ATOM: Automated Tracking, Orchestration and Monitoring of Resource - - PowerPoint PPT Presentation

atom automated tracking orchestration and monitoring of
SMART_READER_LITE
LIVE PREVIEW

ATOM: Automated Tracking, Orchestration and Monitoring of Resource - - PowerPoint PPT Presentation

Sep 11, 2023 288 likes •1.28k views

Motivation Design Evaluation Discussion ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems Min Du, Feifei Li School of Computing, University of Utah ATOM: Automated Tracking,

slide-1
SLIDE 1

Motivation Design Evaluation Discussion

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

Min Du, Feifei Li School of Computing, University of Utah

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-2
SLIDE 2

Motivation Design Evaluation Discussion

A Simplified Cloud

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-3
SLIDE 3

Motivation Design Evaluation Discussion

A Simplified Cloud

Monitor the Cloud

◮ To provide system-wide visibility ◮ CloudWatch (AWS/Eucalyptus)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-4
SLIDE 4

Motivation Design Evaluation Discussion

A Simplified Cloud

Monitor the Cloud

◮ To provide system-wide visibility ◮ CloudWatch (AWS/Eucalyptus)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-5
SLIDE 5

Motivation Design Evaluation Discussion

A Simplified Cloud

Monitor the Cloud

◮ To provide system-wide visibility ◮ CloudWatch (AWS/Eucalyptus)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-6
SLIDE 6

Motivation Design Evaluation Discussion

A Simplified Cloud

Monitor the Cloud

◮ To provide system-wide visibility ◮ CloudWatch (AWS/Eucalyptus)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-7
SLIDE 7

Motivation Design Evaluation Discussion

A Simplified Cloud

Questions

  • 1. Monitor more efficiently?
  • 2. Utilize the statistics for security

purpose?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-8
SLIDE 8

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-9
SLIDE 9

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-10
SLIDE 10

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-11
SLIDE 11

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-12
SLIDE 12

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-13
SLIDE 13

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-14
SLIDE 14

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-15
SLIDE 15

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-16
SLIDE 16

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-17
SLIDE 17

Motivation Design Evaluation Discussion

ATOM Architecture

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-18
SLIDE 18

Motivation Design Evaluation Discussion

Tracking Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-19
SLIDE 19

Motivation Design Evaluation Discussion

Tracking Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-20
SLIDE 20

Motivation Design Evaluation Discussion

Tracking Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-21
SLIDE 21

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-22
SLIDE 22

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-23
SLIDE 23

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-24
SLIDE 24

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-25
SLIDE 25

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-26
SLIDE 26

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-27
SLIDE 27

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-28
SLIDE 28

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-29
SLIDE 29

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-30
SLIDE 30

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-31
SLIDE 31

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-32
SLIDE 32

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-33
SLIDE 33

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

* Values sent: {0, 6, 0, 6, 0, 6, ...}

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-34
SLIDE 34

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

* Values sent: {0, 6, 0, 6, 0, 6, ...} * Optimal offline algorithm could

  • nly send one value: 3

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-35
SLIDE 35

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ A naive way:

* Values sent: {0, 6, 0, 6, 0, 6, ...} * Optimal offline algorithm could

  • nly send one value: 3

* Competitive ratio: Unbounded

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-36
SLIDE 36

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-37
SLIDE 37

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-38
SLIDE 38

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-39
SLIDE 39

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-40
SLIDE 40

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-41
SLIDE 41

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-42
SLIDE 42

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-43
SLIDE 43

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-44
SLIDE 44

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

* Values sent: {0, 3}

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-45
SLIDE 45

Motivation Design Evaluation Discussion

Tracking Component

What if a small error ∆ is allowed?

◮ Sequence: {0, 6, 0, 6, 0, 6, ...}; ∆ = 4 ◮ The optimal one dimension online tracking algorithm:

* Values sent: {0, 3} * Competitive ratio: log ∆

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-46
SLIDE 46

Motivation Design Evaluation Discussion

Tracking Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-47
SLIDE 47

Motivation Design Evaluation Discussion

Monitoring Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-48
SLIDE 48

Motivation Design Evaluation Discussion

Monitoring Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-49
SLIDE 49

Motivation Design Evaluation Discussion

Monitoring Component

Data matrix reported from each node:       V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d

  • d metrics

                 n time instances

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-50
SLIDE 50

Motivation Design Evaluation Discussion

Monitoring Component

Data matrix reported from each node:       V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d

  • d metrics

                 n time instances

◮ Anomaly detection using this matrx;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-51
SLIDE 51

Motivation Design Evaluation Discussion

Monitoring Component

Data matrix reported from each node:       V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d

  • d metrics

                 n time instances

◮ Anomaly detection using this matrx; ◮ Use Principal Component Analysis (PCA);

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-52
SLIDE 52

Motivation Design Evaluation Discussion

Monitoring Component

Data matrix reported from each node:       V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d

