| CPC H04L 63/1425 (2013.01) [H04L 63/1441 (2013.01); H04L 63/20 (2013.01)] | 18 Claims |
|
1. A method, comprising:
receiving, by a server, a first plurality of metrics over a first time period from a defined set of microservices for a function;
applying, by the server, the first plurality of metrics to an ensemble of anomaly detection models to generate a plurality of classifications, each of the plurality of classifications indicating the first plurality of metrics as one of anomalous or normal from a respective model of the ensemble of anomaly detection models, wherein the ensemble of anomaly detection models is trained using a second plurality of metrics over a second time period;
identifying, by the server, a majority of the plurality of classifications as corresponding to an anomaly event in the defined set of microservices;
determining, by the server, responsive to identifying the majority of the plurality of classifications as corresponding to the anomaly event, that (i) a number of instances of the defined set of microservices affected by the anomaly event is greater than a first threshold number and (ii) a total number of instances of the defined set of microservices is less than a second threshold number in accordance with a criterion of a policy of a plurality of policies, each of the plurality of policies identifying a respective countermeasure to address the anomaly event; and
performing, by the server, a countermeasure identified by the policy to provide an alert message identifying the anomaly event to prompt an administrator to invoke restarting of the defined set of microservices for the function.
|