By Topic

Combining density-based clustering and wavelet methods for internal systems anomaly detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)

Internal information systems play an important role in keeping the enterprises running well. To detect system anomalies, previous research achieved good results with system symptoms; however, the presented results are primarily performed on a relatively small scale and within a short time period. To understand the system's long-term profiles, we collected four common symptom data including CPU usage, memory loading, disk I/O, and network I/O from more than 100 online internal systems that includes 300 servers for 9 months. We randomly selected 50 servers from these servers and analyze their data in order to understand each symptom's long-term features. Based on our findings in network I/O, we propose a new approach combining a density-based clustering and wavelet methods to detect system anomalies. We also select 44 other servers to evaluate the false positive rate and simulate three types of system anomalies to evaluate the detection rate. The experiment results show that our approach has a great improvement on both the false positive rate and the detection rate compared to another wavelet-based network anomaly detection approach.

Published in:

Network Operations and Management Symposium (APNOMS), 2011 13th Asia-Pacific

Date of Conference:

21-23 Sept. 2011