16,902 research outputs found
Automatic Anomaly Detection in the Cloud Via Statistical Learning
Performance and high availability have become increasingly important drivers,
amongst other drivers, for user retention in the context of web services such
as social networks, and web search. Exogenic and/or endogenic factors often
give rise to anomalies, making it very challenging to maintain high
availability, while also delivering high performance. Given that
service-oriented architectures (SOA) typically have a large number of services,
with each service having a large set of metrics, automatic detection of
anomalies is non-trivial.
Although there exists a large body of prior research in anomaly detection,
existing techniques are not applicable in the context of social network data,
owing to the inherent seasonal and trend components in the time series data.
To this end, we developed two novel statistical techniques for automatically
detecting anomalies in cloud infrastructure data. Specifically, the techniques
employ statistical learning to detect anomalies in both application, and system
metrics. Seasonal decomposition is employed to filter the trend and seasonal
components of the time series, followed by the use of robust statistical
metrics -- median and median absolute deviation (MAD) -- to accurately detect
anomalies, even in the presence of seasonal spikes.
We demonstrate the efficacy of the proposed techniques from three different
perspectives, viz., capacity planning, user behavior, and supervised learning.
In particular, we used production data for evaluation, and we report Precision,
Recall, and F-measure in each case.Comment: 13 pages, 12 figure
Sequence-based Detection of Sleeping Cell Failures in Mobile Networks
This article presents an automatic malfunction detection framework based on
data mining approach to analysis of network event sequences. The considered
environment is Long Term Evolution (LTE) for Universal Mobile Telecommunication
System (UMTS) with sleeping cell caused by random access channel failure.
Sleeping cell problem means unavailability of network service without triggered
alarm. The proposed detection framework uses N-gram analysis for identification
of abnormal behavior in sequences of network events. These events are collected
with Minimization of Drive Tests (MDT) functionality standardized in LTE.
Further processing applies dimensionality reduction, anomaly detection with
k-nearest neighbor, cross-validation, post-processing techniques and efficiency
evaluation. Different anomaly detection approaches proposed in this paper are
compared against each other with both classic data mining metrics, such as
F-score and receiver operating characteristic curves, and a newly proposed
heuristic approach. Achieved results demonstrate that the suggested method can
be used in modern performance monitoring systems for reliable, timely and
automatic detection of random access channel sleeping cells.Comment: 26 page
Dynamic Network Cartography
Communication networks have evolved from specialized, research and tactical
transmission systems to large-scale and highly complex interconnections of
intelligent devices, increasingly becoming more commercial, consumer-oriented,
and heterogeneous. Propelled by emergent social networking services and
high-definition streaming platforms, network traffic has grown explosively
thanks to the advances in processing speed and storage capacity of
state-of-the-art communication technologies. As "netizens" demand a seamless
networking experience that entails not only higher speeds, but also resilience
and robustness to failures and malicious cyber-attacks, ample opportunities for
signal processing (SP) research arise. The vision is for ubiquitous smart
network devices to enable data-driven statistical learning algorithms for
distributed, robust, and online network operation and management, adaptable to
the dynamically-evolving network landscape with minimal need for human
intervention. The present paper aims at delineating the analytical background
and the relevance of SP tools to dynamic network monitoring, introducing the SP
readership to the concept of dynamic network cartography -- a framework to
construct maps of the dynamic network state in an efficient and scalable manner
tailored to large-scale heterogeneous networks.Comment: To appear in the IEEE Signal Processing Magazine - Special Issue on
Adaptation and Learning over Complex Network
A Meta-Analysis of the Anomaly Detection Problem
This article provides a thorough meta-analysis of the anomaly detection
problem. To accomplish this we first identify approaches to benchmarking
anomaly detection algorithms across the literature and produce a large corpus
of anomaly detection benchmarks that vary in their construction across several
dimensions we deem important to real-world applications: (a) point difficulty,
(b) relative frequency of anomalies, (c) clusteredness of anomalies, and (d)
relevance of features. We apply a representative set of anomaly detection
algorithms to this corpus, yielding a very large collection of experimental
results. We analyze these results to understand many phenomena observed in
previous work. First we observe the effects of experimental design on
experimental results. Second, results are evaluated with two metrics, ROC Area
Under the Curve and Average Precision. We employ statistical hypothesis testing
to demonstrate the value (or lack thereof) of our benchmarks. We then offer
several approaches to summarizing our experimental results, drawing several
conclusions about the impact of our methodology as well as the strengths and
weaknesses of some algorithms. Last, we compare results against a trivial
solution as an alternate means of normalizing the reported performance of
algorithms. The intended contributions of this article are many; in addition to
providing a large publicly-available corpus of anomaly detection benchmarks, we
provide an ontology for describing anomaly detection contexts, a methodology
for controlling various aspects of benchmark creation, guidelines for future
experimental design and a discussion of the many potential pitfalls of trying
to measure success in this field
ASAP: Prioritizing Attention via Time Series Smoothing
Time series visualization of streaming telemetry (i.e., charting of key
metrics such as server load over time) is increasingly prevalent in modern data
platforms and applications. However, many existing systems simply plot the raw
data streams as they arrive, often obscuring large-scale trends due to
small-scale noise. We propose an alternative: to better prioritize end users'
attention, smooth time series visualizations as much as possible to remove
noise, while retaining large-scale structure to highlight significant
deviations. We develop a new analytics operator called ASAP that automatically
smooths streaming time series by adaptively optimizing the trade-off between
noise reduction (i.e., variance) and trend retention (i.e., kurtosis). We
