Nothing Special   »   [go: up one dir, main page]

skip to main content
research-article

Ranking Metric Anomaly in Invariant Networks

Published: 01 June 2014 Publication History

Abstract

The management of large-scale distributed information systems relies on the effective use and modeling of monitoring data collected at various points in the distributed information systems. A traditional approach to model monitoring data is to discover invariant relationships among the monitoring data. Indeed, we can discover all invariant relationships among all pairs of monitoring data and generate invariant networks, where a node is a monitoring data source (metric) and a link indicates an invariant relationship between two monitoring data. Such an invariant network representation can help system experts to localize and diagnose the system faults by examining those broken invariant relationships and their related metrics, since system faults usually propagate among the monitoring data and eventually lead to some broken invariant relationships. However, at one time, there are usually a lot of broken links (invariant relationships) within an invariant network. Without proper guidance, it is difficult for system experts to manually inspect this large number of broken links. To this end, in this article, we propose the problem of ranking metrics according to the anomaly levels for a given invariant network, while this is a nontrivial task due to the uncertainties and the complex nature of invariant networks. Specifically, we propose two types of algorithms for ranking metric anomaly by link analysis in invariant networks. Along this line, we first define two measurements to quantify the anomaly level of each metric, and introduce the mRank algorithm. Also, we provide a weighted score mechanism and develop the gRank algorithm, which involves an iterative process to obtain a score to measure the anomaly levels. In addition, some extended algorithms based on mRank and gRank algorithms are developed by taking into account the probability of being broken as well as noisy links. Finally, we validate all the proposed algorithms on a large number of real-world and synthetic data sets to illustrate the effectiveness and efficiency of different algorithms.

References

[1]
L. Akoglu, M. Mcglohon, and C. Faloutsos. 2009. Anomaly detection in large graphs. In CMU-CS-09-173 Technical Report.
[2]
S. Brin and L. Page. 1998. The anatomy of a large-scale hypertextual web search engine. Computer Networks and ISDN Systems 30, 1--7.
[3]
H. Chen, H. Cheng, G. Jiang, and K. Yoshihira. 2008. Exploiting local and global invariants for the management of large scale information systems. In Poceedings of the 8th IEEE International Conference on Data Mining. 113--122.
[4]
H. Chen, G. Jiang, and K. Yoshihira. 2010. Invariants based failure diagnosis in distributed computing systems. In Proceedings of the 29th IEEE International Symposium on Reliable Distributed Systems. 160--166.
[5]
W. Eberle, L. Holder, and D. Cook. 2009. Identifying threats using graph-based anomaly detection. Machine Learning in Cyber Trust 2, 73--108.
[6]
W. Eberle, L. Holder, and B. Massengill. 2012. Graph-based anomaly detection applied to homeland security cargo screening. In Proceedings of the 25th International Florida Artificial Intelligence Research Society Conference. 382--387.
[7]
W. Eberle and L. B. Holder. 2009. Applying graph-based anomaly detection approaches to the discovery of insider threats. In Proceedings of IEEE Intelligence and Security Informatics. 206--208.
[8]
J. Gertler. 1998. Fault Detection and Diagnosis in Engineering Systems. Marcel Dekker.
[9]
S. Ghanbari and C. Amza. 2002. Semantic-driven model composition for accurate anomaly diagnosis. In Proceedings of the 24th International Conference on Software Engineering. 291--301.
[10]
S. Hangal and M. S. Lam. 2008. Tracking down software bugs using automatic anomaly detection. In Proceedings of the International Conference on Autonomic Computing. 35--44.
[11]
K. Inoue, R. Yokomori, H. Fujiwara, T. Yamamoto, M. Matsushita, and S. Kusumoto. 2003. Component rank: Relative significance rank for software component search. In Proceedings of the 25th International Conference on Software Engineering. 14--24.
[12]
R. Isermannn and P. Balle. 1997. Trends in the application of model-based fault detection and diagnosis of industrial process. Control Engineering Practice 5, 5, 709--719.
[13]
K. Jarvelin and J. Kekalainen. 2002. Cumulated gain-based evaluation of ir techniques. ACM Transactions on Information Systems 20, 4, 422--446.
[14]
G. Jiang, H. Chen, and K. Yoshihira. 2006a. Discovering likely invariants of distributed transaction systems for autonomic system management. In Proceedings of the 3rd International Conference on Autonomic Computing. 199--208.
[15]
G. Jiang, H. Chen, and K. Yoshihira. 2006b. Modeling and tracking of transaction flow dynamics for fault detection in complex systems. IEEE Transactions on Dependable and Secure Computing 3, 4, 312--326.
[16]
G. Jiang, H. Chen, and K. Yoshihira. 2007. Efficient and scalable algorithms for inferring likely invariants in distributed systems. Transactions on Knowledge and Data Engineering 19, 11, 1508--1523.
[17]
M. Jiang, M. A. Munawar, T. Reidemeister, and P. A. S. Ward. 2008. Detection and diagnosis of recurrent faults in software systems by invariant analysis. In Proceedings of the 11th IEEE High Assurance Systems Engineering Symposium. 323--332.
[18]
M. Jiang, M. A. Munawar, T. Reidemeister, and P. A. S. Ward. 2009. System monitoring with metric-correlation models: problems and solutions. In Proceedings of the International Conference on Autonomic Computing. 13--22.
[19]
M. Jiang, M. A. Munawar, T. Reidemeister, and P. A. S. Ward. 2011. Efficient fault detection and diagnosis in complex software systems with information-theoretic monitoring. IEEE Transactions on Dependable and Secure Computing 8, 4, 510--522.
[20]
D. Q. Le, T. Jeong, H. E. Roman, and J. W.-K. Hong. 2011. Traffic dispersion graph based anomaly detection. In Proceedings of the 2nd Symposium on Information and Communication Technology. 36--41.
[21]
C. Liu, X. Yan, H. Yu, J. Han, and P. S. Yu. 2005. Mining behavior graphs for backtrace of noncrashing bugs. In Proceedings of SIAM International Conference on Data Ming. 286--297.
[22]
L. Ljung. 1998. System Identification: Theory for the User, 2nd ed. Prentice Hall PTR.
[23]
H. D. K. Moonesinghe and P.-N. Tan. 2008. Outrank: a graph-based outlier detection framework using random walk. International Journal on Artificial Intelligence Tools 17, 1, 19--36.
[24]
C. C. Noble and D. J. Cook. 2003. Graph-based anomaly detection. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 631--636.
[25]
H. Shan, G. Jiang, and K. Yoshihira. 2010. Extracting overlay invariants of distributed systems for autonomic system management. In Proceedings of the 4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems. 41--50.
[26]
H. Valizadegan, R. Jin, R. Zhang, and J. Mao. 2009. Learning to rank by optimizing n measure. In Proceedings of the 23rd Annual Conference on Neural Information Processing Systems.
[27]
S. Wei, Y. Zhao, Z. Zhu, and N. Liu. 2010. Multimodal fusion for video search reranking. Transactions on Knowledge and Data Engineering 22, 8, 1191--1199.
[28]
S. A. Yemini, S. Kliger, E. Mozes, Y. Yemini, and D. Ohsie. 1996. High speed and robust event correlation. IEEE Communications Magazine 34, 5, 82--90.