  • d metrics

                 n time instances

◮ Anomaly detection using this matrx; ◮ Use Principal Component Analysis (PCA); ◮ Sliding window;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-53
SLIDE 53

Motivation Design Evaluation Discussion

Monitoring Component

Data matrix reported from each node:       V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d

  • d metrics

                 n time instances

◮ Anomaly detection using this matrx; ◮ Use Principal Component Analysis (PCA); ◮ Sliding window; ◮ Metrics identification after anomalies are detected.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-54
SLIDE 54

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-55
SLIDE 55

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-56
SLIDE 56

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-57
SLIDE 57

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-58
SLIDE 58

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-59
SLIDE 59

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-60
SLIDE 60

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

+ Threshold Qα is computed according to a given false alarm rate α.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-61
SLIDE 61

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

+ Threshold Qα is computed according to a given false alarm rate α. + Tracking component introduces error ∆ to data matrix.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-62
SLIDE 62

Motivation Design Evaluation Discussion

Monitoring Component - Anomaly Detection

PCA:

+ Threshold Qα is computed according to a given false alarm rate α. + Tracking component introduces error ∆ to data matrix. + Given µ, dynamically adjust ∆ according to PCA results, to ensure false alarm rate ∈ (α − µ, α + µ)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-63
SLIDE 63

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-64
SLIDE 64

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

Goal: Pinpoint the abnormal dimensions of suspicious data points to assist Orchestration component.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-65
SLIDE 65

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

Goal: Pinpoint the abnormal dimensions of suspicious data points to assist Orchestration component.        V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d       

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-66
SLIDE 66

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

Goal: Pinpoint the abnormal dimensions of suspicious data points to assist Orchestration component.        V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d       

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-67
SLIDE 67

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

Goal: Pinpoint the abnormal dimensions of suspicious data points to assist Orchestration component.        V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d       

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-68
SLIDE 68

Motivation Design Evaluation Discussion

Monitoring Component - Metrics Identification

Goal: Pinpoint the abnormal dimensions of suspicious data points to assist Orchestration component.        V00 V01 V02 · · · V0d . . . ... V(n−2)0 V(n−2)1 V(n−2)2 · · · V(n−2)d V(n−1)0 V(n−1)1 V(n−1)2 · · · V(n−1)d V(now)0 V(now)1 V(now)2 · · · V(now)d        Main idea: Compare each dimension of the abnormal data points and normal ones.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-69
SLIDE 69

Motivation Design Evaluation Discussion

Monitoring Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-70
SLIDE 70

Motivation Design Evaluation Discussion

Orchestration Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-71
SLIDE 71

Motivation Design Evaluation Discussion

Orchestration Component

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-72
SLIDE 72

Motivation Design Evaluation Discussion

Orchestration Component

Virtual Machine Introspection (VMI)

◮ Introspect VM memory using existing VMI tools;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-73
SLIDE 73

Motivation Design Evaluation Discussion

Orchestration Component

Virtual Machine Introspection (VMI)

◮ Introspect VM memory using existing VMI tools;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-74
SLIDE 74

Motivation Design Evaluation Discussion

Orchestration Component

Virtual Machine Introspection (VMI)

◮ Introspect VM memory using existing VMI tools;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-75
SLIDE 75

Motivation Design Evaluation Discussion

Orchestration Component

Virtual Machine Introspection (VMI)

◮ Introspect VM memory using existing VMI tools; ◮ Raise alarm;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-76
SLIDE 76

Motivation Design Evaluation Discussion

Orchestration Component

Virtual Machine Introspection (VMI)

◮ Introspect VM memory using existing VMI tools; ◮ Raise alarm; ◮ Optionally, kill process.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-77
SLIDE 77

Motivation Design Evaluation Discussion

Evaluation

+ Implemented on the Eucalyptus Cloud platform;

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-78
SLIDE 78

Motivation Design Evaluation Discussion

Evaluation

+ Implemented on the Eucalyptus Cloud platform; + Modified Node Controller and Cloud Controller source code.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-79
SLIDE 79

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-80
SLIDE 80

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

  • 1. Monitor more efficiently?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-81
SLIDE 81

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

  • 1. Monitor more efficiently?
  • 2. Utilize the statistics for security purpose?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-82
SLIDE 82

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

  • 1. Monitor more efficiently?

◮ Tracking Component

  • 2. Utilize the statistics for security purpose?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-83
SLIDE 83

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

  • 1. Monitor more efficiently?

◮ Tracking Component

  • 2. Utilize the statistics for security purpose?

◮ Monitoring and Orchestration Component ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-84
SLIDE 84

Motivation Design Evaluation Discussion

Evaluation

Recall the two questions:

  • 1. Monitor more efficiently?

◮ Tracking Component

  • 2. Utilize the statistics for security purpose?

◮ Monitoring and Orchestration Component

Metrics monitored for each VM:

  • The default 7 metrics monitored by Eucalyptus CloudWatch.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-85
SLIDE 85

Motivation Design Evaluation Discussion

Evaluation - Tracking

A comparison on number of values sent by NC for each metric.