introduce metrics to quantitatively assess the quality of smoothed plots and
provide an efficient search strategy for optimizing these metrics that combines
techniques from stream processing, user interface design, and signal processing
via autocorrelation-based pruning, pixel-aware preaggregation, and on-demand
refresh. We demonstrate that ASAP can improve users' accuracy in identifying
long-term deviations in time series by up to 38.4% while reducing response
times by up to 44.3%. Moreover, ASAP delivers these results several orders of
magnitude faster than alternative search strategies
Real-Time Anomaly Detection for Streaming Analytics
Much of the worlds data is streaming, time-series data, where anomalies give
significant information in critical situations. Yet detecting anomalies in
streaming data is a difficult task, requiring detectors to process data in
real-time, and learn while simultaneously making predictions. We present a
novel anomaly detection technique based on an on-line sequence memory algorithm
called Hierarchical Temporal Memory (HTM). We show results from a live
application that detects anomalies in financial metrics in real-time. We also
test the algorithm on NAB, a published benchmark for real-time anomaly
detection, where our algorithm achieves best-in-class results
An ISP Level Solution to Combat DDoS Attacks using Combined Statistical Based Approach
Disruption from service caused by DDoS attacks is an immense threat to
Internet today. These attacks can disrupt the availability of Internet services
completely, by eating either computational or communication resources through
sheer volume of packets sent from distributed locations in a coordinated manner
or graceful degradation of network performance by sending attack traffic at low
rate. In this paper, we describe a novel framework that deals with the
detection of variety of DDoS attacks by monitoring propagation of abrupt
traffic changes inside ISP Domain and then characterizes flows that carry
attack traffic. Two statistical metrics namely, Volume and Flow are used as
parameters to detect DDoS attacks. Effectiveness of an anomaly based detection
and characterization system highly depends on accuracy of threshold value
settings. Inaccurate threshold values cause a large number of false positives
and negatives. Therefore, in our scheme, Six-Sigma and varying tolerance factor
methods are used to identify threshold values accurately and dynamically for
various statistical metrics. NS-2 network simulator on Linux platform is used
as simulation testbed to validate effectiveness of proposed approach. Different
attack scenarios are implemented by varying total number of zombie machines and
at different attack strengths. The comparison with volume-based approach
clearly indicates the supremacy of our proposed system
A Survey on the Security of Pervasive Online Social Networks (POSNs)
Pervasive Online Social Networks (POSNs) are the extensions of Online Social
Networks (OSNs) which facilitate connectivity irrespective of the domain and
properties of users. POSNs have been accumulated with the convergence of a
plethora of social networking platforms with a motivation of bridging their
gap. Over the last decade, OSNs have visually perceived an altogether
tremendous amount of advancement in terms of the number of users as well as
technology enablers. A single OSN is the property of an organization, which
ascertains smooth functioning of its accommodations for providing a quality
experience to their users. However, with POSNs, multiple OSNs have coalesced
through communities, circles, or only properties, which make
service-provisioning tedious and arduous to sustain. Especially, challenges
become rigorous when the focus is on the security perspective of cross-platform
OSNs, which are an integral part of POSNs. Thus, it is of utmost paramountcy to
highlight such a requirement and understand the current situation while
discussing the available state-of-the-art. With the modernization of OSNs and
convergence towards POSNs, it is compulsory to understand the impact and reach
of current solutions for enhancing the security of users as well as associated
services. This survey understands this requisite and fixates on different sets
of studies presented over the last few years and surveys them for their
applicability to POSNs...Comment: 39 Pages, 10 Figure
System-Level Predictive Maintenance: Review of Research Literature and Gap Analysis
This paper reviews current literature in the field of predictive maintenance
from the system point of view. We differentiate the existing capabilities of
condition estimation and failure risk forecasting as currently applied to
simple components, from the capabilities needed to solve the same tasks for
complex assets. System-level analysis faces more complex latent degradation
states, it has to comprehensively account for active maintenance programs at
each component level and consider coupling between different maintenance
actions, while reflecting increased monetary and safety costs for system
failures. As a result, methods that are effective for forecasting risk and
informing maintenance decisions regarding individual components do not readily
scale to provide reliable sub-system or system level insights. A novel holistic
modeling approach is needed to incorporate available structural and physical
knowledge and naturally handle the complexities of actively fielded and
maintained assets.Comment: 24 pages, 3 figure
The Smart Black Box: A Value-Driven High-Bandwidth Automotive Event Data Recorder
Autonomous vehicles require reliable and resilient sensor suites and ongoing
validation through fleet-wide data collection. This paper proposes a Smart
Black Box (SBB) to augment traditional low-bandwidth data logging with
value-driven high-bandwidth data capture. The SBB caches short-term histories
of data as buffers through a deterministic Mealy machine based on data value
and similarity. Compression quality for each frame is determined by optimizing
the trade-off between value and storage cost. With finite storage, prioritized
data recording discards low-value buffers to make room for new data. This paper
formulates SBB compression decision making as a constrained multi-objective
optimization problem with novel value metrics and filtering. The SBB has been
evaluated on a traffic simulator which generates trajectories containing events
of interest (EOIs) and corresponding first-person view videos. SBB compression
efficiency is assessed by comparing storage requirements with different
compression quality levels and event capture ratios. Performance is evaluated
by comparing results with a traditional first-in-first-out (FIFO) recording
scheme. Deep learning performance on images recorded at different compression
levels is evaluated to illustrate the reproducibility of SBB recorded data.Comment: Submitted to IEEE Transactions on Intelligent Transportation System
- …