A Docker Container Anomaly Monitoring System Based on Optimized Isolation Forest

Appeared in IEEE transactions on cloud computing .

Abstract

Container-based virtualization has gradually become a main solution in today‘s cloud computing environments. Detecting
and analyzing anomaly in containers present a major challenge for cloud vendors and users. This paper proposes an online container
anomaly detection system by monitoring and analyzing multidimensional resource metrics of the containers based on the optimized
isolation forest algorithm. To improve the detection accuracy, it assigns each resource metric a weight and changes the random feature
selection in the isolation forest algorithm to the weighted feature selection according to the resource bias of the container. In addition, it
can identify abnormal resource metrics and automatically adjust the monitoring period to reduce the monitoring delay and system
overhead. Moreover, it can locate the cause of the anomalies via analyzing and exploring the container log. The experimental results
demonstrate the performance and efficiency of the system on detecting the typical anomalies in containers in both simulated and real
cloud environments.

Publication date:
August 2019

Authors:
Zhuping Zou
Kai Huang
Gongming Xu
Yulai Xie
Dan Feng
Darrell D. E. Long

Projects:

Available media

Full paper text: PDF

Bibtex entry

@article{xie-tcc19,
  author       = {Zhuping Zou and Kai Huang and Gongming Xu and Yulai Xie and Dan Feng and Darrell D. E. Long},
  title        = {A Docker Container Anomaly Monitoring System Based on Optimized Isolation Forest},
  journal      = {IEEE transactions on cloud computing},
  volume       = {},
  month        = aug,
  year         = {2019},
}
Last modified 27 Jan 2023