◮ VM workload: TPC-C

benchmark on MySQL database;

◮ ∆: The average for each

metric when VM is idle.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-86
SLIDE 86

Motivation Design Evaluation Discussion

Evaluation - Tracking

A comparison on number of values sent by NC for each metric.

◮ VM workload: TPC-C

benchmark on MySQL database;

◮ ∆: The average for each

metric when VM is idle.

200 400 600 800 1000 1 2 3 4 Message Count Metric Id Without Tracking With Tracking

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-87
SLIDE 87

Motivation Design Evaluation Discussion

Evaluation - Monitoring

Experiment setting:

◮ 3 VMs being monitored: VM 1

idle, VM 2 and 3 run Apache web server;

◮ VM 2 and 3 are compromised as

DDoS bots later.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-88
SLIDE 88

Motivation Design Evaluation Discussion

Evaluation - Monitoring

Experiment setting:

◮ 3 VMs being monitored: VM 1

idle, VM 2 and 3 run Apache web server;

◮ VM 2 and 3 are compromised as

DDoS bots later.

10 20 30 40 50 60 70 80 500 1000 1500 2000 2500 3000 3500 4000

SPE in residual subspace Time / seconds

SPE Threshold (α=0.2%) Threshold (α=0.5%)

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-89
SLIDE 89

Motivation Design Evaluation Discussion

Evaluation - Monitoring

Experiment setting:

◮ 3 VMs being monitored: VM 1

idle, VM 2 and 3 run Apache web server;

◮ VM 2 and 3 are compromised as

DDoS bots later.

10 20 30 40 50 60 70 80 500 1000 1500 2000 2500 3000 3500 4000

SPE in residual subspace Time / seconds

SPE Threshold (α=0.2%) Threshold (α=0.5%)

Dim (j) vm1-d1 vm1-d2 vm1-d3 vm1-d4 vm1-d5 vm1-d6 vm1-d7 vm2-d1 vm2-d2 vm2-d3 vm2-d4 rdj 23.70

  • 0.98
  • 0.98
  • 0.55
  • 0.57

4.27 3.76 9.14 64.18 65.05 3.50 stddevj 0.78 0.42 0.58 0.00 0.67 0.00 0.71 3.17 8.01 8.30 0.00 meandiffj 0.16

  • 0.26
  • 0.28

Dim (j) vm2-d5 vm2-d6 vm2-d7 vm3-d1 vm3-d2 vm3-d3 vm3-d4 vm3-d5 vm3-d6 vm3-d7 rdj

  • 0.51
  • 0.82

4.23 9.04 60.56 61.16 1.45

  • 0.56

1.89

  • 0.51

stddevj 0.31 0.00 0.35 7.23 6.06 6.98 0.17 3.39 0.12 3.65 meandiffj 0.39

  • 0.23
  • 0.31

Metrics Identification Result

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-90
SLIDE 90

Motivation Design Evaluation Discussion

Evaluation - Orchestration

◮ Received a VMI request with information:

◮ A possible network problem; ◮ Similar patterns for VM 2 and 3. ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-91
SLIDE 91

Motivation Design Evaluation Discussion

Evaluation - Orchestration

◮ Received a VMI request with information:

◮ A possible network problem; ◮ Similar patterns for VM 2 and 3.

◮ Node Controller call existing VMI tools to introspect:

◮ VM 2: Volatility found suspicious DDoS process; ◮ VM 3: Same with VM 2? ◮ Raise alarm to user; ◮ Kill the processes automatically using StackDB if confirmed. ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-92
SLIDE 92

Motivation Design Evaluation Discussion

Discussion - Overhead

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-93
SLIDE 93

Motivation Design Evaluation Discussion

Discussion - Overhead

Overhead introduced:

◮ On NC: O(1) to apply tracking algorithm and call VMI tools; ◮ On CLC: Depending on the PCA algorithm used, polynomial to

sliding window size and number of dimensions monitored.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-94
SLIDE 94

Motivation Design Evaluation Discussion

Discussion - Overhead

Overhead introduced:

◮ On NC: O(1) to apply tracking algorithm and call VMI tools; ◮ On CLC: Depending on the PCA algorithm used, polynomial to

sliding window size and number of dimensions monitored. Overhead saved:

◮ Significant amount of network traffic sending from NC to CC to

CLC;

◮ Significant amount of memory space to be introspected by VMI.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-95
SLIDE 95

Motivation Design Evaluation Discussion

Discussion - Possible Extension

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-96
SLIDE 96

Motivation Design Evaluation Discussion

Discussion - Possible Extension

◮ Monitor more metrics; ◮ Extend VMI tools to find more complicated attacks.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-97
SLIDE 97

Motivation Design Evaluation Discussion

Thank you.

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems

slide-98
SLIDE 98

Motivation Design Evaluation Discussion

Thank you. Questions?

ATOM: Automated Tracking, Orchestration and Monitoring of Resource Usage in Infrastructure as a Service Systems