基于TCN和注意力机制的异常检测和定位算法

doi:10.3969/j.issn.1671-1122.2021.11.010

摘要/Abstract

摘要：

随着云计算时代的到来,应用上云已经成为主流的系统部署方案。为了满足业务需求,很多系统都在混合云环境采用微服务架构。系统本身的复杂性和运行环境的复杂性使得实时监控和运维数据处理、异常检测及定位都变得困难。文章设计了一个面向复杂云系统的实时监控和数据处理框架,同时提出了一种基于TCN和注意力机制的异常检测算法（TCN-AT）。前者可在复杂云环境的微服务系统中运行,后者用于时间序列数据中的点异常和窗口异常检测。文章在仿真数据、真实的微服务系统数据和开源的比赛数据上进行了大量实验,结果表明TCN-AT的性能优于其他前沿算法。

关键词: TCN, 异常检测, 异常定位, 微服务系统

Abstract:

With the development of cloud computing, the application of cloud has become the mainstream system deployment scheme. In order to meet the commercial needs, many systems adopt the micro service architecture and deploy to the hybrid cloud environment. The complexity of the system and the complexity of the operating environment make real-time monitoring and operation data processing, anomaly detection and location difficult. In this paper, we designed a real-time monitoring and data processing framework for complex cloud system. We proposed an anomaly detection algorithm based on TCN and attention mechanism (TCN-AT). The former is suitable for micro service system running in complex cloud environment, while the latter is used for point anomaly and window anomaly detection in time series data. A large number of experiments on simulation data, real microservice system data and open source data show that TCN-AT is superior to other state of art algorithms.

Key words: TCN, anomaly detection, anomaly location, microservice system

中图分类号:

TP309

吴佳洁, 吴绍岭, 王伟. 基于TCN和注意力机制的异常检测和定位算法[J]. 信息网络安全, 2021, 21(11): 85-94.

WU Jiajie, WU Shaoling, WANG Wei. An Anomaly Detection and Location Algorithm Based on TCN and Attention Mechanism[J]. Netinfo Security, 2021, 21(11): 85-94.

