Research On Key Technologies Of Adaptive Anomaly Detection For Virtual Machines In Cloud Platform

Cloud platform has been rapidly integrated into people's production and life with its openness and sharing of resources,convenience and accessibility of the network and the low cost of distributions on-demand.At the same time,due to the continuous development of virtualization technologies such as host virtualization,service virtualization,storage virtualization,and the increasingly perfection of distributed computing technologies,the scale and functional structure of cloud platforms have become more and more complex.Virtual machine,as the basic carrier of cloud platform service,it allocates and deploys resources according to the specific needs of users.The service types are diversity and heterogeneity,and the service time are highly dynamic and transient due to the complex and ever-changing requirements.In the high-speed and open network environment,the failure of the cloud platform,the failure of services and even the downtime have become normal.Therefore,in order to ensure users' service requirements in the cloud platform,the research on the dependability of the virtual machines for the cloud platform becomes a trend.The anomaly detection technology is an efficient way to guarantee the dependability of the cloud platform services.Based on the uses' demand for the dependability of cloud platform services,this paper studies the key technologies of adaptive anomaly detection for virtual machines,systematically analyzes the problems of virtual machine-based anomaly detection technologies in cloud platforms and proposes an anomaly detection framework for multi-source monitoring objects of virtual machines.On this basis,aiming at the dynamic adaptive anomaly detection requirements for the virtual machines in the cloud platform with complex and diverse application services,the research on the construction strategy of monitoring network topology and the optimization of anomaly detection algorithms are carried out.The specific works and innovations are as follows:(1)Using peer-to-peer network technology and the nearest neighbor optimization strategy,an adaptive construction mechanism of the monitoring network topology is proposed.Reasonable monitoring network topology and acquisition and transmission mechanisms are the prerequisites for effectively ensuring the detection performance of anomaly detection systems for virtual machines in the cloud platform.This paper first analyzes the problems in the existing construction technology of monitoring network topology,introduces the idea of peer-to-peer self-organizing network construction to establish a peer-to-peer monitoring network and opitimizes monitoring domain partition through the nearest neighbors,thereby improving the adaptiability and scalability of the monitoring network in the cloud platform.(2)For the characteristics of multi-source monitoring data of virtual machines,such as diversity,high dimenionality and heterogeneity and so on,an unsupervised feature selection algorithm based on subspace partition is studied.Then a local weighted SOM feature selection algorithm based on subspace partition is proposed.The idea is to select feature subsets that have important relationships with various data impormation expressions.In order to verify the validity of the selected feature subsets,a feature selection method is used to replace the commonly used feature extraction methods.Through the embedded selection model,the feature selection process and the SOM learning method are unified to optimize the SOM objective function.During the SOM clustering learning,the connection weights of the sample attributes to the SOM neuron nodes are changed by the local weighted values based on the subspace partition method so that the feature subsets obtained by the subspace partitioning can better construct the SOM clustering model,so as to realize the self-organizing feature selection process of multiple types of data.(3)Aiming at the uncertainty and incompleteness of multi-source monitoring data of virtual machines,a scene event-based SOM anomaly detection algorithm is proposed.The concept of scene event and its correlation are introduced to divide the large multi source monitoring data into a smaller certainty and complete group,and then an incremental SOM clustering method is used to train the detection model.The reason is that,each request occurred in a virtual machine has its specific event scenario,such as the time of occurrence,the length of the event,the content of the event,the state change before and after the event,and so on.In a same similar scenario event,the colleted monitoring data can be approximated as complete.(4)For the diversity of data forms existing in the monitoring data,this paper proposes a kernel based SOM method for multi-class information expression.Firstly,starting from the possible linear inseparability problem of monitoring data,this paper introduces a kernel-based SOM method to solve the high-dimensional nonlinear separable problems.Then,a multi kernel-based SOM method is proposed to deal with diverse data information.By using multi-kernel functions with different weights to express data in different dimensional spaces,the wholely expression of multiple data can be expressed from different spatial dimensions,so as to avoid the problem of model robustness and to improve the adaptive ability of anomaly detection algorithm when facing a variety of heterogeneous multi source monitoring data in the cloud platform.There are still many key problems in the research of anomaly detection for virtual machines in cloud platform,and this paper focuses on partial of them,that is the problem of the diversity of virtual machine services.The proposed anomaly detection framework for multi-source monitoring objects of virtual machines in cloud platform provides a basic ideal for this research.Based on the neighbor adaptive local topology paritition mechanisms for the monitoring network topology,it can effectively cope with monitoring efficiency and overhead problems faced by virtual machine services data monitoring and acquisition under a large-scale and dynamic complex environment.The subspace partition-based local weighted SOM feature selection algorithm can select the optimal feature subsets on the premise of guaranteeing the SOM clustering results.The scene event-awareness SOM anomaly detection algorithm adopts incremental SOM clustering method to group the similarity scene events to improve the utilization of the collected multi-source monitoring data.In addition,the proposed multi-kernel SOM detection algorithm effectively improve the ability to express diverse data information by the projection methods of multi-dimensional kernel space,to improve the stability and scalability of the detection model under the complex virtual machines environment.Therefore,the detection framework,topology construction mechanism,strategy and related detection algorithms proposed in this paper have a good theoretical and pratical application value to improve the dependability of cloud platform services.