一种基于时间序列分解和时空信息提取的云服务器异常检测模型

唐伦; 赵禹辰; 薛呈呈; 陈前斌

doi:10.11999/JEIT230679

一种基于时间序列分解和时空信息提取的云服务器异常检测模型

doi: 10.11999/JEIT230679

1.
重庆邮电大学通信与信息工程学院重庆 400065
2.
移动通信技术重庆市重点实验室重庆 400065

基金项目: 国家自然科学基金(62071078)，川渝联合实施重点研发项目(2021YFQ0053)

详细信息

作者简介:
唐伦：男，教授，博士生导师，研究方向为新一代无线通信网络、异构蜂窝网络、软件定义无线网络等

赵禹辰：男，硕士生，研究方向为云数据中心异常检测、深度学习等

薛呈呈：女，硕士生，研究方向为虚拟化网络、异常检测等

陈前斌：男，教授，博士生导师，研究方向为个人通信、多媒体信息处理与传输、下一代移动通信网络、异构蜂窝网络等

通讯作者:
赵禹辰　1094534177@qq.com

中图分类号: TN911.7
计量
- 文章访问数: 292
- HTML全文浏览量: 162
- PDF下载量: 54
- 被引次数: 0
出版历程
- 收稿日期: 2023-07-07
- 修回日期: 2024-02-08
- 网络出版日期: 2024-03-04
- 刊出日期: 2024-06-30

A Cloud Server Anomaly Detection Model Based on Time Series Decomposition and Spatiotemporal Information Extraction

1.
School of Communications and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
2.
Chongqing Key Laboratory of Mobile Communications Technology, Chongqing 400065, China

Funds: The National Natural Science Foundation of China (62071078), Sichuan and Chongqing Key R&D Projects (2021YFQ0053)

摘要

摘要: 异常检测是维护云数据中心性能的一项重要任务。云数据中心中运行着大量的云服务器以实现各种云计算功能。由于云数据中心的性能取决于云服务的正常运行，因此检测和分析云服务器中的异常至关重要。为此，该文提出一种基于时间序列分解和时空信息提取的云服务器异常检测模型。首先，提出带时空信息提取模块的双向Wasserstein 生成对抗网络算法(BiWGAN-GTN)，该算法在具有梯度惩罚的双向Wasserstein 生成对抗网络(BiWGAN-GP)算法的基础上，将生成器与编码器替换为由图卷积网络(GCN)与时间卷积网络(TCN)组成的时空信息提取模块(GTN)，实现对数据空时信息的提取；其次，提出半监督BiWGAN-GTN算法来识别多维时间序列中的异常，以在训练过程中避免异常数据侵入的风险并增强模型鲁棒性。最后设计多通道BiWGAN-GTN算法-MCBiWGAN-GTN以实现降低数据复杂度并提升模型学习效率的目标。利用带有自适应噪声完全集合经验模态分解(CEEMDAN)算法将时序数据分解，然后将不同的分量送入对应通道下的BiWGAN-GTN算法中训练。在真实世界云数据中心数据集Clearwater和MBD上采用精确率、召回率和F1分数这3个性能指标验证了该文所提模型的有效性。实验结果表明，MCBiWGAN-GTN在这两个数据集上的性能稳定并优于所比较的方法。
- 云服务器异常检测 /
- 时间序列分解 /
- 生成对抗网络 /
- 时空信息提取模块
Abstract: Anomaly detection is an important task to maintain cloud data center performance. A large number of cloud servers are running in cloud data centers to implement various cloud computing functions. Since the performance of cloud data centers depends on the normal operation of cloud services, it is crucial to detect and analyze anomalies in cloud servers. To this end, a cloud server anomaly detection model based on time series decomposition and spatiotemporal information extraction-Multi-Channel Bidirectional Wasserstein Generative Adversarial Networks with Graph-Time Network (MCBiWGAN-GTN) is proposed in this paper. Firstly, the Bidirectional Wasserstein GAN with Graph-Time Network (BiWGAN-GTN) algorithm is proposed. This algorithm is built upon the Bidirectional Wasserstein GAN with Gradient Penalty (BiWGAN-GP) algorithm. In this modification, the generator and encoder are replaced by a spatiotemporal information extraction module— Graph-Time Network (GTN) composed of Graph Convolutional Networks (GCN) and Temporal Convolutional Networks (TCN). This modification aims to extract spatiotemporal information from the data, enhancing the capabilities of the algorithm. Secondly, the semi-supervised BiWGAN-GTN algorithm is proposed to identify anomalies in multi-dimensional time series to avoid the risk of abnormal data intrusion during the training process and enhance model robustness. Finally, the MCBiWGAN-GTN is designed to achieve the goal of reducing data complexity and improving model learning efficiency. The Complete Ensemble Empirical Mode Decomposition with Adaptive Noise algorithm (CEEMDAN) is used to decompose the time series data, and then different components are sent to the BiWGAN-GTN algorithm under the corresponding channel for training. The effectiveness and stability of the proposed model are verified on two real-world cloud data center datasets, Clearwater and MBD, using three evaluation metrics: precision, recall and F1 score. Experimental results show that the performance of MCBiWGAN-GTN on these two datasets is stable and better than the compared methods.
- Cloud server anomaly detection /
- Time series data decomposition /
- Generative Adversarial Networks (GAN) /
- Spatiotemporal information extraction module.

