Astro: A Predictive Model for Anomaly Detection and Feedback-based Scheduling on Hadoop
Chaitali Gupta, Mayank Bansal, Tzu-Cheng Chuang, Ranjan Sinha, Sami Ben-romdhane
The sheer growth in data volume and Hadoop cluster size make it a significant challenge to diagnose and locate problems in a production-level cluster environment efficiently and within a short period of time. Often times, the distributed monitoring systems are not capable of detecting a problem well in advance when a large-scale Hadoop cluster starts to deteriorate i n performance or becomes unavailable. Thus, inc o m i n g workloads, scheduled between the time when cluster starts to deteriorate and the time when the problem is identified, suffer from longer execution times. As a result, both reliability and throughput of the cluster reduce significantly. In this paper, we address this problem by proposing a system called Astro, which consists of a predictive model and an extension to the Hadoop scheduler. The predictive model in Astro takes into account a rich set of cluster behavioral information that are collected by monitoring processes and model them using machine learning algorithms to predict future behavior of the cluster. The Astro predictive model detects anomalies in the cluster and also identifies a ranked set of metrics that have contributed the most towards the problem. The Astro scheduler uses the prediction outcome and the list of metrics to decide whether it needs to move and reduce workloads from the problematic cluster nodes or to prevent additional workload allocations to them, in order to improve both throughput and reliability of the cluster. The results demonstrate that the Astro scheduler improves usage of cluster compute resources significantly by 64.23% compared to traditional Hadoop. Furthermore, the runtime of the benchmark application reduced by 26.68% during the time of anomaly, thus improving the cluster throughput.
Existing Big data analytics platforms, such as Hadoop, lack support for user activity monitoring. Several diagnostic tools such as Ganglia, Ambari, and Cloudera Manager are available to monitor health of a cluster, however, they do not provide algorithms to detect security threats or perform user activity monitoring. Hence, there is a need to develop a scalable system that can detect malicious user activities, especially in real-time, so that appropriate actions can be taken against the user. At eBay, we developed such a system named Eagle, which collects audit logs from Hadoop clusters and applications running on them, analyzes users behavior, generates profiles per user of the system, and predicts anomalous user activities based on their prior profiles. Eagle is a highly scalable system, capable of monitoring multiple eBay clusters in real-time. It includes machine-learning algorithms that create user profiles based on the user's history of activities. As far as we know, this is the first activity monitoring system on the Hadoop-ecosystem for the detection of intrusion-related activities using behavior-based profiles of users. When a user performs any operation in the cluster, Eagle matches current user action against his prior activity pattern and raises alarm if it suspects anomalous action. We investigate two machine-learning algorithms: density estimation, and principal component analysis (PCA). In this paper, we introduce the Eagle system, discuss the algorithms in detail, and show performance results. We demonstrate that the sensitivity of the density estimation algorithm is 93%, however the sensitivity of our system increases by 4.94% (on average) to 98% (approximately) by using an ensemble of the two algorithms during anomaly detection.
This paper presents a case study of using distributed word representations, word2vec in particular, for improving performance of Named Entity Recognition for the e-Commerce domain. We also demonstrate that distributed word representations trained on a smaller amount of in-domain data are more effective than word vectors trained on very large amount of out-of-domain data, and that their combination gives the best results.
Large e-commerce enterprises feature millions of items entered daily by a large variety of sellers. While some sellers provide rich, structured descriptions of their items, a vast majority of them provide unstructured natural language descriptions. In the paper we present a 2 steps method for structuring items into descriptive properties. The first step consists in unsupervised property discovery and extraction. The second step involves supervised property synonym discovery using a maximum entropy based clustering algorithm. We evaluate our method on a year worth of ecommerce
data and show that it achieves excellent precision with good recall.