CN105227343B - The abnormality detection model and method of Distributed Services based on danger theory - Google Patents
The abnormality detection model and method of Distributed Services based on danger theory Download PDFInfo
- Publication number
- CN105227343B CN105227343B CN201510518995.5A CN201510518995A CN105227343B CN 105227343 B CN105227343 B CN 105227343B CN 201510518995 A CN201510518995 A CN 201510518995A CN 105227343 B CN105227343 B CN 105227343B
- Authority
- CN
- China
- Prior art keywords
- service
- services
- danger
- signal
- change
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of abnormality detection model and method of the Distributed Services based on danger theory, model includes:Situation of change is depicted as change curve by danger signal characterization module, the situation of change for monitoring each Distributed Services in real time;Danger signal extraction module, for according to characteristic point by these put based on point construction feature triple monitor the operating status each serviced in real time, if the character triple that real time data is constructed has exceeded the character triple that historical data is constructed, then think that the service there may be potential danger, as anomaly source;The characteristic point is the changed key point of change curve trend;Danger zone computing module, for after finding that exception occurs in some service S, calculating the danger zone of the service.Distributed Services abnormality detection model proposed by the present invention based on danger theory can effectively note abnormalities and source and can detect and the relevant independent path of anomaly source, improve the efficiency of service abnormality detection.
Description
Technical field
The present invention relates to computer technology more particularly to a kind of abnormality detection moulds of the Distributed Services based on danger theory
Type and method.
Background technology
With the rise of mobile Internet, O2O (online to offline), more and more mobile applications, internet
Using the user for having accumulated magnanimity, in response to the request of a large number of users, using Tencent, Twitter as the Internet company of representative
Service ability is improved using Distributed Services, promotes concurrent processing performance.By taking Twitter as an example, Twitter deploys about 2000
A Distributed Services, these services meet SOA (service-oriented architecture) specification, pass through dynamic combined
Meet the needs of different user.At the same time, material is thus formed complicated combination and adduction relationships, under distributed environment
Service abnormality detection brings difficulty.
The behavior individually serviced is paid close attention to different from traditional service abnormality detection, the abnormality detection of Distributed Services needs
Whole exception is found according to the syntagmatic of service.Magnanimity behavioral data is serviced caused by being asked due to a large number of users, and
The uncertainty of Services Composition itself brings challenge to service abnormality detection:
1. the behavior serviced between service is at every moment all changing, there is uncertainty, therefore, it is difficult to simple
Static models go to describe;
2. servicing the behavior between service is dynamic combined, is connected with each other, there is dependence between them,
Therefore it is difficult the abnormality that entire Distributed Services are detected by single service state;
3. the service behavior data of magnanimity bring great challenge to the efficiency of the abnormality detection of Distributed Services.
Distributed Services are to solve the effective ways of mass users service, but simultaneously because the dynamic combined of service results in
The uncertainty of service, therefore increase the difficulty of service abnormality detection.This paper presents a kind of dynamics based on danger theory
Method go detection Distributed Services abnormal.In patent " the cloud service monitoring method based on service origin and device " (application number:
2014105550671) the detailed behavior catching method for elaborating Distributed Services, the patent pass through a service origin day in
The dynamic behaviour of 9 tuple of will description service, i.e., (token, Invoking Service, Service Invoked, location,
elapsed time,times tamp,input,output,status).The service behavior acquisition side in patent is used herein
Method, and using 9 tuple as the input data of model, emphasis is by introducing danger theory, establishing the exception of Distributed Services
Detection model.
Invention content
The technical problem to be solved in the present invention is for the defects in the prior art, to provide a kind of based on danger theory
The abnormality detection model and method of Distributed Services.
The technical solution adopted by the present invention to solve the technical problems is:A kind of Distributed Services based on danger theory
Abnormality detection model, including:
Danger signal characterization module, the situation of change for monitoring each Distributed Services in real time, situation of change is painted
Change curve is made;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes adjusting
Variation with number and time-consuming variation;
Danger signal extraction module, for according to characteristic point by these put based on point construction feature triple supervise in real time
The operating status each serviced is surveyed, if the character triple that real time data is constructed has exceeded the feature three that historical data is constructed
Tuple, then it is assumed that the service there may be potential danger, as anomaly source;The characteristic point is that change curve trend occurs
The key point of variation;
The character triple is defined as { f ' (xi)left,f(xi),f′(xi) right, wherein f (xi) indicate feature
Point;f′(xi) left illustrates the trend of characteristic point left-most curve, f ' (xi) right indicate characteristic point on the right of curve trend;
Danger zone computing module, for after finding that exception occurs in some service S, calculating the danger zone of the service.
