of experiment show the viability of the presented approach. With an average of 0.89% improvement in the accuracy of anomaly diagnosis on threshold methods and an average improvement of 0.04% for false alarm rates with the near-optimum threshold method the presented approach outperforms other methods.