timing behavior anomaly detection for automatic failure
play

Timing Behavior Anomaly Detection for Automatic Failure Detection - PowerPoint PPT Presentation

Nov 08, 2023 •132 likes •969 views

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at Charles Univerity Prague Matthias Rohr matthias.rohr@informatik.uni-oldenburg.de Graduate School TrustSoft, Software Engineering Group Department

  1. Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at Charles Univerity Prague Matthias Rohr matthias.rohr@informatik.uni-oldenburg.de Graduate School TrustSoft, Software Engineering Group Department of Computing Science, University of Oldenburg 10th of April 2007 Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 1 / 32

  2. Motivation Motivation Administrators Complex Users Software System Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 2 / 32

  3. Motivation Motivation Administrators Complex Users Software System Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 2 / 32

  4. Motivation Motivation Administrators Complex Users Software System Failure diagnosis in business-critical software systems Manual failure diagnosis is time-consuming and error-prone Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 2 / 32

  5. Motivation Motivation Failure Diagnosis Diagnosis Log of Report Runtime Behavior Measurements M M M M M M M Administrators M Complex Users Software System with Monitoring Failure diagnosis in business-critical software systems Manual failure diagnosis is time-consuming and error-prone Runtime behavior observations are indicative for failure diagnosis Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 2 / 32

  6. Motivation Motivation P ft = 0.8 <<Component>> :Catalog P ft = 0.08 P ft = 0.12 <<Component>> :Bookshop <<Component>> :CRM Vision Automatic localization of faults through runtime behavior evaluation Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 3 / 32

  7. Motivation Approach Automatic localization of faults through runtime behavior evaluation Automatic detection of timing behavior anomalies in software systems Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 4 / 32

  8. Motivation Approach Automatic localization of faults through runtime behavior evaluation Automatic detection of timing behavior anomalies in software systems Research questions: How can anomalies be detected in timing behavior? How can system usage variations be adresses in timing behavior evaluation? What is the relation between software faults and runtime timing behavior? Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 4 / 32

  9. Foundations Outline Foundations 1 Dependability Anomaly Detection Software Performance Creation of the timing behavior profile 2 Fault Localization 3 Evaluation 4 Related work 5 Conclusions 6 Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 5 / 32

  10. Foundations Dependability Dependability Terminology [Aviˇ zienis et al., 2004] Threats to dependability Fault Root-cause of a failure Error Incorrect system state Failure Deviation from correct system behavior visible to the user Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 6 / 32

  11. Foundations Dependability Dependability Terminology [Aviˇ zienis et al., 2004] Threats to dependability Fault Root-cause of a failure Error Incorrect system state Failure Deviation from correct system behavior visible to the user Failure Diagnosis: Failure detection Identification of faults Fault localization Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 6 / 32

  12. Foundations Dependability Availability Availability: Common definition (e.g., [Musa et al., 1987]) MTTF Availability = MTTF + MTTR MTTF Mean Time to Failure MTTR Mean Time to Repair Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 7 / 32

  13. Foundations Dependability Availability Availability: Common definition (e.g., [Musa et al., 1987]) MTTF Availability = MTTF + MTTR MTTF Mean Time to Failure MTTR Mean Time to Repair Two alternative strategies to increase availability Increase of mean time to failure (reliability) Decrease of mean time to repair Failure diagnosis support Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 7 / 32

  14. Foundations Anomaly Detection Anomaly Detection (1/2) System System behavior influences System Anomaly detection Anomaly analysis An anomaly is a deviation from “normal” system behavior Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 8 / 32

  15. Foundations Anomaly Detection Anomaly Detection (1/2) System System Normal system behavior: behavior influences System Static reference values Anomaly (e.g., mean response time over detection a day ≤ T ) Anomaly Analytical or statistical models analysis in dependence to system An anomaly is a deviation from influences and historical system “normal” system behavior behavior Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 8 / 32

  16. Foundations Anomaly Detection Anomaly Detection (2/2) Methods to create normal behavior profiles Manual specification Automatic profile learning from observations Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 9 / 32

  17. Foundations Anomaly Detection Anomaly Detection (2/2) Methods to create normal behavior profiles Manual specification Automatic profile learning from observations Challenges of anomaly detection: False alarms System usage Nonlinear system behavior, modeling uncertainties Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 9 / 32

  18. Foundations Anomaly Detection Anomaly Detection (2/2) Methods to create normal behavior profiles Manual specification Automatic profile learning from observations Challenges of anomaly detection: False alarms System usage Nonlinear system behavior, modeling uncertainties Typical application domains: Industrial manufacturing, large-scale control systems [Palade et al., 2006] Network management [Maxion, 1990] Intrusion detection (Security) [Denning, 1987] Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 9 / 32

  19. Foundations Software Performance Software Timing Behavior Influences to software timing behavior: System architecture: Hardware resource capacity Software design System usage : [cp. Sabetta and Koziolek, 2007]: Workload intensity (e.g., number of active users) Service demand characteristics (e.g., individual request parameters) System state Performance tuning (e.g., caching, load balancing), ... Server virtualization Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 10 / 32

  20. Creation of the timing behavior profile Outline Foundations 1 Creation of the timing behavior profile 2 Instrumentation Monitoring Analysis of Execution Sequences Analysis of Workload Intensity Fault Localization 3 Evaluation 4 Related work 5 Conclusions 6 Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 11 / 32

  21. Creation of the timing behavior profile Failure diagnosis through online timing behavior evaluation Timing behavior anomalies: Deviations from normal timing behavior (here: response times) of operations of a software system e.g., exceptional high or low response times Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 12 / 32

