Learning State Machines to Monitor and Detect Anomalies on a Kubernetes Cluster

Clinton Cao, Agathe Blaise, Sicco Verwer, Filippo Rebecchi

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

5 Citations (Scopus)
81 Downloads (Pure)

Abstract

These days more companies are shifting towards using cloud environments to provide their services to their client. While it is easy to set up a cloud environment, it is equally important to monitor the system's runtime behaviour and identify anomalous behaviours that occur during its operation. In recent years, the utilisation of Recurrent Neural Networks (RNNs) and Deep Neural Networks (DNNs) to detect anomalies that might occur during runtime has been a trending approach. However, it is unclear how to explain the decisions made by these networks and how these networks should be interpreted to understand the runtime behaviour that they model. On the contrary, state machine models provide an easier manner to interpret and understand the behaviour that they model. In this work, we propose an approach that learns state machine models to model the runtime behaviour of a cloud environment that runs multiple microservice applications. To the best of our knowledge, this is the first work that tries to apply state machine models to microservice architectures. The state machine model is used to detect the different types of attacks that we launch on the cloud environment. From our experiment results, our approach can detect the attacks very well, achieving a balanced accuracy of 99.2% and a F1 score of 0.982.

Original languageEnglish
Title of host publicationProceedings of the 17th International Conference on Availability, Reliability and Security, ARES 2022
PublisherAssociation for Computing Machinery (ACM)
Number of pages9
ISBN (Electronic)978-1-4503-9670-7
DOIs
Publication statusPublished - 2022
Event17th International Conference on Availability, Reliability and Security, ARES 2022 - Vienna, Austria
Duration: 23 Aug 202226 Aug 2022

Publication series

NameACM International Conference Proceeding Series

Conference

Conference17th International Conference on Availability, Reliability and Security, ARES 2022
Country/TerritoryAustria
CityVienna
Period23/08/2226/08/22

Keywords

  • Anomaly Detection
  • Kubernetes
  • Microservice Architecture
  • Runtime Monitoring
  • State Machine

Fingerprint

Dive into the research topics of 'Learning State Machines to Monitor and Detect Anomalies on a Kubernetes Cluster'. Together they form a unique fingerprint.

Cite this