图/表 13

图1

图2

图3

图4

图5

表1

表2

图6

表3

表4

表5

图7

图8

参考文献 24

[1]	DRAGONI N, GIALLORENZO S, LAFUENTE A L, et al. Present and Ulterior Software Engineering \|\| Microservices: Yesterday, Today, and Tomorrow[M]. Berlin: Springer-Verlag, 2017.
[2]	LI Chunxia. Overview of Microservice Architecture Research[J]. Software Guide, 2019, 18(8):1-3, 7.
	李春霞. 微服务架构研究概述[J]. 软件导刊, 2019, 18(8):1-3,7.
[3]	TANG Zhitao, LIU Xing. Evolution of Enterprise Application System Architecture[EB/OL]. https://www.cnki.com.cn/Article/CJFDTOTAL-CXYY201735067.htm, 2021-02-27.
	唐志涛, 刘星. 企业应用系统架构演进[EB/OL]. https://www.cnki.com.cn/Article/CJFDTOTAL-CXYY201735067.htm, 2021-02-27.
[4]	ZHANG Shifeng, PAN Shanliang. Application of Docker Technology in Microservices[J]. Electronic Technology and Software Engineering, 2019, 19(4):164.
	章仕锋, 潘善亮. Docker技术在微服务中的应用[J]. 电子技术与软件工程, 2019, 19(4):164.
[5]	KHAZAEI H, BARNA C, BEIGI-MOHAMMADI N, et al. Efficiency Analysis of Provisioning Microservices[C]// IEEE. 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), December 12-15, 2016, Piscataway, USA. New York: IEEE, 2016: 261-268.
[6]	FAN Yamin, FU Jian. The Way of Microservices: Metric Driven Development[M]. Beijing: China Machine Press, 2020.
	范亚敏, 傅健. 微服务之道:度量驱动开发[M]. 北京: 机械工业出版社, 2020.
[7]	BLOHOWIAK A, BASIRI A. A Platform for Automating Chaos Experiments[C]// IEEE. 2016 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), October 23-27, 2016, Ottawa, Ontario, Canada. Piscataway: IEEE, 2016: 5-8.
[8]	SHYU Meiling, CHEN Shuching, SARINNAPAKORN K, et al. A Novel Anomaly Detection Scheme Based on Principal Component Classifier[C]// IEEE. Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in Conjunction with the Third IEEE International Conference on Data Mining (ICDM03), November 19-22, 2003, Melbourne, Florida. USA. New York: IEEE, 2003: 172-179.
[9]	LIU Fei, TING Kaiming, ZHOU Zhihua, et al. Isolation Forest[C]// IEEE. 2008 Eighth IEEE International Conference on Data Mining, December 15-19, 2008, Washington, USA. New York: IEEE, 2008: 413-422.
[10]	ZONG Bo, SONG Qi, MIN M R, et al. Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection[C]// ICLR. International Conference on Learning Representations 2018, April 30-May 3, 2018, Vancouver, BC, Canada. USA: ICLR, 2018: 1-19.
[11]	ZHANG Chuxu, SONG Dongjin, CHEN Yuncong, et al. A Deep Neural Network for Unsupervised Anomaly Detection and Diagnosis in Multivariate Time Series Data[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2019, 33(1):1409-1416. doi: 10.1609/aaai.v33i01.33011409 URL
[12]	MALHOTRA P, RAMAKRISHNAN A, ANAND G, et al. LSTM-based Encoder-decoder for Multi-sensor Anomaly Detection[EB/OL]. https://arxiv.org/pdf/1607.00148.pdf, 2021-01-19.
[13]	HE Yangdong, ZHAO Jiabao. Temporal Convolutional Networks for Anomaly Detection in Time Series[J]. Journal of Physics: Conference Series, 2019, 1213(4):42050. doi: 10.1088/1742-6596/1213/4/042050 URL
[14]	MUNIR M, SIDDIQUI S A, DENGEL A, et al. DeepAnT: A Deep Learning Approach for Unsupervised Anomaly Detection in Time Series[J]. IEEE Access, 2019, 19(7):1991-2005.
[15]	LAPTEV N, AMIZADEH S, FLINT I, et al. Generic and Scalable Framework for Automated Time-series Anomaly Detection[C]// ACM. Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 10-13, 2015, Sydney, NSW, Australia. New York: IEEE, 2015: 1939-1947.
[16]	Etsy. Skyline: It’ll Detect Your Anomalies[EB/OL]. https://github.com/etsy/skyline, 2021-01-15.
[17]	Netflix. Surus: A Collection of Tools for Analysis in Pig and Hive[EB/OL] https://github.com/netflix/surus, 2021-02-22.
[18]	XU Haowen, CHEN Wenxiao, ZHAO Nengwen, et al. Unsupervised Anomaly Detection via Variational Auto-encoder for Seasonal KPIs in Web Applications[C]// ACM. WWW 2018: International World Wide Web Conferences, April 23-27, 2018, Lyon, France. New York: ACM, 2018: 187-196.
[19]	LIU Dapeng, ZHAO Youjian, XU Haowen, et al. Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning[C]// ACM. Proceedings of the 2015 Internet Measurement Conference On, October 28-30, 2015, Tokyo, Japan. New York: ACM, 2015: 211-224.
[20]	BAI S, KOLTER Z, KOLTUN V, et al. An Empirical Evaluation of Generic Convolutional and Recurrent Networks for Sequence Modeling[EB/OL]. export.arxiv.org/pdf/1803.01271, 2021-01-16.
[21]	LUONG M T, PHAM H, MANNING C D, et al. Effective Approaches to Attention-based Neural Machine Translation[C]// ACL. Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing, September 17-18, 2015, Lisbon, Portugal. Stroudsbrug, Pennsylvania: ACL, 2015: 1412-1421.
[22]	CLEVELAND R B. STL: A Seasonal-trend Decomposition Procedure Based on Loess[J]. Journal of Office Statistics, 1990, 6(1):3-7.
[23]	TAYLOR S, LETHAM B. Forecasting at Scale[J]. The American Statistician, 2018, 7(1):37-45.
[24]	HOCHREITER S, SCHMIDHUBER J. Long Short-term Memory[J]. Neural Computation, 1997, 9(8):1735-1780. doi: 10.1162/neco.1997.9.8.1735 URL

	SMData	KFData	CLData
节点数	20000	27598	49995
训练集	0~8000	0~11040	0~19998
验证集	8001~10000	11041~13799	19999~24997
测试集	10001~20000	13800~27598	24998~49995

数据集	阈值	窗口大小
D1	0.6	120
D2	0.7	120
D3	0.55	90

	SMData	KFData	CLData
WMA+EMA+STL	0.67	0.79	0.85
Prophet	0.77	0.88	0.86
LSTM	0.75	0.85	0.88
TCN	0.87	0.95	0.91
TCN-AT	0.88	0.97	0.92

	SMData	KFData	CLData
WMA+EMA+STL	0.63	0.83	0.88
Prophet	0.73	0.92	0.90
LSTM	0.78	0.87	0.95
TCN	0.80	0.95	1.0
TCN-AT	1.0	1.0	1.0

	定位速度/s
WMA+EMA+STL	0.032
Prohet	0.758
LSTM	0.675
TCN	1.34
TCN-AT	1.46