October 24, 2017
Rich Network Anomaly Detection Using Multivariate Data
- Mendiratta V.
- Thottan M.
Modern telecommunication networks are complex, and generate massive amounts of data in the form of logs and metadata. Though these networks are designed for high reliability, when they do fail or encounter performance degradations, given the complexity, it is difficult to detect and diagnose problems in a timely manner. Existing anomaly detection approaches typically provide cryptic results where the information is not sufficient, beyond an indication that an anomaly has occurred, for the network operator to take an action to correct the anomalous condition, thereby necessitating the need for extensive human effort for problem diagnosis. In this paper, we explore unsupervised learning approaches for network anomaly detection, and focus on change detection algorithms using selected multivariate data. We apply non-parametric sequential change point detection algorithms and evaluate the performance of the algorithms with several variables: procedure duration, percent failing events, etc. When a change (anomaly) is detected, visual analytics are applied to expose the cause of the anomaly in terms of exposing the high-ranking error causes as evidenced from the values of the error code variables in the observations indicating the anomaly. The algorithms are developed and tested with data from a 4G network. The impact of our work is the proactive detection of anomalies in networks and providing the cause of the anomaly, thereby improving network reliability and availability. We estimate the potential positive impact of using these algorithms to be in the range of 9% to 27% fewer dropped or degraded calls and sessions, which translates to 18,000 to 54,000 lost or degraded calls or sessions per minute for a system processing 200,000 procedures per minute.