Abstract

One of the most attractive things about cloud computing from the perspective of business people is that it provides an effective means to outsource IT. The behaviors of business applications on cloud are constantly evolving due to technical upgrading, cloud migration as well as social outbreaks. These changes bring the challenge of detecting anomalies during the change of applications on cloud. LOF (Local Outlier Factor) algorithm has already been proven as the most promising outlier detection method for detecting network intrusions. To improve the performance of detection, LOF needs a complete set of normal behaviors of business applications, which is usually not available in cloud computing. We present an adaptive anomaly detection scheme for cloud computing based on LOF. Our scheme learns behaviors of applications both in training and detecting phase. It is adaptive to the change during detecting. The adaptability of our scheme reduces demand of efforts on collecting training data before detecting. It also enables the ability to detect contextual anomalies. Experimental results show that our scheme can effectively detect contextual anomalies with relatively low computational overhead.