Anomaly Detection Techniques for Web-based Applications: An Experimental Study

The web-based applications are exposed to a large spectrum of factors that may affect their availability and performability. The mean-time-to-detect (MTTD) and the mean-time-to-repair (MTTR) are considered of utmost importance to reduce the failure impacts. In this context, the combination of multiple monitoring techniques is commonly adopted to provide IT staff with information useful for timely detection and recovery from the failures. In this paper we provide an experimental study about the detection abilities provided by the monitoring tools that are being used nowadays in web-based applications. Besides the system-level, end-to-end and container-level monitoring techniques we incorporate an application-level monitoring technique. This technique provides the detection of performance anomalies by performing a correlation analysis among application parameters collected by an aspect-oriented program. The detection latency, the number of end-users affected, the coverage analysis and the overhead achieved by each monitoring technique, was evaluated considering different anomaly scenarios. Despite the importance of the monitoring techniques complementarity, the results achieved by the application-level monitoring are very interesting: it has detected 100% of the anomaly scenarios tested; for 73% of the anomalies it was the fastest detection technique; and due to the low detection latency it contributes to reduce the number of end-users experiencing the anomalies.