It is each one monitoring of service distribution in Distributed Services in the danger signal characterization module by said program
Device monitors the situation of change of each Distributed Services in real time.
By said program, the danger zone that the service is calculated in the danger zone computing module uses following methods, first
First judge and the number t of the service S services being connected;
If numerical value t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, it is specific to walk
It is rapid as follows:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween people
Work APC, and load multiple TRLs receptors on artificial APC, capture the call number between them and averagely take and melted
It closes;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S tune
With total degree SIS and total time-consuming SES, IS and ES are merged, and calculate concentration valueSimilarly, by SIS
It is also merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals with SES;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out beta pruning behaviour
Make (j=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, signal by the call number that services and
Average take collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, takes within the time period
Business S calls the number of service Si to be known as IS;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, in this period
Interior, service S calls the number of service Si divided by time T as averagely to take ES;
If numerical value t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
(1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(2) the state cloud of S is calculated:Assuming that there are n with the service S services being connected, each connected service is regarded as one
Water dust, that is, have a n water dust, and the call number of S and each water dust regards the degree of certainty of the water dust as, be denoted as Ni (i=1,2,
3....n), the mean value Ex for calculating call number by Ni first, then can obtain entropy En and super entropy He, three numbers by mean value
Characteristic value can determine a state cloud, note state cloud S (Ex, En, He);
Wherein
The number of service that wherein m is and service S is connected;
(3) the state cloud Si (Ex for n service being connected with S are calculated by the method for step 2i,Eni,Hei) (i=1,
2,3....n);
(4) degrees of membership of the Si relative to S is calculated:The state cloud of S and Si is constructed by cloud model and is calculated between them
Degree of membership μ,
If degree of membership is bigger, illustrate that the variation of two services is more similar, then being less susceptible to occur between the two services
It is abnormal, the two services are illustrated if instead degree of membership is less than given threshold there is larger difference, then it is easier go out
It is now abnormal, then it is incorporated to danger zone using this path as dangerous path;
(5) step 2 and 3 is repeated, the state cloud for the service being connected with Si is constructed, calculates the degree of membership between them, until
Be safe from danger path;
(6) all dangerous paths are summarized and constructs danger zone.
A kind of method for detecting abnormality of the Distributed Services based on danger theory, includes the following steps:
1) danger signal characterizes:Situation of change is depicted as becoming by the situation of change for monitoring each Distributed Services in real time
Change curve;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes call number
Variation and time-consuming variation;
2) danger signal is extracted:According to characteristic point by these put based on point construction feature triple monitoring is each in real time
The operating status of service, if the character triple that real time data is constructed has exceeded the character triple that historical data is constructed,
Then think that the service there may be potential danger, as anomaly source;The characteristic point is that change curve trend changes
Key point;
The character triple is defined as { f ' (xi)left,f(xi),f′(xi) right, wherein f (xi) indicate feature
Point;f′(xi) left illustrates the trend of characteristic point left-most curve, f ' (xi) right indicate characteristic point on the right of curve trend;
3) danger zone calculates:After finding that exception occurs in some service S, the danger zone of the service is calculated.
By said program, monitored in real time for each service one monitor of distribution in Distributed Services in the step 1)
The situation of change of each Distributed Services.
