A Taxonomy of Anomalies in Distributed Cloud Systems: The CRI-Model

  • Kim Reichert
  • Alexander Pokahr
  • Till Hohenberger
  • Christopher Haubeck
  • Winfried Lamersdorf
Part of the Studies in Computational Intelligence book series (SCI, volume 737)


Anomaly Detection (AD) in distributed cloud systems is the process of identifying unexpected (i.e. anomalous) behaviour. Many approaches from machine learning to statistical methods exist to detect anomalous data instances. However, no generic solutions exist for identifying appropriate metrics for monitoring and choosing adequate detection approaches. In this paper, we present the CRI-Model (Change, Rupture, Impact), which is a taxonomy based on a study of anomaly types in the literatureand an analysis of system outages in major cloud and web-portal companies. The taxonomy can be used as an anlaysis-tool on identified anomalies to discover gaps in the AD state of a system or determine components most often affected by a particular anomaly type. While the dimensions of the taxonomy are fixed, the categories can be adapted to different domains. We show the applicability of the taxonomy to distributed cloud systems using a large dataset of anomaly reports from a software company. The adaptability is further shown for the production automation domain, as a first attempt to generalize the taxonomy to other distributed systems.


Anomaly detection Distributed cloud systems Mitigation approaches System failures Feature selection Taxonomy of anomalies 


  1. 1.
    Avizienis, A., Laprie, J.-C., Randell, B.: Dependability and its threats: a taxonomy. In: Proceedings of IFIP 18th World Computer Congress, pp. 91–120 (2004)Google Scholar
  2. 2.
    Baddar, S., Merlo, A., Migliardi, M.: Anomaly detection in computer networks: a state-of-the-art review. J. Wirel. Mobile Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 5(4), 29–64 (2014)Google Scholar
  3. 3.
    Barford, P. et al.: A signal analysis of network traffic anomalies. In: The Second ACM SIGCOMM Workshop, pp. 71–82 (2002)Google Scholar
  4. 4.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–15 (2009)CrossRefGoogle Scholar
  5. 5.
    Ghosh, S., Reilly, D.L.: Credit card fraud detection with a neural-network. In: 1994 Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences, vol. 3, pp. 621–630 (1994)Google Scholar
  6. 6.
    Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PloS one 11(4), 1–31 (2016). e0152173Google Scholar
  7. 7.
    Ibidunmoye, O., Hernández-Rodriguez, F., Elmroth, E.: Performance anomaly detection and bottleneck identification. ACM Comput. Surv. 48(1), 1–35 (2015)CrossRefGoogle Scholar
  8. 8.
    Kumar, M., Ghani, R., Mei, Z.-S.: Data mining to predict and prevent errors in health insurance claims processing. In: The 16th ACM SIGKDD International Conference, pp. 65–74 (2010)Google Scholar
  9. 9.
    Ladiges, J., et al.: Evolution management of production facilities by semiautomated requirement verification. at-Automatisierungstechnik 62(11), 781–793 (2014)Google Scholar
  10. 10.
    Mazel, J., Fontugne, R., Fukuda, K.: A taxonomy of anomalies in backbone network traffic. In: IWCMC 2014—10th Int. Wireless Communications and Mobile Computing Conference, pp. 30–36 (2014)Google Scholar
  11. 11.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comp. Comm. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  12. 12.
    Nielsen, J.: Usability Engineering. Elsevier (1994)Google Scholar
  13. 13.
    Pertet, S., et al.: Causes of failure in web applications, Parallel Data Laboratory December, pp. 1–19 (2005)Google Scholar
  14. 14.
    Plonka, D., Barford, P.: Network anomaly confirmation, diagnosis and remediation. In: 47th Annual Allerton Conference on Communication, Control, and Computing, pp. 128–135 (2009)Google Scholar
  15. 15.
    Tobergte, D., Curtis, S.: Why Internet services fail and what can be done about these. J. Chem. Inf. Model. 53(9), 1689–1699 (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Kim Reichert
    • 1
  • Alexander Pokahr
    • 2
  • Till Hohenberger
    • 1
  • Christopher Haubeck
    • 2
  • Winfried Lamersdorf
    • 2
  1. 1.Adobe Systems Engineering GmbHHamburgGermany
  2. 2.University of HamburgHamburgGermany

Personalised recommendations