Anomaly Detection Model for Process Resource Usage in Hybrid System based on eBPF and Isolation Forest
Authors: 
Ziheng Zhang, Lijun ChenAuthors Info & Claims
Pages 1511 - 1517
Abstract
In the hybrid system, CPU-intensive processes, memory-intensive processes, and IO-intensive processes can consume a significant amount of system resources, potentially leading to system crashes in extreme cases. Therefore, it becomes crucial to detect anomalies in the resource usage of processes. This paper proposes a process resource usage anomaly detection model based on eBPF technology and the Isolation Forest algorithm. The model utilizes eBPF technology to extract process data, which provides finer granularity and greater accuracy compared to traditional tools. Subsequently, through comparative experiments, the important parameters of the Isolation Forest algorithm are adjusted to achieve the optimal precision and recall. Experimental results demonstrate that the anomaly detection model based on eBPF and Isolation Forest algorithm after parameter adjustment can more accurately and reliably detect anomalies in the resource usage of processes. This research has certain reference value in the field of anomaly detection of process resource usage in the hybrid system.
References
[1]
Xiong, X., Wang, L., Gao, W., Ren, R., Liu, K., Zheng, C., ... & Liang, Y. (2019). DCMIX: generating mixed workloads for the cloud data center. In Benchmarking, Measuring, and Optimizing: First BenchCouncil International Symposium, Bench 2018, Seattle, WA, USA, December 10-13, 2018, Revised Selected Papers 1 (pp. 105-117). Springer International Publishing.
[2]
Dang, X. C., Ma, J., & Hao, Z. J. (2011). Process behavior anomaly detection based on Improved-HMM. Computer Engineering and Design, 32(4), 1264-1267.
[3]
Zhang, B., Li, L., & Dong, S. (2019). Incremental detection method for malware based on improved SOINN algorithm. Journal of Network and Information Security, 5(6), 21-30.
[4]
Sylve, J., Case, A., Marziale, L., & Richard, G. G. (2012). Acquisition and analysis of volatile memory from android devices. Digital Investigation, 8(3-4), 175-184.
[5]
Goldshtein, S. (2016). The next linux superpower: Ebpf primer. USENIX Association: Dublin, Ireland.
[6]
Liu, F., Luo, B., & Niu, Y. (2017). Cost-effective service provisioning for hybrid cloud applications. Mobile Networks and Applications, 22, 153-160.
[7]
Hedam, N. (2021). eBPF-From a Programmer's Perspective. EasyChair, Tech. Rep.
[8]
Suo, K., Zhao, Y., Chen, W., & Rao, J. (2018, July). vnettracer: Efficient and programmable packet tracing in virtualized networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) (pp. 165-175). IEEE.
[9]
Chu, X., Ilyas, I. F., Krishnan, S., & Wang, J. (2016, June). Data cleaning: Overview and emerging challenges. In Proceedings of the 2016 international conference on management of data (pp. 2201-2206).
[10]
Bai, Y., Chen, L., & Zhang, F. (2022, September). Container Anomaly Detection System Based on Improved-iForest and eBPF. In Proceedings of the 2022 5th International Conference on Artificial Intelligence and Pattern Recognition (pp. 889-893).
[11]
Liu, F. T., Ting, K. M., & Zhou, Z. H. (2008, December). Isolation forest. In 2008 eighth ieee international conference on data mining (pp. 413-422). IEEE.
[12]
Liu, F. T., Ting, K. M., & Zhou, Z. H. (2012). Isolation-based anomaly detection. ACM Transactions on Knowledge Discovery from Data (TKDD), 6(1), 1-39.
Recommendations
Distribution Forest: An Anomaly Detection Method Based on Isolation Forest
Advanced Parallel Processing TechnologiesAbstractAnomaly detection refers to finding patterns in the data that do not meet expectations. Anomaly detection has a variety of application domains and scenarios, such as network intrusion detection, fraud detection and fault detection. This paper ...
Fuzzy Isolation Forest for Anomaly Detection
AbstractAnomaly detection is nowadays a key data mining task. Anomaly detection methods generally look for patterns of ”normal” profile and then identify data points that do not match that profile. One outstanding method, Isolation Forest, showed high ...
CADI: Contextual Anomaly Detection using an Isolation-Forest
SAC '24: Proceedings of the 39th ACM/SIGAPP Symposium on Applied ComputingReconstructing the data inner structure and identifying abnormal points are two major tasks in many data analysis processes. A step beyond the decomposition of a data set as inliers and outliers, that then may be interpreted as anomalies, is to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2023
1540 pages
ISBN:9798400707674
DOI:10.1145/3641584
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 14 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
AIPR 2023
AIPR 2023: 2023 6th International Conference on Artificial Intelligence and Pattern Recognition
September 22 - 24, 2023
Xiamen, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 19Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)4
Reflects downloads up to 19 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format