By said program, the danger zone that the service is calculated in the step 3) uses following methods,
It first determines whether and the number t of the service S services being connected;
If numerical value t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, it is specific to walk
It is rapid as follows:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween people
Work APC, and load multiple TRLs receptors on artificial APC, capture the call number between them and averagely take and melted
It closes;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S tune
With total degree SIS and total time-consuming SES, IS and ES are merged, and calculate concentration valueSimilarly, by SIS
It is also merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals with SES;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out beta pruning behaviour
Make (j=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, signal by the call number that services and
Average take collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, takes within the time period
Business S calls the number of service Si to be known as IS;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, in this period
Interior, service S calls the number of service Si divided by time T as averagely to take ES;
If numerical value t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
(3.1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(3.2) the state cloud of S is calculated:Assuming that there are n with the service S services being connected, each connected service is regarded as one
A water dust, that is, have a n water dust, and the call number of S and each water dust regards the degree of certainty of the water dust as, be denoted as Ni (i=1,2,
3....n), the mean value Ex for calculating call number by Ni first, then can obtain entropy En and super entropy He, three numbers by mean value
Characteristic value can determine a state cloud, note state cloud S (Ex, En, He);
Wherein
The number of service that wherein m is and service S is connected;
(3.3) the state cloud Si (Ex for n service being connected with S are calculated by the method for step (3.2)i,Eni,Hei)
(i=1,2,3....n);
(3.4) degrees of membership of the Si relative to S is calculated:The state cloud of S and Si is constructed by cloud model and is calculated between them
Degree of membership μ,
If degree of membership is bigger, illustrate that the variation of two services is more similar, then being less susceptible to occur between the two services
It is abnormal, the two services are illustrated if instead degree of membership is less than given threshold there is larger difference, then it is easier go out
It is now abnormal, then it is incorporated to danger zone using this path as dangerous path;
(3.5) step (3.2) and (3.3) is repeated, the state cloud for the service being connected with Si is constructed, calculates the person in servitude between them
Category degree, until the path that is safe from danger;
(3.6) all dangerous paths are summarized and constructs danger zone.
The beneficial effect comprise that:Distributed Services abnormality detection model based on danger theory can be effective
Note abnormalities source and can detect with the relevant independent path of anomaly source, to improve service abnormality detection efficiency.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the method flow diagram of the embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, is not used to limit
The fixed present invention.
A kind of abnormality detection model of the Distributed Services based on danger theory, including:
Danger signal characterization module, the situation of change for monitoring each Distributed Services in real time, situation of change is painted
Change curve is made;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes adjusting
Variation with number and time-consuming variation;
Each service is at every moment changing in system, and is also all discrete, by these discrete serial datas
Connection gets up to describe in a manner of patterned to change its feature and trend for changing with the time.Become in computer systems
Change also implies that the balance of system is broken, and implies dangerous generation, wherein extreme point (characteristic point) is exactly curvilinear trend hair
The key point for changing, therefore we are first as the basis for comparing variation and expression variation.By acquiring each characteristic point
Carry out construction feature triple, becoming for feature test point and its curve constituted with consecutive points can be portrayed using the triple
Gesture acquires the triple corresponding to each characteristic point, it will be able to realize the description to system resource operating condition, then to normally transporting
Calculated triple is made comparisons when in the case of row and to be checked, realizes the variation detection of feature based, and then the source that notes abnormalities.
Danger signal extraction module, for according to characteristic point by these put based on point construction feature triple supervise in real time
The operating status each serviced is surveyed, if the character triple that real time data is constructed has exceeded the feature three that historical data is constructed
Tuple, then it is assumed that the service there may be potential danger, as anomaly source;The characteristic point is that change curve trend occurs
The key point of variation;
Service features can be changed by construction feature triple and carry out more accurate description.Character triple is defined as
{f′(xi)left,f(xi),f′(xi) right, wherein f (xi) be ...;f′(xi) left illustrates characteristic point left-most curve
Trend, f ' (xi) right indicates the trend of curve on the right of characteristic point respectively;
The method of construction feature triple is as follows:
According to the gathered data selected characteristic point of each service;
Characteristic point x is calculated to the characteristic point of all selectionsiLeft and right differential;
Construction feature triple { f ' (xi)left,f(xi),f′(xi)right};
The acquisition methods of anomaly source are specific as follows:
Successively to each service arrangement real-time data collection character triple FiWith history gathered data character triple Fj;
If service FiLeft and right difference quotient>Fj
That is (f ' (xi)left>f′(xj)left&&f′(xi)right>f′(xj)right);
Then judge that the service there may be potential danger, is anomaly source.
Danger zone computing module, for after finding that exception occurs in some service S, calculating the danger zone of the service.
