Survey of Cloud Traffic Anomaly Detection Algorithms

• Published in: Information and Software Technologies Vol. 1665; pp. 19 - 32
• Main Authors: Paulikas, Giedrius, Sandonavičius, Donatas, Stasiukaitis, Edgaras, Vilutis, Gytis, Vaitkunas, Mindaugas
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2022; Springer International Publishing
• Series: Communications in Computer and Information Science
• Subjects: Machine learning algorithms; Network monitoring system; Traffic anomaly
• ISBN: 9783031163012; 303116301X
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-031-16302-9_2

Widespread use of cloud computing resources calls for reliable network connections, while anomalies in network traffic impact the availability of cloud resources in a negative way. Anomaly detection tools are essential for identifying and forecasting these network anomalies. In recent years machine learning methods are gaining popularity in implementations of anomaly detection tools. Given the variety of network anomaly types and the availability of diverse machine learning algorithms, developers of anomaly detection software and administrators of cloud infrastructures are presented with a wide range of possible solutions. This article presents a survey of the most popular machine learning methods that are applicable to detecting anomalies in cloud networks. In order to be able to classify and compare these methods, six major criteria (training approach, training time, preferred areas of application, discovery of unprecedented anomalies, dataset’s influence on anomaly prediction and problem of vanishing or exploding gradient) are discerned and discussed in detail, providing their implications on the evaluated methods. Subsequently, the criteria are used to review the features of the main machine learning methods for anomaly detection and to provide insights about using the methods to identify abnormal network behavior. The last part of the study lists the examined machine learning methods and appropriate tools for anomaly monitoring and detection. The provided lists are then used to draw final conclusions that provide the recommendations for employing the aforementioned algorithms and tools in various cases of anomaly detection.