- 學位論文
利用CPU使用率找尋異常現象
Analysis Central Processung Unit usage to find anomalies
摘要
近幾年的系統設定錯誤和近年來越來越多的網路攻擊事件,都有可能造成網路設備出現異常而影響設備提供正常服務的效能,所以本研究提出能在最短的時間內發現設備有異常。要檢測異常現象,最常見的就是對企業內的CPU使用率變化進行分析,本研究經由大數據的分析找出不同時段的使用習慣及其相對應的門檻值,再經由每個時段預測使用率對每個時段的門檻值做動態微調以強化監控異常現象的準確度。另外經由預測的使用率可以建立來預警功能,讓使用者可即時知道是否出現異常使用行為進而可以提早檢測系統並阻止異常現象的影響。現今監控軟體已成為企業管理的基本要件,而許多台灣企業都採用價格較低且為開放原始碼的網路監控軟體Nagios或Cacit,這兩個監控軟體不論是對單一電腦硬體資源(網路的流量或CPU使用率)的監控都只能設定單一門檻值。 對同一家公司而言,由於每天整體工作大致相同,雖然每天的行為大都類似,但不同時段明顯會有不同的使用習慣。此時使用單一門檻值的缺點:當門檻值設定過高時,則無法產生告警資訊,其結果會造成使用者無法儘早發現異常現象;而當門檻值設定過低時,則耽誤系統可能會一直發送告警通知,而造成使用者時刻進行異常檢測,我們研究了一套演算法可以透過歷史的數據針對每個時段建立多重門檻值,而每個時段都有3個門檻值,只要包含在最大門檻值及最小門檻值內,則不屬於異常使用行為。其經由我們訓練資料所建立的預測模型進行驗證,其預測結果可以準確的發現異常狀況且預測每個時段的門檻值趨勢。
並列摘要
In recent years, the system setting errors and the increasing number of network attacks may cause abnormalities in the network equipment and affect the performance of the equipment in providing normal services. So, this study proposes to detect abnormalities in the equipment in the shortest possible time. The most common way to detect abnormalities is to analyze the change of CPU usage rate in the enterprise. This study finds out the usage habits of different time periods and their corresponding thresholds through the analysis of big data. Then makes dynamic fine-tuning of the thresholds for each time period by predicting the usage rate for each time period to strengthen the accuracy of monitoring abnormalities. In addition, the predicted usage rate can be used to establish an early warning function. So that users can immediately know whether abnormal usage behavior occurs and then detect the system early and stop the impact of abnormal phenomena. Nowadays, monitoring software has become a basic element of business management. And, many Taiwan companies use the less expensive and open source network monitoring software Nagios or Cacit. Both of them can only set a single threshold value for monitoring a single computer hardware resource (network traffic or CPU usage). For a company, although the overall work and the daily behavior is similar every day. There are obviously different usage habits at different times of the day. There are some disadvantages of using a single threshold value. When the threshold value is set too high, it will not be able to generate alarm information. And the result will cause users not be able to detect abnormalities as early as possible. When the threshold value is set too low. The delayed system may keep sending alarm notifications, which will cause users to detect abnormalities at all times. We have developed an algorithm to establish multiple thresholds for each time period by using historical data, and each time period has three thresholds. The prediction model built by our training data is validated. The prediction results can accurately detect the abnormal conditions and predict the trend of threshold values for each time period.