The danger zone for calculating the service uses following methods, first determines whether and the number t of the service S services being connected;
If numerical value t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, it is specific to walk
It is rapid as follows:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween people
Work APC, and load multiple TRLs receptors on artificial APC, capture the call number between them and averagely take and melted
It closes;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S tune
With total degree SIS and total time-consuming SES, IS and ES are merged, and calculate concentration valueSimilarly, by SIS
It is also merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals with SES;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out beta pruning behaviour
Make (j=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, signal by the call number that services and
Average take collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, takes within the time period
Business S calls the number of service Si to be known as IS;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, in this period
Interior, service S calls the number of service Si divided by time T as averagely to take ES;
If numerical value t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
Define one:If to the either element x in domain (range of research) U, all there are one number A (x) ∈ [0,1] is right therewith
It answers, then A is referred to as the fuzzy set on U, and A (x) is known as degrees of membership of the x to A.When x changes in U, A (x) is exactly a function, is claimed
For the membership function of A.For degree of membership A (x) closer to 1, the degree that expression x belongs to A is higher, and A (x) belongs to closer to 0 expression x
The degree of A is lower.
Define two:Desired value Ex:Represent the mean value of each other service times of service call;Entropy En:Relative to desired value
For, represent the span of each other service times of service call.
(1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(2) the state cloud of S is calculated
2.1) assume that the service that is connected with S there are n, each service is regarded as a water dust, that is, have a n water dust, S and each
The call number of water dust regards the degree of certainty of the water dust as, is denoted as Ni (i=1,2,3....n);
2.2) mean value of call number is calculated by Ni
2.3) by desired value Ex=X 2.2) can be obtained;
2.4) entropy can be obtained by mean value
2.5) three numerical characteristic values can determine a state cloud, so note state cloud S (Ex, En, He);
(3) the state cloud for the service being connected with S is calculated, the service being connected with S is Si(i=1,2,3..)
3.1) hypothesis and SiConnected service has n, and each service is regarded as a water dust, that is, has n water dust, SiWith it is every
The call number of a water dust regards the degree of certainty of the water dust as, is denoted as Nj (j=1,2,3....n);
3.2) S is equally calculated with the method for calculating S state cloudiState cloud;
3.3)SiState cloud be Si(Exi,Eni,Hei);
(4) S is calculatediDegree of membership relative to S
When calculating the state cloud of certain service, it is attached thereto again without other services if the service is leaf node,
So state cloud for not calculating the service.
If degree of membership is bigger, illustrate that the variation of two services is more similar, then being less susceptible to occur between the two services
It is abnormal, the two services are illustrated if instead degree of membership is less than given threshold there is larger difference, then it is easier go out
It is now abnormal, then it is incorporated to danger zone using this path as dangerous path;
(5) step 2 and 3 is repeated, the state cloud for the service being connected with Si is constructed, calculates the degree of membership between them, until
Be safe from danger path;
(6) all dangerous paths are summarized and constructs danger zone.
As shown in Figure 1, the present invention also provides a kind of method for detecting abnormality of the Distributed Services based on danger theory,
It is characterized by comprising the following steps:
1) danger signal characterizes:Situation of change is depicted as becoming by the situation of change for monitoring each Distributed Services in real time
Change curve;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes call number
Variation and time-consuming variation;The situation of change for monitoring each Distributed Services in real time is specifically:It is every in Distributed Services
One service one monitor of distribution monitors the situation of change of each Distributed Services in real time;
2) danger signal is extracted:According to characteristic point by these put based on point construction feature triple monitoring is each in real time
The operating status of service, if the character triple that real time data is constructed has exceeded the character triple that historical data is constructed,
Then think that the service there may be potential danger, as anomaly source;The characteristic point is that change curve trend changes
Key point;
The character triple is defined as { f ' (xi)left,f(xi),f′(xi) right, wherein f (xi) indicate feature
Point;f′(xi) left illustrates the trend of characteristic point left-most curve, f ' (xi) right indicate characteristic point on the right of curve trend;
3) danger zone calculates:After finding that exception occurs in some service S, the danger zone of the service is calculated;
The danger zone that the service is calculated in step 3) uses following methods,
It first determines whether and the number t of the service S services being connected;
If numerical value t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, it is specific to walk
It is rapid as follows:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween people
Work APC, and load multiple TRLs receptors on artificial APC, capture the call number between them and averagely take and melted
It closes;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S tune
With total degree SIS and total time-consuming SES, IS and ES are merged, and calculate concentration valueSimilarly, by SIS
It is also merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals with SES;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out beta pruning behaviour
Make (j=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, signal by the call number that services and
