Morphological Method for Detecting Abnormal Server States

Abstract

The paper proposes a computationally simple algorithm for detecting outliers and anomalies based on morphological analysis of the internal structure of multidimensional data. An important advantage of the method is the possibility of simultaneous work with qualitative and quantitative signs. It is also distinguished from its analogues by the simplicity of presentation and interpretation of the results. The values’ confidence range of the studied objects is approximated by combining the values’ confidence ranges of qualitatively homogeneous objects (clusters). The belonging of objects to one cluster is determined by the causal relationships between the features characteristic of the subject area. The method is based on the construction of a finite probability space and each element of binary vector is uniquely assigned to the objects of the sample. Based on the Chebyshev inequality, low-power clusters are taken as emissions. Objects that do not belong to the aggregate confidence area are taken as anomalies. Comparison mechanisms based on the Hamming distance have developed: 1) cluster and cluster; 2) cluster and object; 3) object and object. To demonstrate the effectiveness of the method a software module for detecting abnormal server states based on the Linux operating system has been developed. It can also be used as an auxiliary in professional intrusion detection systems.