opprentice towards practical and automatic anomaly
play

Opprentice: Towards Practical and Automatic Anomaly Detection - PowerPoint PPT Presentation

Sep 07, 2022 •111 likes •545 views

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu , Youjian Zhao, Haowen Xu, Yongqian Sun, Dan Pei, Jiao Luo, Xiaowei Jing, Mei Feng 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn) KPIs and

  1. Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu , Youjian Zhao, Haowen Xu, Yongqian Sun, Dan Pei, Jiao Luo, Xiaowei Jing, Mei Feng 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  2. KPIs and Anomaly Detection Page views (PV) of Baidu KPIs (Key Performance Indicators) : A set of performance measures that evaluate the service quality 1 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  3. KPIs and Anomaly Detection Page views (PV) of Baidu KPIs (Key Performance Indicators) : A set of performance measures that evaluate the service quality KPI anomalous (unexpected) behaviors  Potential failures, bugs, attacks... 2 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  4. KPIs and Anomaly Detection Page views (PV) of Baidu KPIs (Key Performance Indicators) : A set of performance measures that evaluate the service quality KPI anomalous (unexpected) behaviors  Potential failures, bugs, attacks... Anomaly detection matters: Find anomalous behaviors of the KPI curve  Diagnose and fix it  Avoid further influences and revenue losses 3 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  5. KPIs and Anomaly Detection IMC’ 15 The Dark Menace: Characterizing IMC’ 15 Dissecting UbuntuOne: Autopsy of a Network-based Attacks in the Cloud Global-scale Personal Cloud Back-end Page views (PV) of Baidu KPIs (Key Performance Indicators) : A set of performance measures that evaluate the service quality KPI anomalous (unexpected) behaviors  Potential failures, bugs, attacks, etc. Anomaly detection matters: Find anomalous behaviors of the KPI curve  Diagnose and fix it  Avoid further influences and revenue losses 4 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  6. How to Build the Anomaly Detection System Domain experts (Operators) Developers • • Responsible for the KPIs Building the detection system • • Knowing the KPI behaviors well Knowing several anomaly detectors Simple threshold Historical Average Wavelet Holt-Winters … 5 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  7. How to Build the Anomaly Detection System In practice, it is more complex Describe anomalies Developers Operators 6 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  8. How to Build the Anomaly Detection System In practice, it is more complex Describe anomalies Developers Operators Select detectors & Tune parameters Detection Wavelet System Moving Average Holt-Winters … 7 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  9. How to Build the Anomaly Detection System In practice, it is more complex Describe anomalies Developers Operators Select detectors & Tune parameters Detection Anomalies Wavelet System Moving Average Holt-Winters … 8 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  10. How to Build the Anomaly Detection System In practice, it is more complex Describe anomalies Developers Operators Select detectors & Tune parameters Detection Anomalies Wavelet System Moving Average Holt-Winters … 9 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  11. How to Build the Anomaly Detection System Challenges Selecting and combining suitable Describe anomalies 2. detectors are tricky Operators have difficulties to precisely and 1. 3. formally define anomalies in advance Detectors are not intuitive to tune Developers Operators Select detectors & Tune parameters Detection Anomalies Wavelet System Moving Average Holt-Winters … 10 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  12. 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  13. (Op erators’ ap prentice) 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  14. A More Natural Way Opprentice OP PV 13 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  15. Design Goal Label Anomaly Detection Operators Accuracy preference (Precision & recall) Opprentice Provide 14 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  16. Design Goal vs. Label Anomaly Detection Operators Accuracy preference (Precision & recall) Opprentice Provide 15 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  17. Outline  Background and Motivation  Key Ideas  Results  Conclusion 16 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  18. Key Ideas Detector model: 17 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  19. Key Ideas Detector model: For example |𝑤𝑏𝑚𝑣𝑓−𝜈| 𝑤𝑏𝑚𝑣𝑓 severity = 𝜏 Historical Average 18 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  20. Key Ideas Detector model: For example |𝑤𝑏𝑚𝑣𝑓−𝜈| 𝑤𝑏𝑚𝑣𝑓 severity = 𝜏 1 Historical sThld 0 Average 19 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  21. Key Ideas Detector model: For example |𝑤𝑏𝑚𝑣𝑓−𝜈| 𝑤𝑏𝑚𝑣𝑓 severity = 𝜏 1 Historical sThld 0 Average Anomaly feature 20 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  22. Key Ideas Historical average-4 season EWMA-0,7 WMA-WIN30 Extract Differencing-last slot features Detector Differencing-last season Configurations Differencing-last day KPI data (Detectors with different parameters) Time series decomposition HW 0.2 0.2 0.2 HW 0.5 0.7 0.7 21 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  23. Key Ideas Historical average-4 season EWMA-0,7 WMA-WIN30 Extract Differencing-last slot features Detector Differencing-last season Configurations Differencing-last day KPI data (Detectors with different parameters) Time series decomposition HW 0.2 0.2 0.2 HW 0.5 0.7 0.7 22 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  24. Key Ideas Classification in the feature space (Supervised machine learning) 23 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  25. Key Ideas Classification in the feature space (Supervised machine learning) Operators 24 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  26. Address Challenges of Designing Opprentice  Labeling overhead – Solution: an effective labeling tool 25 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  27. Address Challenges of Designing Opprentice  Labeling overhead – Solution: an effective labeling tool  Incomplete anomaly types in the historical data – Solution: incremental re-training with new data 26 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  28. Address Challenges of Designing Opprentice  Labeling overhead – Solution: an effective labeling tool  Incomplete anomaly types in the historical data – Solution: incremental re-training with new data  Class imbalance problem – Solution: adjusting classification threshold (cThld) based on the preference 27 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  29. Address Challenges of Designing Opprentice  Labeling overhead – Solution: an effective labeling tool  Incomplete anomaly types in the historical data – Solution: incremental re-training with new data  Class imbalance problem – Solution: adjusting classification threshold (cThld) based on the preference  Irrelevant and redundant features – Solution: random forests 28 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  30. Design Overview Training a classifier See the paper for full details 29 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  31. Design Overview Training a classifier See the paper for full details Detecting anomalies 30 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  32. Outline  Background and Motivation  Key Ideas  Results  Conclusion 31 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  33. Evaluation 32 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  34. Evaluation 33 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  35. Random forests vs. Basic Detectors and Static Combinations Random forest basic detector basic detector basic detector 34 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  36. Evaluation 35 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  37. Random Forests vs. Other Learning Algorithms (The order of features is based on mutual information ) 36 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  38. Evaluation See the paper for full details 37 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  39. Opprentice as a whole Oracle mode 5-Fold Opprentice (best case) Opprentice achieves 23% 40% 110% more points inside the preference regions than 5-Fold cross-validation 38 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  40. Opprentice as a whole Oracle mode 5-Fold Opprentice (best case) Opprentice achieves 23% 40% 110% more points inside the preference regions than 5-Fold cross-validation 39 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

