The complexity and ubiquity of modern computing systems is a fertile ground for anomalies, including security and privacy breaches. In this paper, we propose a new methodology that addresses the practical challenges to implement anomaly detection approaches. Specifically, it is challenging to define normal behavior comprehensively and to acquire data on anomalies in diverse cloud environments. To tackle those challenges, we focus on anomaly detection approaches based on system performance signatures. In particular, performance signatures have the potential of detecting zero-day attacks, as those approaches are based on detecting performance deviations and do not require detailed knowledge of attack history. The proposed methodology leverages an analytical performance model and experimentation and allows to control the rate of false positives in a principled manner. The methodology is evaluated using the TPCx-V workload, which was profiled during a set of executions using resource exhaustion anomalies that emulate the effects of anomalies affecting system performance. The proposed approach was able to successfully detect the anomalies, with a low number of false positives (precision 90%-98%).

中文翻译：

---

基于模型的异常检测交易检测时间和误报率方法

现代计算系统的复杂性和普遍性是异常的沃土，包括安全和隐私泄露。在本文中，我们提出了一种新方法，可以解决实施异常检测方法的实际挑战。具体而言，全面定义正常行为并获取不同云环境中的异常数据具有挑战性。为了应对这些挑战，我们专注于基于系统性能特征的异常检测方法。特别是，性能签名具有检测零日攻击的潜力，因为这些方法基于检测性能偏差，不需要详细了解攻击历史。所提出的方法利用分析性能模型和实验，并允许以有原则的方式控制误报率。该方法使用 TPCx-V 工作负载进行评估，该工作负载在一组执行期间使用资源耗尽异常进行分析，这些异常模拟影响系统性能的异常的影响。所提出的方法能够成功检测异常，误报率很低（精度为 90%-98%）。