Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Pragmatical Approach to Anomaly Detection Evaluation in Edge Cloud Systems

Sotiris Skaperas, George Koukis, Ioanna Angeliki Kapetanidou, Vassilis Tsaoussidis, Lefteris Mamatas

TL;DR

The paper tackles anomaly detection in edge cloud systems under strict latency and resource constraints by evaluating change-point based detectors. It compares non-parametric and parametric CUSUM methods with Bayesian online change point detectors using a novel cloud-native evaluation framework implemented on Kubernetes across two edge test-beds. The study provides practical insights into the trade-offs between detection delay, false alarms, and resource consumption (CPU, memory, and response time), highlighting that npCUSUM offers strong scalability while BOCD is more demanding. The results inform design choices for lightweight, real-time AD in constrained edge environments and demonstrate the value of a cloud-native, instrumented evaluation pipeline.

Abstract

Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to investigate the performance of change-point based detectors, i.e., a class of lightweight and accurate AD methods, in relation to the requirements of edge cloud systems. Firstly, we review the theoretical properties of two major categories of change point approaches, i.e., Bayesian and cumulative sum (CUSUM), also discussing their suitability for edge systems. Secondly, we introduce a novel experimental methodology and apply it over two distinct edge cloud test-beds to evaluate the performance of such mechanisms in real-world edge environments. Our experimental results reveal important insights and trade-offs for the applicability and the online performance of the selected change point detectors.

A Pragmatical Approach to Anomaly Detection Evaluation in Edge Cloud Systems

TL;DR

The paper tackles anomaly detection in edge cloud systems under strict latency and resource constraints by evaluating change-point based detectors. It compares non-parametric and parametric CUSUM methods with Bayesian online change point detectors using a novel cloud-native evaluation framework implemented on Kubernetes across two edge test-beds. The study provides practical insights into the trade-offs between detection delay, false alarms, and resource consumption (CPU, memory, and response time), highlighting that npCUSUM offers strong scalability while BOCD is more demanding. The results inform design choices for lightweight, real-time AD in constrained edge environments and demonstrate the value of a cloud-native, instrumented evaluation pipeline.

Abstract

Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to investigate the performance of change-point based detectors, i.e., a class of lightweight and accurate AD methods, in relation to the requirements of edge cloud systems. Firstly, we review the theoretical properties of two major categories of change point approaches, i.e., Bayesian and cumulative sum (CUSUM), also discussing their suitability for edge systems. Secondly, we introduce a novel experimental methodology and apply it over two distinct edge cloud test-beds to evaluate the performance of such mechanisms in real-world edge environments. Our experimental results reveal important insights and trade-offs for the applicability and the online performance of the selected change point detectors.
Paper Structure (10 sections, 10 equations, 3 figures, 1 table)

This paper contains 10 sections, 10 equations, 3 figures, 1 table.

Table of Contents

  1. Introduction
  2. Considered Detection Mechanisms
  3. CUSUM-based
  4. Non-parametric CUSUM
  5. Parametric CUSUM
  6. Bayesian-based
  7. Evaluation Methodology
  8. Experimental Results
  9. Conclusions
  10. Acknowledgments

Figures (3)

  • Figure 1: r-BOCPD operation , along with the error bars (shadow blue) and the modified stopping rule (dashed dark line).
  • Figure 2: i) actual DD versus DD in data points, ii) memory versus CPU consumption, and, iii) response time for each time-series being processed on-line, assuming 1 client. Applying npCUSUM, pCUSUM and BOCD methods, in both UoM test-bed (first row) and ATHENA test-bed (second row).
  • Figure 3: Mean: i) actual DD, ii) response time, iii) CPU consumption, and, iv) memory consumption, in UoM (t1) and ATHENA (t2) test-beds, regarding $k=\{1,\cdots,5\}$ clients.