On the effectiveness of isolation-based anomaly detection in cloud data centers

1School of Computing, Engineering and Mathematics,Western Sydney University, Penrith, NSW, Australia 2School of Computing and Information Systems, The University ofMelbourne, Melbourne, VIC, Australia 3CA Technologies, Melbourne, VIC, Australia Correspondence Rodrigo N. Calheiros,Western Sydney University, Locked Bag 1797, Penrith, NSW 2751, Australia. Email: [email protected] Summary The high volume of monitoring information generated by large-scale cloud infrastructures poses a challenge to the capacity of cloud providers in detecting anomalies in the infrastructure. Traditional anomaly detection methods are resource-intensive and computationally complex for training and/or detection, what is undesirable in very dynamic and large-scale environment such as clouds. Isolation-based methods have the advantage of low complexity for training and detection and are optimized for detecting failures. In this work, we explore the feasibility of Isolation Forest, an isolation-based anomaly detection method, to detect anomalies in large-scale cloud datacenters.Weproposeamethodtocodetime-series informationasextraattributes thatenable temporal anomaly detection and establish its feasibility to adapt to seasonality and trends in the time-series and to be applied online and in real-time.