HTML全文

图 1 GTN模块架构图

下载: 全尺寸图片幻灯片

图 2 BiWGAN-GTN模型架构图

下载: 全尺寸图片幻灯片

图 3 MCBiWGAN-GTN模型架构图

下载: 全尺寸图片幻灯片

图 4 鉴别损失与生成编码损失函数

下载: 全尺寸图片幻灯片

图 5 不同数据集中惩罚系数与损失函数权重系数对性能指标的影响

下载: 全尺寸图片幻灯片

图 6 算法稳定性对比

下载: 全尺寸图片幻灯片

表 1 不同方法的异常检测效果

数据集	算法	Precision	Recall	F1-score
Clearwater	MADGAN	0.901	0.893	0.897
	MTAD-GAT	0.936	0.948	0.942
	TFAD	0.915	0.926	0.92
	SLA-VAE	0.928	0.905	0.916
	MCBiWGAN-GTN	0.954	0.967	0.960
MBD	MADGAN	0.412	0.491	0.454
	MTAD-GAT	0.521	0.625	0.568
	TFAD	0.494	0.636	0.556
	SLA-VAE	0.469	0.581	0.519
	MCBiWGAN-GTN	0.592	0.673	0.630

下载: 导出CSV

表 2 在Clearwater和MBD数据集上对MCBiWGAN-GTN进行消融实验，采用F1-score作为评价指标

模型	GTN	分解	无监督	半监督	Clearwater	MBD
BiWGAN-GP				√	0.829	0.556
BiWGAN-GTN	√			√	0.917	0.613
MCBiWGAN		√		√	0.905	0.602
MCBiWGAN-GTN(无监督)	√	√	√		0.941	0.614
MCBiWGAN-GTN	√	√		√	0.960	0.630

下载: 导出CSV

参考文献(15)

[1]	ZHU Zheng, GU Rongbin, PAN Chenling, et al. CPU and network traffic anomaly detection method for cloud data center[C]. The 1st International Conference on Advanced Information Science and System, Singapore, 2019: 24. doi: 10.1145/3373477.3373501.
[2]	LI Dan, CHEN Dacheng, JIN Baihong, et al. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks[C]. The 28th International Conference on Artificial Neural Networks, Munich, Germany, 2019: 703–716. doi: 10.1007/978-3-030-30490-4_56.
[3]	WANG Weili, LIANG Chengchao, TANG Lun, et al. Federated multi-discriminator BiWGAN-GP based collaborative anomaly detection for virtualized network slicing[J]. IEEE Transactions on Mobile Computing, 2023, 22(11): 6445–6459. doi: 10.1109/TMC.2022.3200059.
[4]	Haloui I, Gupta J S, and Feuilard V. Anomaly detection with Wasserstein GAN[J]. arXiv preprint, 2018: 1–36. doi: 10.48550/arXiv.1812.02463.
[5]	GULRAJANI I, AHMED F, ARJOVSKY M, et al. Improved training of Wasserstein GANs[C]. The 31st International Conference on Neural Information Processing Systems, Long Beach, USA, 2017: 5769–5779. doi: 10.5555/3295222.3295327.
[6]	ZHAO Hang, WANG Yujing, DUAN Juanyong, et al. Multivariate time-series anomaly detection via graph attention network[C]. 2020 IEEE International Conference on Data Mining, Sorrento, Italy, 2020: 841–850. doi: 10.1109/ICDM50108.2020.00093.
[7]	GAO Jingkun, SONG Xiaomin, WEN Qingsong, et al. RobustTAD: Robust time series anomaly detection via decomposition and convolutional neural networks[J]. arXiv preprint, 2020: 1–9. doi: 10.48550/arXiv.2002.09545.
[8]	ZHANG Chaoli, ZHOU Tian, WEN Qingsong, et al. TFAD: A decomposition time series anomaly detection architecture with time-frequency analysis[C]. The 31st ACM International Conference on Information & Knowledge Management, Atlanta, USA, 2022: 2497–2507. doi: 10.1145/3511808.3557470.
[9]	RAO Yucong and ZHAO Jiabao. Time series anomaly detection based on CEEMDAN and LSTM[C]. 2021 IEEE International Conference on Networking, Sensing and Control, Xiamen, China, 2021: 1–6. doi: 10.1109/ICNSC52481.2021.9702161.
[10]	HUANG Tao, CHEN Pengfei, and LI Ruipeng. A semi-supervised VAE based active anomaly detection framework in multivariate time series for online systems[C]. ACM Web Conference 2022, Lyon, France, 2022: 1797–1806. doi: 10.1145/3485447.3511984.
[11]	THOMAS N and WELLING M. Semi-supervised classification with graph convolutional networks[J]. arXiv preprint, 2016: 1–14. doi: 10.48550/arXiv.1609.02907.
[12]	BAI Shaojie, KOLTER Z, and KOLTUN V. An empirical evaluation of generic convolutional and recurrent networks for sequence modeling[EB/OL]. https://arxiv.org/abs/1803.01271, 2018.
[13]	TORRES M E, COLOMINAS M A, SCHLOTTHAUER G, et al. A complete ensemble empirical mode decomposition with adaptive noise[C]. 2011 IEEE International Conference on Acoustics, Speech and Signal Processing, Prague, Czech Republic, 2011: 4144–4147. doi: 10.1109/ICASSP.2011.5947265.
[14]	HE Zilong, CHEN Pengfei, LI Xiaoyun, et al. A spatiotemporal deep learning approach for unsupervised anomaly detection in cloud systems[J]. IEEE Transactions on Neural Networks and Learning Systems, 2023, 34(4): 1705–1719. doi: 10.1109/TNNLS.2020.3027736.
[15]	SAUVANAUD C, LAZRI K, KAâNICHE M, et al. Towards black-box anomaly detection in virtual network functions[C]. The 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop, Toulouse, France, 2016: 254–257. doi: 10.1109/DSN-W.2016.17.