Average take collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, takes within the time period
Business S calls the number of service Si to be known as IS;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, in this period
Interior, service S calls the number of service Si divided by time T as averagely to take ES;
If numerical value t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
(3.1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(3.2) the state cloud of S is calculated:Assuming that there are n with the service S services being connected, each connected service is regarded as one
A water dust, that is, have a n water dust, and the call number of S and each water dust regards the degree of certainty of the water dust as, be denoted as Ni (i=1,2,
3....n), the mean value Ex for calculating call number by Ni first, then can obtain entropy En and super entropy He, three numbers by mean value
Characteristic value can determine a state cloud, note state cloud S (Ex, En, He);
Wherein
Wherein m is
(3.3) the state cloud Si (Ex for n service being connected with S are calculated by the method for step (3.2)i,Eni,Hei)
(i=1,2,3....n);
(3.4) degrees of membership of the Si relative to S is calculated:The state cloud of S and Si is constructed by cloud model and is calculated between them
Degree of membership μ,
If degree of membership is bigger, illustrate that the variation of two services is more similar, then being less susceptible to occur between the two services
It is abnormal, the two services are illustrated if instead degree of membership is less than given threshold there is larger difference, then it is easier go out
It is now abnormal, then it is incorporated to danger zone using this path as dangerous path;
(3.5) step (3.2) and (3.3) is repeated, the state cloud for the service being connected with Si is constructed, calculates the person in servitude between them
Category degree, until the path that is safe from danger;
(3.6) all dangerous paths are summarized and constructs danger zone.
It should be understood that for those of ordinary skills, it can be modified or changed according to the above description,
And all these modifications and variations should all belong to the protection domain of appended claims of the present invention.
Claims (4)
1. a kind of abnormality detection model of the Distributed Services based on danger theory, which is characterized in that including:
Danger signal characterization module, the situation of change for monitoring each Distributed Services in real time, situation of change is depicted as
Change curve;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes calling time
Several variations and time-consuming variation;
Danger signal extraction module, for according to characteristic point by these put based on point construction feature triple monitoring is every in real time
The operating status of a service, if the character triple that real time data is constructed has exceeded the feature ternary that historical data is constructed
Group, then it is assumed that the service there may be potential danger, as anomaly source;The characteristic point is that change curve trend becomes
The key point of change;
The character triple is defined as { f ' (xi)left,f(xi),f′(xi)right, wherein f (xi) indicate characteristic point;f′
(xi)leftIllustrate the trend of characteristic point left-most curve, f ' (xi)rightIndicate the trend of curve on the right of characteristic point;
Danger zone computing module, for after finding that exception occurs in some service S, calculating the danger zone of the service;
The danger zone that the service is calculated in the danger zone computing module uses following methods,
It first determines whether and the number t of the service S services being connected;
If number t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, specific steps are such as
Under:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween artificial APC,
And multiple TRLs receptors are loaded on artificial APC, capture the call number between them and averagely takes and is merged;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S calling it is total
Number SIS and total time-consuming SES, IS and ES is merged, and calculate concentration valueSimilarly, by SIS and SES
Also it is merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out cut operator (j
=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, and signal is by the call number that services and average
It takes and collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, services S tune within the time period
It is known as IS with the number of service Si;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, within the time period, clothes
S calling of being engaged in services the number of Si divided by time T as averagely takes ES;
If number t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
(1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(2) the state cloud of S is calculated:Assuming that there are n with the service S services being connected, each connected service is regarded as a water dust,
There is a n water dust, the call number of S and each water dust regards the degree of certainty of the water dust as, is denoted as Ni (i=1,2,3....n),
The mean value Ex for calculating call number by Ni first, then can obtain entropy En and super entropy He, three numerical characteristic values are by mean value
It can determine a state cloud, note state cloud S (Ex, En, He);
Wherein
The number of service that wherein m is and service S is connected;
(3) the state cloud Si (Ex for n service being connected with S are calculated by the method for step 2i,Eni,Hei) (i=1,2,
3....n);
(4) degrees of membership of the Si relative to S is calculated:The state cloud of S and Si is constructed by cloud model and calculates being subordinate between them
μ is spent,
If degree of membership is bigger, illustrate that the variation of two services is more similar, then it is less susceptible to exception occur between the two services,
Illustrate that there is larger differences for the two services if instead degree of membership is less than given threshold, then being more susceptible to different
Often, then it is incorporated to danger zone using this path as dangerous path;
(5) step 2 and 3 is repeated, the state cloud for the service being connected with Si is constructed, the degree of membership between them is calculated, until not having
Dangerous path;
(6) all dangerous paths are summarized and constructs danger zone.
