Experimentations with OpenStack System Logs and Support Vector Machine for an Anomaly Detection Model in a Private Cloud Infrastructure

Anomaly detection is a crucial aspect of cloud computing that is becoming increasingly challenging. This is because a huge amount of system logs is usually generated in both private and public cloud infrastructure, thereby complicating manual inspection by System Administrators. In order to address this challenge, an experimental investigation was carried out in this study towards the development of an anomaly detection model for OpenStack private cloud infrastructure. Firstly, OpenStack system logs were curated from the Loghub corpus as experimental dataset for the study. The logs were parsed using Iterative Partitioning Log Mining (IPLoM) algorithm to produce structured event log templates. Discriminative numerical features were extracted from the event log templates using Term Frequency Inverse Document Frequency (TF-IDF) algorithm. Thereafter, Support Vector Machine (SVM) classifier with varying kernels was trained to evolve an acceptable classifier experimentally. The SVM classifier with linear and RBF kernels outperformed other kernels with acceptable accuracy, precision, recall and F-measure.