基于检测域划分的虚拟机异常检测算法

doi:10.11772/j.issn.1001-9081.2016.04.1066

计算机应用 ›› 2016, Vol. 36 ›› Issue (4): 1066-1069.DOI: 10.11772/j.issn.1001-9081.2016.04.1066

基于检测域划分的虚拟机异常检测算法

吴天舒¹, 陈蜀宇², 张涵翠², 周真¹

1. 重庆大学计算机学院, 重庆 400044;
2. 重庆大学软件学院, 重庆 400044

收稿日期:2015-10-16 修回日期:2015-10-26 出版日期:2016-04-10 发布日期:2016-04-08
通讯作者: 陈蜀宇
作者简介:吴天舒(1989-),男,重庆人,博士研究生,主要研究方向:云计算、分布式计算、数据挖掘; 陈蜀宇(1963-),男,重庆人,教授,博士生导师,CCF会员,主要研究方向:分布式计算、操作系统、嵌入式系统; 张涵翠(1990-),女,浙江绍兴人,博士研究生,主要研究方向:流媒体控制、分布式计算、云计算; 周真(1983-),男,重庆人,博士,主要研究方向:虚拟化技术、云计算、故障诊断。
基金资助:
国家自然科学基金资助项目(61272399, 61572090)。

Virtual machine anomaly detection algorithm based on detection region dividing

WU Tianshu¹, CHEN Shuyu², ZHANG Hancui², ZHOU Zhen¹

1. College of Computer Science, Chongqing University, Chongqing 400044, China;
2. School of Software Engineering, Chongqing University, Chongqing 400044, China

Received:2015-10-16 Revised:2015-10-26 Online:2016-04-10 Published:2016-04-08
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61272399, 61572090).

摘要/Abstract

摘要： 虚拟机的正常运行是支撑云平台服务的重要条件,由于云平台下虚拟机存在数量规模大、运行环境随时间动态变化的特点,管理系统难以针对每个虚拟机进行训练数据采集以及统计模型的训练。为了提高在上述环境下异常检测系统的实时性和识别能力,提出基于改进k中心点聚类算法的检测域划分机制,在聚类迭代更新步骤上进行优化,以提升检测域划分的速度,并通过检测域策略的应用来提高虚拟机异常检测的效率和准确率。实验及分析表明,改进的聚类算法拥有更低的时间复杂度,采用检测域划分机制的检测方法在虚拟机异常检测中拥有更高的效率和准确率。

关键词: 异常检测, 云平台, 大规模虚拟机, k中心点, 检测域

Abstract: The stable operation of virtual machine is an important support of cloud service. Because of the tremendous amount of virtual machine and their changing status, it is hard for management system to train classifier for each virtual machine individually. In order to improve the performance of real-time performance and detection ability, a new dividing mechanism based on modified k-medoids clustering algorithm for dividing virtual machine detection region was proposed, the iterate process of clustering was optimized to improve the speed of dividing detection region, and the efficiency and accuracy of anomaly detection were enhanced consequently by using this proposed detecting region strategy. Experiments and analysis show that the modified clustering algorithm has lower time complixity, the detection method with dividing detection region performs better than the original algorithm in efficiency and accuracy.

Key words: anomaly detection, cloud platform, large scale virtual machine, k-medoids, detection region

中图分类号:

TP302.8

吴天舒, 陈蜀宇, 张涵翠, 周真. 基于检测域划分的虚拟机异常检测算法[J]. 计算机应用, 2016, 36(4): 1066-1069.

WU Tianshu, CHEN Shuyu, ZHANG Hancui, ZHOU Zhen. Virtual machine anomaly detection algorithm based on detection region dividing[J]. Journal of Computer Applications, 2016, 36(4): 1066-1069.

