Silent Failures in Stateless Systems: Rethinking Anomaly Detection for Serverless Computing

TL;DR

This paper discusses the unique challenges of detecting anomalies in serverless computing environments, emphasizing the need for new, context-aware detection methods tailored to the paradigm's transient and isolated nature.

Contribution

It provides a comprehensive analysis of the challenges and threats in serverless anomaly detection and proposes a research agenda for developing next-generation detection frameworks.

Findings

Traditional detection methods are ineffective in serverless environments.

Serverless-specific threats include DoW and cold start amplification.

Key research directions include multi-source data fusion and real-time detection.

Abstract

Serverless computing has redefined cloud application deployment by abstracting infrastructure and enabling on-demand, event-driven execution, thereby enhancing developer agility and scalability. However, maintaining consistent application performance in serverless environments remains a significant challenge. The dynamic and transient nature of serverless functions makes it difficult to distinguish between benign and anomalous behavior, which in turn undermines the effectiveness of traditional anomaly detection methods. These conventional approaches, designed for stateful and long-running services, struggle in serverless settings where executions are short-lived, functions are isolated, and observability is limited. In this first comprehensive vision paper on anomaly detection for serverless systems, we systematically explore the unique challenges posed by this paradigm, including the absence of persistent state, inconsistent monitoring granularity, and the difficulty of correlating behaviors across distributed functions. We further examine a range of threats that manifest as anomalies, from classical Denial-of-Service (DoS) attacks to serverless-specific threats such as Denial-of-Wallet (DoW) and cold start amplification. Building on these observations, we articulate a research agenda for next-generation detection frameworks that address the need for context-aware, multi-source data fusion, real-time, lightweight, privacy-preserving, and edge-cloud adaptive capabilities. Through the identification of key research directions and design principles, we aim to lay the foundation for the next generation of anomaly detection in cloud-native, serverless ecosystems.