A Docker Container Anomaly Monitoring System Based on Optimized Isolation Forest

• Published in: IEEE transactions on cloud computing Vol. 10; no. 1; pp. 134 - 145
• Main Authors: Zou, Zhuping, Xie, Yulai, Huang, Kai, Xu, Gongming, Feng, Dan, Long, Darrell
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 01.01.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Algorithms; Anomalies; anomaly monitoring; Cloud computing; Containers; Docker container; Feature selection; Forestry; isolation forest; log analysis; Measurement; Monitoring; Virtual machining; Virtualization
• ISSN: 2168-7161; 2168-7161; 2372-0018
• DOI: 10.1109/TCC.2019.2935724

Container-based virtualization has gradually become a main solution in today's cloud computing environments. Detecting and analyzing anomaly in containers present a major challenge for cloud vendors and users. This paper proposes an online container anomaly detection system by monitoring and analyzing multidimensional resource metrics of the containers based on the optimized isolation forest algorithm. To improve the detection accuracy, it assigns each resource metric a weight and changes the random feature selection in the isolation forest algorithm to the weighted feature selection according to the resource bias of the container. In addition, it can identify abnormal resource metrics and automatically adjust the monitoring period to reduce the monitoring delay and system overhead. Moreover, it can locate the cause of the anomalies via analyzing and exploring the container log. The experimental results demonstrate the performance and efficiency of the system on detecting the typical anomalies in containers in both simulated and real cloud environments.