虚拟计算环境下节点异常检测方法研究

发布时间：2019-03-23 21:03

【摘要】：随着云计算的快速发展,云平台的集群规模急剧扩大,由于资源竞争和软件衰退等原因,虚拟机在运行过程中可能会发生异常行为。虚拟机一旦出现异常会影响云平台的服务质量,进而会造成用户流失等严重后果。因此,虚拟计算环境下的节点异常检测方法研究对于提高云平台的稳定性有重要的应用价值。本文针对虚拟计算环境下集群节点的异常行为检测展开研究,分析和总结了现有的节点异常检测方法的优缺点。在此基础上,根据虚拟计算环境的特点,着重研究了单个节点的异常检测方法、多个同构节点的异常检测方法,解决了虚拟机实时异常检测、多节点异常检测准确率低和误报率高等关键问题。论文的工作主要包括以下几个方面:1.针对基于单聚类的节点异常检测方法准确率低、误报率高等问题,提出一种基于组合聚类的单节点异常检测框架,该框架通过改进子空间聚类算法和密度聚类算法,以满足数据流聚类的要求,并以改进的两种算法作为基聚类算法产生聚类成员,采用基于聚类差异度的选择策略选择聚类成员,最后设计基于共联矩阵的共识函数实现聚类成员的融合。该模型基于聚类融合技术,相比于单聚类,具备更好的适用性、稳定性等特点。实验结果表明,改进的聚类算法在保证聚类精度的同时,在处理效率上有明显提升,并且提出的组合模型相比于单一聚类方法,在准确率、误报率上都有明显的改进。2.针对多节点异常检测问题,提出一种基于上下文的多节点异常检测方法。该方法是针对同构分布式计算系统的多节点异常检测方法,结合同构节点间的上下文信息和单节点的历史信息进行异常检测。实验结果表明,该方法在准确率、召回率等方面均优于现有的方法。
[Abstract]:With the rapid development of cloud computing, the cluster scale of cloud platform expands dramatically. Due to the competition of resources and the decline of software, the abnormal behavior of virtual machine may occur in the process of running. Once there is an anomaly in virtual machine, it will affect the quality of service of cloud platform, which will lead to serious consequences such as loss of users and so on. Therefore, the research on node anomaly detection in virtual computing environment has important application value for improving the stability of cloud platform. In this paper, the anomaly behavior detection of cluster nodes in virtual computing environment is studied, and the advantages and disadvantages of existing node anomaly detection methods are analyzed and summarized. On this basis, according to the characteristics of virtual computing environment, the anomaly detection method of single node and the anomaly detection method of multiple isomorphic nodes are studied emphatically, and the real-time anomaly detection of virtual machine is solved. The key problems such as low accuracy and high false positive rate of multi-node anomaly detection. The work of this paper mainly includes the following aspects: 1. In order to solve the problems such as low accuracy and high false alarm rate of node anomaly detection based on mono-clustering, a single-node anomaly detection framework based on combinatorial clustering is proposed, which improves subspace clustering algorithm and density clustering algorithm. In order to meet the requirements of data flow clustering, two improved clustering algorithms are used as the base clustering algorithm to generate clustering members, and cluster members are selected by the selection strategy based on clustering difference degree. Finally, the consensus function based on the co-join matrix is designed to realize the fusion of cluster members. The model is based on clustering and fusion technology, and has better applicability and stability than single clustering. The experimental results show that the improved clustering algorithm not only guarantees the clustering accuracy, but also improves the processing efficiency obviously. Compared with the single clustering method, the proposed combination model has obvious improvement on the accuracy and false alarm rate. 2. To solve the problem of multi-node anomaly detection, a context-based multi-node anomaly detection method is proposed. This method is a multi-node anomaly detection method for isomorphic distributed computing systems, which combines the context information between the isomorphic nodes and the historical information of the single node to detect the anomalies. The experimental results show that the proposed method is superior to the existing methods in accuracy and recall.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.09;TP311.13

【参考文献】