450 research outputs found
Locality statistics for anomaly detection in time series of graphs
The ability to detect change-points in a dynamic network or a time series of
graphs is an increasingly important task in many applications of the emerging
discipline of graph signal processing. This paper formulates change-point
detection as a hypothesis testing problem in terms of a generative latent
position model, focusing on the special case of the Stochastic Block Model time
series. We analyze two classes of scan statistics, based on distinct underlying
locality statistics presented in the literature. Our main contribution is the
derivation of the limiting distributions and power characteristics of the
competing scan statistics. Performance is compared theoretically, on synthetic
data, and on the Enron email corpus. We demonstrate that both statistics are
admissible in one simple setting, while one of the statistics is inadmissible a
second setting.Comment: 15 pages, 6 figure
Recurrence networks - A novel paradigm for nonlinear time series analysis
This paper presents a new approach for analysing structural properties of
time series from complex systems. Starting from the concept of recurrences in
phase space, the recurrence matrix of a time series is interpreted as the
adjacency matrix of an associated complex network which links different points
in time if the evolution of the considered states is very similar. A critical
comparison of these recurrence networks with similar existing techniques is
presented, revealing strong conceptual benefits of the new approach which can
be considered as a unifying framework for transforming time series into complex
networks that also includes other methods as special cases.
It is demonstrated that there are fundamental relationships between the
topological properties of recurrence networks and the statistical properties of
the phase space density of the underlying dynamical system. Hence, the network
description yields new quantitative characteristics of the dynamical complexity
of a time series, which substantially complement existing measures of
recurrence quantification analysis
Robust Anomaly Detection with Applications to Acoustics and Graphs
Our goal is to develop a robust anomaly detector that can be incorporated into pattern recognition systems that may need to learn, but will never be shunned for making egregious errors. The ability to know what we do not know is a concept often overlooked when developing classifiers to discriminate between different types of normal data in controlled experiments. We believe that an anomaly detector should be used to produce warnings in real applications when operating conditions change dramatically, especially when other classifiers only have a fixed set of bad candidates from which to choose.
Our approach to distributional anomaly detection is to gather local information using features tailored to the domain, aggregate all such evidence to form a global density estimate, and then compare it to a model of normal data. A good match to a recognizable distribution is not required. By design, this process can detect the "unknown unknowns" [1] and properly react to the "black swan events" [2] that can have devastating effects on other systems. We demonstrate that our system is robust to anomalies that may not be well-defined or well-understood even if they have contaminated the training data that is assumed to be non-anomalous.
In order to develop a more robust speech activity detector, we reformulate the problem to include acoustic anomaly detection and demonstrate state-of-the-art performance using simple distribution modeling techniques that can be used at incredibly high speed. We begin by demonstrating our approach when training on purely normal conversational speech and then remove all annotation from our training data and demonstrate that our techniques can robustly accommodate anomalous training data contamination. When comparing continuous distributions in higher dimensions, we develop a novel method of discarding portions of a semi-parametric model to form a robust estimate of the Kullback-Leibler divergence. Finally, we demonstrate the generality of our approach by using the divergence between distributions of vertex invariants as a graph distance metric and achieve state-of-the-art performance when detecting graph anomalies with neighborhoods of excessive or negligible connectivity.
[1] D. Rumsfeld. (2002) Transcript: DoD news briefing - Secretary Rumsfeld and Gen. Myers.
[2] N. N. Taleb, The Black Swan: The Impact of the Highly Improbable. Random House, 2007
NetLSD: Hearing the Shape of a Graph
Comparison among graphs is ubiquitous in graph analytics. However, it is a
hard task in terms of the expressiveness of the employed similarity measure and
the efficiency of its computation. Ideally, graph comparison should be
invariant to the order of nodes and the sizes of compared graphs, adaptive to
the scale of graph patterns, and scalable. Unfortunately, these properties have
not been addressed together. Graph comparisons still rely on direct approaches,
graph kernels, or representation-based methods, which are all inefficient and
impractical for large graph collections.
