An incremental anomaly detection model for virtual machines

Self-Organizing Map (SOM) algorithm as an unsupervised learning method has been applied in anomaly detection due to its capabilities of self-organizing and automatic anomaly prediction. However, because of the algorithm is initialized in random, it takes a long time to train a detection model. Besid...

Descripción completa

Detalles Bibliográficos
Autores principales: Zhang, Hancui, Chen, Shuyu, Liu, Jun, Zhou, Zhen, Wu, Tianshu
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2017
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5678885/
https://www.ncbi.nlm.nih.gov/pubmed/29117245
http://dx.doi.org/10.1371/journal.pone.0187488
_version_ 1783277530330955776
author Zhang, Hancui
Chen, Shuyu
Liu, Jun
Zhou, Zhen
Wu, Tianshu
author_facet Zhang, Hancui
Chen, Shuyu
Liu, Jun
Zhou, Zhen
Wu, Tianshu
author_sort Zhang, Hancui
collection PubMed
description Self-Organizing Map (SOM) algorithm as an unsupervised learning method has been applied in anomaly detection due to its capabilities of self-organizing and automatic anomaly prediction. However, because of the algorithm is initialized in random, it takes a long time to train a detection model. Besides, the Cloud platforms with large scale virtual machines are prone to performance anomalies due to their high dynamic and resource sharing characters, which makes the algorithm present a low accuracy and a low scalability. To address these problems, an Improved Incremental Self-Organizing Map (IISOM) model is proposed for anomaly detection of virtual machines. In this model, a heuristic-based initialization algorithm and a Weighted Euclidean Distance (WED) algorithm are introduced into SOM to speed up the training process and improve model quality. Meanwhile, a neighborhood-based searching algorithm is presented to accelerate the detection time by taking into account the large scale and high dynamic features of virtual machines on cloud platform. To demonstrate the effectiveness, experiments on a common benchmark KDD Cup dataset and a real dataset have been performed. Results suggest that IISOM has advantages in accuracy and convergence velocity of anomaly detection for virtual machines on cloud platform.
format Online
Article
Text
id pubmed-5678885
institution National Center for Biotechnology Information
language English
publishDate 2017
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-56788852017-11-18 An incremental anomaly detection model for virtual machines Zhang, Hancui Chen, Shuyu Liu, Jun Zhou, Zhen Wu, Tianshu PLoS One Research Article Self-Organizing Map (SOM) algorithm as an unsupervised learning method has been applied in anomaly detection due to its capabilities of self-organizing and automatic anomaly prediction. However, because of the algorithm is initialized in random, it takes a long time to train a detection model. Besides, the Cloud platforms with large scale virtual machines are prone to performance anomalies due to their high dynamic and resource sharing characters, which makes the algorithm present a low accuracy and a low scalability. To address these problems, an Improved Incremental Self-Organizing Map (IISOM) model is proposed for anomaly detection of virtual machines. In this model, a heuristic-based initialization algorithm and a Weighted Euclidean Distance (WED) algorithm are introduced into SOM to speed up the training process and improve model quality. Meanwhile, a neighborhood-based searching algorithm is presented to accelerate the detection time by taking into account the large scale and high dynamic features of virtual machines on cloud platform. To demonstrate the effectiveness, experiments on a common benchmark KDD Cup dataset and a real dataset have been performed. Results suggest that IISOM has advantages in accuracy and convergence velocity of anomaly detection for virtual machines on cloud platform. Public Library of Science 2017-11-08 /pmc/articles/PMC5678885/ /pubmed/29117245 http://dx.doi.org/10.1371/journal.pone.0187488 Text en © 2017 Zhang et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Zhang, Hancui
Chen, Shuyu
Liu, Jun
Zhou, Zhen
Wu, Tianshu
An incremental anomaly detection model for virtual machines
title An incremental anomaly detection model for virtual machines
title_full An incremental anomaly detection model for virtual machines
title_fullStr An incremental anomaly detection model for virtual machines
title_full_unstemmed An incremental anomaly detection model for virtual machines
title_short An incremental anomaly detection model for virtual machines
title_sort incremental anomaly detection model for virtual machines
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5678885/
https://www.ncbi.nlm.nih.gov/pubmed/29117245
http://dx.doi.org/10.1371/journal.pone.0187488
work_keys_str_mv AT zhanghancui anincrementalanomalydetectionmodelforvirtualmachines
AT chenshuyu anincrementalanomalydetectionmodelforvirtualmachines
AT liujun anincrementalanomalydetectionmodelforvirtualmachines
AT zhouzhen anincrementalanomalydetectionmodelforvirtualmachines
AT wutianshu anincrementalanomalydetectionmodelforvirtualmachines
AT zhanghancui incrementalanomalydetectionmodelforvirtualmachines
AT chenshuyu incrementalanomalydetectionmodelforvirtualmachines
AT liujun incrementalanomalydetectionmodelforvirtualmachines
AT zhouzhen incrementalanomalydetectionmodelforvirtualmachines
AT wutianshu incrementalanomalydetectionmodelforvirtualmachines

Ejemplares similares