2. abnormality detection model according to claim 1, which is characterized in that be distribution in the danger signal characterization module
Each service one monitor of distribution monitors the situation of change of each Distributed Services in real time in formula service.
3. a kind of method for detecting abnormality of the Distributed Services based on danger theory, which is characterized in that include the following steps:
1) danger signal characterizes:It is bent to be depicted as variation by the situation of change for monitoring each Distributed Services in real time for situation of change
Line;The monitoring index monitored in real time comes from nine tuple of service origin daily record, and the situation of change includes the change of call number
The variation changed and taken;
2) danger signal is extracted:According to characteristic point by these put based on each service of point construction feature triple monitoring in real time
Operating status recognize if the character triple that real time data is constructed has exceeded the character triple that historical data is constructed
Potential danger, as anomaly source are there may be for the service;The characteristic point is the changed pass of change curve trend
Key point;
The character triple is defined as { f ' (xi)left,f(xi),f′(xi)right, wherein f (xi) indicate characteristic point;f′
(xi)leftIllustrate the trend of characteristic point left-most curve, f ' (xi)rightIndicate the trend of curve on the right of characteristic point;
3) danger zone calculates:After finding that exception occurs in some service S, the danger zone of the service is calculated;The step 3)
The middle danger zone for calculating the service uses following methods,
It first determines whether and the number t of the service S services being connected;
If number t is less than threshold value, then the method for selecting the signal fused based on DCA exports danger zone, specific steps are such as
Under:
(i) assume T at some time point, note abnormalities source S, initially sets up the service S being connected with service SiBetween artificial APC,
And multiple TRLs receptors are loaded on artificial APC, capture the call number between them and averagely takes and is merged;
(ii) acquisition all service S of T time point and service SiBetween IS and ES (i=1,2,3..) and service S calling it is total
Number SIS and total time-consuming SES, IS and ES is merged, and calculate concentration valueSimilarly, by SIS and SES
Also it is merged to obtain the weight that total concentration value C, wherein a and b are respectively the two input signals;
(iii) determine whether the independent path between two services will produce danger by calculating exception coefficient u, wherein
(iv) step (i)~(iii) is repeated, a couple service Sj connected with service Si is merged again, carries out cut operator (j
=1,2,3..);
Wherein, artificial APC:That is artificial antigen presenting cells, the function of the cell are to receive the separate unit of signal;
Artificial T RLs receptors:The major function of this receptor is to capture and merge signal, and signal is by the call number that services and average
It takes and collectively constitutes;
Invoking signal:It is denoted as IS, it is assumed that note abnormalities source S in some period T, services S tune within the time period
It is known as IS with the number of service Si;
Elapsed time signal:It is denoted as ES, it is assumed that note abnormalities source S in some period T, within the time period, clothes
S calling of being engaged in services the number of Si divided by time T as averagely takes ES;
If number t is more than threshold value, danger zone is exported using the method for cloud model, is as follows:
(3.1) the state cloud of construction service S and the state cloud for the service being connected with the service;
(3.2) the state cloud of S is calculated:Assuming that there are n with the service S services being connected, each connected service is regarded as a cloud
Drop, that is, have a n water dust, and the call number of S and each water dust regards the degree of certainty of the water dust as, be denoted as Ni (i=1,2,
3....n), the mean value Ex for calculating call number by Ni first, then can obtain entropy En and super entropy He, three numbers by mean value
Characteristic value can determine a state cloud, note state cloud S (Ex, En, He);
Wherein
The number of service that wherein m is and service S is connected;
(3.3) the state cloud Si (Ex for n service being connected with S are calculated by the method for step (3.2)i,Eni,Hei) (i=
1,2,3....n);
(3.4) degrees of membership of the Si relative to S is calculated:The state cloud of S and Si is constructed by cloud model and calculates the person in servitude between them
Category degree μ,
If degree of membership is bigger, illustrate that the variation of two services is more similar, then it is less susceptible to exception occur between the two services,
Illustrate that there is larger differences for the two services if instead degree of membership is less than given threshold, then being more susceptible to different
Often, then it is incorporated to danger zone using this path as dangerous path;
(3.5) step (3.2) and (3.3) is repeated, the state cloud of service that construction is connected with Si calculates being subordinate between them
Degree, until the path that is safe from danger;
(3.6) all dangerous paths are summarized and constructs danger zone.