  22. Creation of the timing behavior profile Failure diagnosis through online timing behavior evaluation Timing behavior anomalies: Deviations from normal timing behavior (here: response times) of operations of a software system e.g., exceptional high or low response times Relation between software faults and timing behavior anomalies Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 12 / 32

  23. Creation of the timing behavior profile Failure diagnosis through online timing behavior evaluation Timing behavior anomalies: Deviations from normal timing behavior (here: response times) of operations of a software system e.g., exceptional high or low response times Relation between software faults and timing behavior anomalies: Software faults tend to cause timing behavior anomalies [Kao et al., 1993] Successful fault localization based on timing behavior anomalies [Agarwal et al., 2004] Response times in enterprise resource planning systems (ERP) are often log-normally distributed [Mielke, 2006] Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 12 / 32

  24. Creation of the timing behavior profile Overview Timing behavior anomaly detection for failure diagnosis Initial activities Creation of the Timing Instrumentation Monitoring timing behavior behavior for Monitoring profile profile Continuous activties Update of Timing timing behavior behavior Monitoring profile profile Activities during failure diagnosis Log: − response times − execution sequences Diagnosis Anomaly Anomaly report detection analysis Timing behavior profile Matthias Rohr (TrustSoft) Timing Behavior Anomaly Detection 10th of April 2007 13 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web Applications Diploma Thesis Presentation Nina S. Marwede Abteilung Software Engineering Fakultt II Department fr Informatik August 26, 2008

654 views • 41 slides
Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing Behavior Anomaly Correlation Presentation at 13th European Conference on Software Maintenance and Reengineering Nina Marwede 1 , Matthias Rohr 1 ,

439 views • 42 slides
Structure of Talk Workload-sensitive Timing Behavior Anomaly Detection 1 Motivation in Large

Structure of Talk Workload-sensitive Timing Behavior Anomaly Detection 1 Motivation in Large

Workload-sensitive Timing Behavior Anomaly Detection in Large Software Systems Workload-sensitive Timing Behavior Anomaly Detection in Large Software Systems Structure of Talk Workload-sensitive Timing Behavior Anomaly Detection 1 Motivation

690 views • 12 slides
Asok Asok Ray Ray The Pennsylvania State University University Park, PA 16802 Email:

Asok Asok Ray Ray The Pennsylvania State University University Park, PA 16802 Email:

1 8 5 5 Seminar at Seminar at Nat National Inst onal Institut itute of S e of Standar andards and Technology ds and Technology ANOMALY DETECTION ANOMALY DETECTION AND FAILURE MITIGATION ND FAILURE MITIGATION IN COMPLEX DYNAMICAL SYSTEMS

444 views • 33 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu , Youjian Zhao, Haowen Xu, Yongqian Sun, Dan Pei, Jiao Luo, Xiaowei Jing, Mei Feng 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn) KPIs and

545 views • 42 slides
Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep Learning Lucas May Petry 1 , Amilcar Soares 2 , Vania Bogorny 1 , Bruno Brandoli 2 , Stan Matwin 2 1 Programa de Ps-Graduao em Cincias da

1.26k views • 16 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar,

An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar,

An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar, David Andersen, Hyong Kim, Hui Zhang Carnegie Mellon University Entropy-based Anomaly Detection Goal: detect abnormal behavior scan activity,

447 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series &lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of

3. Behavioral Perspective of Learning Behavior: Big Questions Is learning just a change of behavior? Can learning happen without intent? Can new behavior be shaped by manipulating the environment? 3.1 Classical

848 views • 37 slides
Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood

Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood

Auto ma tic a lly Cha ra c te rizing L a rg e Sc a le Pro g ra m Be ha vio r Timothy Sherwood Erez Perelman Greg Hamerly Brad Calder T itle Ideal : To understand the effects of cycle-level events on full program execution

465 views • 29 slides
behavior Timothy R. Vollmer University of Florida Overview A bit about my background and

behavior Timothy R. Vollmer University of Florida Overview A bit about my background and

automatically reinforced behavior Timothy R. Vollmer University of Florida Overview A bit about my background and research interests Overview of the functions of severe problem behavior Typical treatment logic and why it does not

529 views • 23 slides
Service Composition and Synthesis The Roman Model Giuseppe De Giacomo SAPIENZA Universit di

Service Composition and Synthesis The Roman Model Giuseppe De Giacomo SAPIENZA Universit di

Service Composition and Synthesis The Roman Model Giuseppe De Giacomo SAPIENZA Universit di Roma, Italy Joint work with Daniela Berardi, Massimiliano de Leoni, Diego Calvanese, Fahima Cheikh, Rick Hull, Maurizio Lenzerini, Massimo Mecella,

611 views • 40 slides
Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand

Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns Ali Kheradmand University of Illinois at Urbana-Champaign 1 SOSR, March 2020 Typical network configuration procedure Mostly manual in todays networks

667 views • 25 slides
Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p

Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p

Automatic Generation of Oracles for Exceptional Behaviors a c f i t t r A * o m C p * l e t n t e A e * t s * E i W s n e C o A l l C D T * o * S c e u s S u m E e e I R n * o t e v t

1.12k views • 80 slides
Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C.

Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C.

Automatic Virtual Machine Clustering based on Bhattacharyya Distance for Multi-Cloud Systems C. Canali R. Lancellotti University of Modena and Reggio Emilia MultiCloud - 22 april 2013 - Prague 1 Cloud computing challenges Large data

295 views • 16 slides
Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November

Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November

Research Group German Climate Computing Center Semi-automatic Assessment of I/O Behavior An Explorative Study on 10 6 Jobs SC19-PDSW November 18, 2019 Eugen Betke, Julian Kunkel Motivation Goals: Finding jobs with high I/O load, but

127 views • 8 slides

More recommend