Infrastructure anomaly detection: A cloud-native architecture at Germany’s Federal Employment Agency
Vorschaubild nicht verfügbar
ISSN der Zeitschrift
(Agiles) Enterprise Architecture Management in Forschung und Praxis
Gesellschaft für Informatik, Bonn
In prior research we explored the use of time series analysis methods to detect one class of information technology (IT) infrastructure anomalies - Distributed Denial of Service (DDoS) attacks. The results of this prior work were a mathematical model and a prototype implementation that were concretely trialed and operated in the data centers of Germany's Federal Employment Agency (FEA). With this paper, we go one step further and generalize as well as optimize the mathematical model and create higher performance and scalability for an updated prototype through targeted use of cloud technologies. The starting point of our generalization is the Exponential Smoothing (E-S) approach, which underlies, for example, the well-known Holt-Winters method. This method is used to predict univariate time series. To detect anomalies (such as DDoS attacks) in infrastructure data, we extend the E-S approach to enable it to forecast multivariate time series. In this optimization of our method and our prototype, we take an exploratory, agile approach. Furthermore, we present a cloud-native architecture stack which we pilot in Azure.