In this paper, we propose the Network Laplacian Spectral Descriptor (NetLSD):
the first, to our knowledge, permutation- and size-invariant, scale-adaptive,
and efficiently computable graph representation method that allows for
straightforward comparisons of large graphs. NetLSD extracts a compact
signature that inherits the formal properties of the Laplacian spectrum,
specifically its heat or wave kernel; thus, it hears the shape of a graph. Our
evaluation on a variety of real-world graphs demonstrates that it outperforms
previous works in both expressiveness and efficiency.Comment: KDD '18: The 24th ACM SIGKDD International Conference on Knowledge
Discovery & Data Mining, August 19--23, 2018, London, United Kingdo
Multiple Network Embedding for Anomaly Detection in Time Series of Graphs
This paper considers the graph signal processing problem of anomaly detection
in time series of graphs. We examine two related, complementary inference
tasks: the detection of anomalous graphs within a time series, and the
detection of temporally anomalous vertices. We approach these tasks via the
adaptation of statistically principled methods for joint graph inference,
specifically multiple adjacency spectral embedding (MASE) and omnibus embedding
(OMNI). We demonstrate that these two methods are effective for our inference
tasks. Moreover, we assess the performance of these methods in terms of the
underlying nature of detectable anomalies. Our results delineate the relative
strengths and limitations of these procedures, and provide insight into their
use. Applied to a large-scale commercial search engine time series of graphs,
our approaches demonstrate their applicability and identify the anomalous
vertices beyond just large degree change.Comment: 22 pages, 11 figure
Monitoring and analysis system for performance troubleshooting in data centers
It was not long ago. On Christmas Eve 2012, a war of troubleshooting began in Amazon data centers. It started at 12:24 PM, with an mistaken deletion of the state data of Amazon Elastic Load Balancing Service (ELB for short), which was
not realized at that time. The mistake first led to a local issue that a small number of ELB service APIs were affected. In about six minutes, it evolved into a critical one that EC2 customers were significantly affected. One example was that Netflix, which was using hundreds of Amazon ELB services, was experiencing an extensive streaming service outage when many customers could not watch TV shows or movies on Christmas Eve. It took Amazon engineers 5 hours 42 minutes to find the root cause, the mistaken deletion, and another 15 hours and 32 minutes to fully recover the ELB service. The war ended at 8:15 AM the next day and brought the performance
troubleshooting in data centers to world’s attention. As shown in this Amazon ELB case.Troubleshooting runtime performance issues is crucial in time-sensitive multi-tier cloud services because of their stringent end-to-end timing requirements, but it is also notoriously difficult and time consuming.
To address the troubleshooting challenge, this dissertation proposes VScope, a flexible monitoring and analysis system for online troubleshooting in data centers.
VScope provides primitive operations which data center operators can use to troubleshoot various performance issues. Each operation is essentially a series of monitoring and analysis functions executed on an overlay network. We design a novel
software architecture for VScope so that the overlay networks can be generated, executed and terminated automatically, on-demand. From the troubleshooting side, we design novel anomaly detection algorithms and implement them in VScope. By
running anomaly detection algorithms in VScope, data center operators are notified when performance anomalies happen. We also design a graph-based guidance approach, called VFocus, which tracks the interactions among hardware and software components in data centers. VFocus provides primitive operations by which operators can analyze the interactions to find out which components are relevant to the
performance issue.
VScope’s capabilities and performance are evaluated on a testbed with over 1000 virtual machines (VMs). Experimental results show that the VScope runtime negligibly perturbs system and application performance, and requires mere seconds to deploy monitoring and analytics functions on over 1000 nodes. This demonstrates VScope’s ability to support fast operation and online queries against a comprehensive set of application to system/platform level metrics, and a variety of representative analytics functions. When supporting algorithms with high computation complexity, VScope serves as a ‘thin layer’ that occupies no more than 5% of their total latency. Further, by using VFocus, VScope can locate problematic VMs that cannot be found
via solely application-level monitoring, and in one of the use cases explored in the dissertation, it operates with levels of perturbation of over 400% less than what is seen for brute-force and most sampling-based approaches. We also validate VFocus
with real-world data center traces. The experimental results show that VFocus has troubleshooting accuracy of 83% on average.Ph.D
- …