4. method for detecting abnormality according to claim 3, which is characterized in that be every in Distributed Services in the step 1)
One service one monitor of distribution monitors the situation of change of each Distributed Services in real time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510518995.5A CN105227343B (en) | 2015-08-21 | 2015-08-21 | The abnormality detection model and method of Distributed Services based on danger theory |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510518995.5A CN105227343B (en) | 2015-08-21 | 2015-08-21 | The abnormality detection model and method of Distributed Services based on danger theory |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105227343A CN105227343A (en) | 2016-01-06 |
CN105227343B true CN105227343B (en) | 2018-08-07 |
Family
ID=54996054
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510518995.5A Active CN105227343B (en) | 2015-08-21 | 2015-08-21 | The abnormality detection model and method of Distributed Services based on danger theory |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105227343B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657005A (en) * | 2016-11-16 | 2017-05-10 | 武汉科技大学 | Abnormity detection multilayer model for cloud services |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101950334A (en) * | 2010-08-05 | 2011-01-19 | 武汉大学 | Information system danger sense method and system based on computer immunity |
CN104518913A (en) * | 2014-12-17 | 2015-04-15 | 武汉科技大学 | Cloud service abnormality detection method based on artificial immunity |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100859808B1 (en) * | 2007-01-05 | 2008-09-24 | 삼성전자주식회사 | Optical Network Unit for Error Detection and Recovery of Optic Module and Control Method Thereof |
-
2015
- 2015-08-21 CN CN201510518995.5A patent/CN105227343B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101950334A (en) * | 2010-08-05 | 2011-01-19 | 武汉大学 | Information system danger sense method and system based on computer immunity |
CN104518913A (en) * | 2014-12-17 | 2015-04-15 | 武汉科技大学 | Cloud service abnormality detection method based on artificial immunity |
Also Published As
Publication number | Publication date |
---|---|
CN105227343A (en) | 2016-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107851049A (en) | System and method for providing Network Safety Analysis based on operating technology and information technology | |
CN104462121B (en) | Data processing method, apparatus and system | |
CN103559176B (en) | Microblog emotional evolution analysis method and system | |
CN103095728B (en) | A kind of network security points-scoring system of Behavior-based control data fusion and method | |
CN107701378B (en) | A kind of wind-driven generator fault early warning method | |
CN111162949A (en) | Interface monitoring method based on Java byte code embedding technology | |
Zadeh et al. | Qos monitoring for web services by time series forecasting | |
CN104298550A (en) | Hadoop-oriented dynamic scheduling method | |
CN110086674A (en) | A kind of application high availability implementation method and system based on container | |
CN111179109A (en) | Electricity consumption data processing method for detecting elderly people living alone | |
CN108809760A (en) | The control method and device in sampling period in sampled-data system | |
CN107844406A (en) | Method for detecting abnormality and system, service terminal, the memory of distributed system | |
CN105022823B (en) | A kind of cloud service performance early warning event generation method based on data mining | |
CN105227343B (en) | The abnormality detection model and method of Distributed Services based on danger theory | |
CN104793609B (en) | A kind of adaptive optics electric-control system self-inspection and fault diagnosis expert system | |
CN108304293A (en) | A kind of software systems monitoring method based on big data technology | |
CN103226572B (en) | A kind of extendible monitoring method and system based on data compression | |
CN112699048A (en) | Program fault processing method, device and equipment based on artificial intelligence and storage medium | |
CN110138812B (en) | Network Safety Analysis system | |
CN105868079A (en) | Method for Java memory inefficient usage detection based on memory usage propagation analysis | |
CN105897503B (en) | Hadoop cluster bottleneck detection method based on resource information gain | |
Dong | Deployment cost optimal for composite event detection in heterogeneous wireless sensor networks | |
US9229898B2 (en) | Causation isolation using a configuration item metric identified based on event classification | |
Wei et al. | Dynamic modeling of spike count data with Conway-Maxwell Poisson variability | |
CN112183053A (en) | Data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |