A model-based approach for automatic recovery from memory leaks in enterprise applications

Large-scale distributed computing systems such as data centers are hosted on heterogeneous and networked servers that execute in a dynamic and uncertain operating environment, caused by factors such as time-varying user workload and various failures. Therefore, achieving stringent quality-of-service goals is a challenging task, requiring a comprehensive approach to performance control, fault diagnosis, and failure recovery. This work presents a model-based approach for fault management, which integrates limited lookahead control (LLC), diagnosis, and fault-tolerance concepts that: (1) enables systems to adapt to environment variations, (2) maintains the availability and reliability of the system, (3) facilitates system recovery from failures. We focused on memory leak errors in this thesis. A characterization function is designed to detect memory leaks. Then, a LLC is applied to enable the computing system to adapt efficiently to variations in the workload, and to enable the system recover from memory leaks and maintain functionality

An Active Approach to Characterizing Dynamic Dependencies for Problem Determination in a Distributed Environment

We describe a methodology for identifying and characterizing dynamic dependencies between system components in distributed application environments such as e-commerce systems. The methodology relies on active perturbation of the system to identify dependencies and the use of statistical modeling to compute dependency strengths. Unlike more traditional passive techniques, our active approach requires little initial knowledge of the implementation details of the system and has the potential to provide greater coverage and more direct evidence of causality for the dependencies it identifies. We experimentally demonstrate the efficacy of our approach by applying it to a prototypical e-commerce system based on the TPC-W web commerce benchmark, for which the active approach correctly identifies and characterizes 41 of 42 true dependencies out of a potential space of 140 dependencies. Finally, we consider how the dependencies computed by our approach can be used to simplify and guide the task of root-cause analysis, an important part of problem determination

Inferring the source and destination of the anomalous traffic in networks using spatio-temporal correlation

Orientadores: Leonardo de Souza Mendes, Mario Lemes Proença JuniorDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Estratégias voltadas para a detecção de anomalias em redes de computadores emitem alarmes como forma de notificação ao administrador de rede. Esses alarmes são essenciais para a gerencia de rede, pois são evidencias de uma anormalidade. Entretanto, uma única anomalia pode gerar um numero excessivo de alarmes, tornando a inspeção manual inviável. Nesta dissertação, e apresentado um sistema de correlação de alarmes automatizado, divido em três camadas, que obtém os alarmes primitivos e apresenta ao administrador de rede uma visão global do cenário afetado pela anomalia. A camada de pré-processamento faz a compressão dos alarmes utilizando seus atributos espaciais e temporais, os quais são reduzidos a um único alarme denominado DLA (Alarme em Nível de Equipamento). A camada de correlação busca, através dos DLAs e de informações sobre a topologia da rede, inferir o caminho de propagação da anomalia, sua origem e destino. A camada de apresentação prove a visualização do caminho e elementos de redes afetados pela propagação da anomalia. O sistema apresentado nesta dissertação foi aplicado em diversos cenários que apresentavam anomalias reais detectadas na rede da Universidade Estadual de Londrina. Foi demonstrada sua capacidade de identificar, de forma automatizada, o caminho de propagação do trafego anômalo, proporcionando informações úteis e corretas ao administrador de rede para o diagnostico do problemaAbstract: Anomaly detection systems for computer networks send alarms in order to notify the network administrator. These alarms are essential for network management because they are evidences of an abnormality. However, a single anomaly may generate an excessive volume of alarms, making the manual inspection unfeasible. In this work, it is presented an automated alarm correlation system divided into three layers, which obtains raw alarms and presents to network administrator a global view of the scenario affected by the anomaly. In the preprocessing layer, it is performed the alarm compression using their spatial and temporal attributes, which are reduced to a unique alarm named DLA (Device Level Alarm). The correlation layer aims to infer the anomaly propagation path and its origin and destination using DLAs and network topology information. The presentation layer provides the visualization of the path and network elements affected by the anomaly propagation through the network. The presented system was applied in various scenarios that had real anomalies detected on the State University of Londrina network. It demonstrated its ability to identify in an automated manner the anomalous traffic propagation path, providing useful and accurate information to the network administrator to diagnose the problemMestradoTelecomunicações e TelemáticaMestre em Engenharia Elétric