Cloud Computing is accelerating the movement of System monitoring from manual, to reactive to proactive. One important aspect of being proactive is Anomaly Detection. But, it’s often unclear what’s anomalous for a given deployment. Machine learning techniques can help.
Contrail Networking provides an Anomaly Detection model based on time-series of any metric. Based on past information, we learn what to expect in the future. If a given metric reports values that are far from this expectation, we raise an Alert.
In this example we will use statistical process control, based on computing the running average and standard deviation and examining the current value using real-time stream processing. The metric being used is the number of active flows on the host/vRouter. We run a multitier application with some clients – a redmine webserver with a separate mysql database. Then, we launch a TCP SYN attack on the server, which causes an ususual number of flows. This triggers an Alert.