参考文献

[1] GOLDBERG R P. Survey of virtual machine research[J]. Computer, 1974, 7(9):34-45.
[2] VARUN C, ARINDAM B, VIPIN K. Anomaly detection:a survey[J]. ACM Computing Surveys, 2009, 41(3):14-35.
[3] PARK H, JUN C. A simple and fast algorithm for K-medoids clustering[J]. Expert Systems with Applications, 2009, 36(2):3336-3341.
[4] BIVENS A, PALAGIRI C, SMITH R, et al. Network-based intrusion detection using neural networks[C]//Proceedings of the 2002 Intelligent Engineering Systems Through Artificial Neural Networks. New York:ASME Press, 2002:579-584.
[5] JAIN A K, DUBES R C. Algorithms for Clustering Data[M]. Upper Saddle River:Prentice Hall, 1988:45-57.
[6] WANG C W, TALWAR V, SCHWAN K, et al. Online detection of utility cloud anomalies using metric distributions[C]//Proceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium. Piscataway, NJ:IEEE, 2010:96-103.
[7] XIONG N X, ATHANASIOS V V, WU J, et al. A self-tuning failure detection scheme for cloud computing service[C]//Proceedings of the 2012 IEEE 26th International Parallel and Distributed Processing Symposium. Piscataway, NJ:IEEE, 2012:668-679.
[8] 周真.云平台下运行环境感知的虚拟机异常检测策略及算法研究[D].重庆:重庆大学, 2015:14-50.(ZHOU Z. Research on anomaly detection strategy and algorithms aware of running environment for virtual machines in the cloud platform[D]. Chongqing:Chongqing University, 2015:14-50.)
[9] 刘俊, 陈蜀宇, 周真, 等.一种自适应的虚拟机异常检测算法[C]//第十六届全国容错计算学术会议. 上海:同济大学出版社, 2015:12-18.(LIU J, CHEN S, ZHOU Z, et al. A self-adaptability virtual machine abnormal detection algorithm[C]//Proceedings of the 16th Chinese Fault Tolerant Computing Conference. Shanghai:Tongji University Press, 2015:12-18.)
[10] PANNU H S, LIU J G, SONG F. A self-evolving anomaly detection framework for developing highly dependable utility clouds[C]//Proceedings of the 2012 IEEE Global Communications Conference. Piscataway, NJ:IEEE, 2012:1605-1610.
[11] WARRENDER C, FORREST S, PEARLMUTTER B. Detecting intrusions using system calls:alternate data models[C]//Proceedings of the 1999 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 1999:133-145.
[12] CHAWLA S, SUN P. Slom:a new measure for local spatial outliers[J]. Knowledge and Information Systems, 2006, 9(4):412-429.
[13] KOHONEN T. Self-Organizing Maps[M]. Berlin:Springer, 1997:24-47.

[1]	孟凡, 陈广, 王勇, 高阳, 高德群, 贾文龙. 基于多粒度时序结构表示的异常检测算法在储层含油性检测中应用[J]. 计算机应用, 2021, 41(8): 2453-2459.
[2]	胡天杰, 胡文军, 王士同. 分布熵惩罚的支持向量数据描述[J]. 计算机应用, 2021, 41(8): 2212-2218.
[3]	谢雨, 蒋瑜, 龙超奇. 基于随机子空间的扩展隔离林算法[J]. 计算机应用, 2021, 41(6): 1679-1685.
[4]	姚杰, 程春玲, 韩静, 刘峥. 云工作流中基于多任务时序卷积网络的异常检测方法[J]. 计算机应用, 2021, 41(6): 1701-1708.
[5]	李衍志, 范勇, 高琳. 基于形态流的石油钻井水流异常检测[J]. 计算机应用, 2021, 41(6): 1842-1848.
[6]	张晨曦, 唐曙, 唐珂. 迁移学习下的火箭发动机参数异常检测策略[J]. 计算机应用, 2020, 40(9): 2774-2780.
[7]	王磊. 改进粗糙集属性约简结合K-means聚类的网络入侵检测方法[J]. 计算机应用, 2020, 40(7): 1996-2002.
[8]	胡珉, 白雪, 徐伟, 吴秉键. 多维时间序列异常检测算法综述[J]. 计算机应用, 2020, 40(6): 1553-1564.
[9]	仇媛, 常相茂, 仇倩, 彭程, 苏善婷. 基于长短期记忆网络和滑动窗口的流数据异常检测方法[J]. 计算机应用, 2020, 40(5): 1335-1339.
[10]	霍纬纲, 王慧芳. 基于自编码器和隐马尔可夫模型的时间序列异常检测方法[J]. 计算机应用, 2020, 40(5): 1329-1334.
[11]	韩妍妍, 张齐, 闫晓璇, 刘培鹤, 徐鹏格. 基于区块链的电子文件流转设计与实现[J]. 计算机应用, 2020, 40(11): 3357-3365.
[12]	夏彬, 白宇轩, 殷俊杰. 基于生成对抗网络的系统日志级异常检测算法[J]. 计算机应用, 2020, 40(10): 2960-2966.
[13]	陶涛, 周喜, 马博, 赵凡. 基于双向LSTM的Seq2Seq模型在加油站时序数据异常检测中的应用[J]. 计算机应用, 2019, 39(3): 924-929.
[14]	王伟, 谢耀滨, 尹青. 针对不平衡数据的决策树改进方法[J]. 计算机应用, 2019, 39(3): 623-628.
[15]	刘子豪, 李凌, 叶枫. 基于SparkR的水文传感器数据的异常检测方法[J]. 计算机应用, 2019, 39(2): 436-440.

基于检测域划分的虚拟机异常检测算法

Virtual machine anomaly detection algorithm based on detection region dividing

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics