A Self-organising Isolated Anomaly Detection Architecture for Large Scale Systems

Emmanuelle Anceaume 1, 2 Erwan Le Merrer 3 Romaric Ludinard 4 Bruno Sericola 4 Gilles Straub 3
1 CIDER
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
2 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
4 DIONYSOS - Dependability Interoperability and perfOrmance aNalYsiS Of networkS
Inria Rennes – Bretagne Atlantique , IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Monitoring a system is the ability of collecting and analyzing relevant information provided by the monitored devices so as to be continuously aware of the system state. However, the ever growing complexity and scale of systems makes both real time monitoring and fault detection a quite tedious task. Thus the usually adopted option is to focus solely on a subset of information states, so as to provide coarse-grained indicators. As a consequence, detecting isolated failures or anomalies is a quite challenging issue. In this work, we propose to address this issue by pushing the monitoring task at the edge of the network. We present a peer-to-peer based architecture, which enables nodes to adaptively and efficiently self-organize according to their ''health'' indicators. By exploiting both temporal and spatial correlations that exist between a device and its vicinity, our approach guarantees that only isolated anomalies (an anomaly is isolated if it impacts solely a monitored device) are reported on the fly to the network operator. We show that the end-to-end detection process, i.e., from the local detection to the management operator reporting, requires a logarithmic number of messages in the size of the network.
Document type :
Conference papers
Complete list of metadatas

Cited literature [15 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00907374
Contributor : Emmanuelle Anceaume <>
Submitted on : Thursday, November 21, 2013 - 10:58:04 AM
Last modification on : Thursday, November 15, 2018 - 11:57:51 AM
Long-term archiving on : Saturday, February 22, 2014 - 4:33:15 AM

File

nem-summit.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00907374, version 1

Citation

Emmanuelle Anceaume, Erwan Le Merrer, Romaric Ludinard, Bruno Sericola, Gilles Straub. A Self-organising Isolated Anomaly Detection Architecture for Large Scale Systems. Nem-Summit, Oct 2013, France. pp.12. ⟨hal-00907374⟩

Share

Metrics

Record views

879

Files downloads

205