Cited By

View all
  • (2024)Explicit Representation and Customized Fault Isolation Framework for Learning Temporal and Spatial Dependencies in Industrial ProcessesIEEE Transactions on Neural Networks and Learning Systems10.1109/TNNLS.2023.326227735:3(2997-3011)Online publication date: Mar-2024
  • (2024)An axiomatic fuzzy set theory-based fault diagnosis approach for rolling bearingsEngineering Applications of Artificial Intelligence10.1016/j.engappai.2024.108995137:PAOnline publication date: 1-Nov-2024
  • (2024)Industrial Causal Inference and Root Cause Diagnosis: From Structure Inference to Root Cause IdentificationReference Module in Materials Science and Materials Engineering10.1016/B978-0-443-14081-5.00036-2Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Ranking Metric Anomaly in Invariant Networks

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Transactions on Knowledge Discovery from Data
      ACM Transactions on Knowledge Discovery from Data  Volume 8, Issue 2
      June 2014
      161 pages
      ISSN:1556-4681
      EISSN:1556-472X
      DOI:10.1145/2630935
      Issue’s Table of Contents
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 June 2014
      Accepted: 01 June 2013
      Revised: 01 May 2013
      Received: 01 February 2012
      Published in TKDD Volume 8, Issue 2

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Metric anomaly ranking
      2. invariant networks
      3. link analysis

      Qualifiers

      • Research-article
      • Research
      • Refereed

      Funding Sources

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)17
      • Downloads (Last 6 weeks)3
      Reflects downloads up to 18 Nov 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Explicit Representation and Customized Fault Isolation Framework for Learning Temporal and Spatial Dependencies in Industrial ProcessesIEEE Transactions on Neural Networks and Learning Systems10.1109/TNNLS.2023.326227735:3(2997-3011)Online publication date: Mar-2024
      • (2024)An axiomatic fuzzy set theory-based fault diagnosis approach for rolling bearingsEngineering Applications of Artificial Intelligence10.1016/j.engappai.2024.108995137:PAOnline publication date: 1-Nov-2024
      • (2024)Industrial Causal Inference and Root Cause Diagnosis: From Structure Inference to Root Cause IdentificationReference Module in Materials Science and Materials Engineering10.1016/B978-0-443-14081-5.00036-2Online publication date: 2024
      • (2022)An Approach of Automated Anomalous Microservice Ranking in Cloud-Native EnvironmentsInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402140016731:11n12(1661-1681)Online publication date: 24-Jan-2022
      • (2022)Sparse and Time-Varying Predictive Relation Extraction for Root Cause Quantification of Nonstationary Process FaultsIEEE Transactions on Instrumentation and Measurement10.1109/TIM.2022.320973171(1-13)Online publication date: 2022
      • (2022)ServiceRank: Root Cause Identification of Anomaly in Large-Scale Microservice ArchitecturesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.308367119:5(3087-3100)Online publication date: 1-Sep-2022
      • (2021)Parallel Temporal and Spatial Modeling for Interpretable Fault Detection and Isolation of Industrial Processes2021 8th International Conference on Information, Cybernetics, and Computational Social Systems (ICCSS)10.1109/ICCSS53909.2021.9721998(177-182)Online publication date: 10-Dec-2021
      • (2018)FacGraph: Frequent Anomaly Correlation Graph Mining for Root Cause Diagnose in Micro-Service Architecture2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC)10.1109/PCCC.2018.8711092(1-8)Online publication date: Nov-2018
      • (2017)Ranking Causal Anomalies for System Fault Diagnosis via Temporal and Dynamical Analysis on Vanishing CorrelationsACM Transactions on Knowledge Discovery from Data10.1145/304694611:4(1-28)Online publication date: 29-Jun-2017
      • (2017)Ranking Causal Anomalies by Modeling Local Propagations on Networked Systems2017 IEEE International Conference on Data Mining (ICDM)10.1109/ICDM.2017.129(1003-1008)Online publication date: Nov-2017
      • Show More Cited By

      View Options

      Login options

      Full Access

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media