Abstract
The purpose of our research is to develop the continuous anomaly detection method for a web-based system with avoiding false detection by monitoring resource usage. A conventional method detects the anomaly by applying autoregressive model to the difference between the actual resource usage and the estimated resource usage with the design reference value. When the spike that uses much resource momentarily happens on the web-based system, the anomaly is detected falsely in spite of that the anomaly is not continuous and immediately recovered. In order to detect the continuous anomaly, the proposed method checks whether the detected anomaly is continuous or not by judging the resource usage after the observation of a spike. The proposed method judges the trend of increasing resource usage by autoregressive coefficient with the resource usage after the spike. Applying the test of the structural changes to the resource usage before and after the spike, the proposed method detects anomalies in judging statistically whether the trend of the resource usages changes. Experimental results show that the proposed method can decrease the frequency of the false detection to few times and detect the anomaly in 380 seconds, which is practical enough to use for the management of a web-based system.