  41. Conclusion Opprentice is an automatic and accurate machine  learning framework for KPI anomaly detection Opprentice Defining anomalies Selecting detectors Tuning detectors Opprentice bridges the gap in applying complex  detectors in practice The idea of Opprentice  i.e., using machine learning to model the domain knowledge could be a very promising way to automate other service managements 40 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn)

Recommend

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web Applications Diploma Thesis Presentation Nina S. Marwede Abteilung Software Engineering Fakultt II Department fr Informatik August 26, 2008

654 views • 41 slides
Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at Charles Univerity Prague Matthias Rohr matthias.rohr@informatik.uni-oldenburg.de Graduate School TrustSoft, Software Engineering Group Department

969 views • 82 slides
Practical Anomaly Detection based on Classifying Frequent Traffic Patterns Ignasi Paredes-Oliva 1

Practical Anomaly Detection based on Classifying Frequent Traffic Patterns Ignasi Paredes-Oliva 1

Practical Anomaly Detection based on Classifying Frequent Traffic Patterns Ignasi Paredes-Oliva 1 Ismael Castell-Uroz 1 Pere Barlet-Ros 1 Xenofontas Dimitropoulos 2 Josep Sol-Pareta 1 1 UPC BarcelonaTech, Spain

616 views • 36 slides
15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter

15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter

15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter Carnegie Mellon University Spring 2018 1 Outline Anomalies and outliers Multivariate Gaussian Mixture of Gaussians 2 Outline Anomalies and

511 views • 34 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
AUTOMATIC EXCHANGE OF INFORMATION Practical Examples for Trust Practitioners in Switzerland STEP

AUTOMATIC EXCHANGE OF INFORMATION Practical Examples for Trust Practitioners in Switzerland STEP

AUTOMATIC EXCHANGE OF INFORMATION Practical Examples for Trust Practitioners in Switzerland STEP Lausanne, 6 March 2018 David Violi Head Regulatory & Compliance Financial Services Western Switzerland Director, Attorney-at-law Agenda

487 views • 24 slides
A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four spacetime dimensions, an SU(2) gauge theory with a single multiplet of fermions that transform under SU(2) in the spin 1/2 representation is

820 views • 43 slides
Making system composition flexible, automatic, safe, practical. . . (but not always at the same

Making system composition flexible, automatic, safe, practical. . . (but not always at the same

Making system composition flexible, automatic, safe, practical. . . (but not always at the same time) Stephen Kell Stephen.Kell@cl.cam.ac.uk Making systems composition. . . p.1/29 Introduction and running order An informal and incomplete

720 views • 29 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background oscillation relative to (fixed) electron analog to plasma oscillation ion mass ion density ion charge screening of Coulomb by (fast) electrons Kohn

1.08k views • 8 slides
Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Sixteenth Session of the Forum on Regional Climate Monitoring, Assessment and Prediction for Asia (FOCRAII), May 7, 2020 ( ), y , Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with SMART-based

457 views • 16 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing Behavior Anomaly Correlation Presentation at 13th European Conference on Software Maintenance and Reengineering Nina Marwede 1 , Matthias Rohr 1 ,

439 views • 42 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Introduction Anomaly Sum Rule Transition form factors of mesons Quark-hadron duality Corrections interplay and ex Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov Laboratory of Theoretical Physics,

580 views • 34 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

NVRAMOS 14 10.30. 2014 Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok Nam UNIST Outline Motivation Journaling of Journal Anomaly How to resolve Journaling of Journal anomaly

606 views • 60 slides
The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially

The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially

The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially adopted from F. Bosch What is the GSI Anomaly? Periodically modualted exponential -decay law of highly charged, stored ions at GSI by

246 views • 20 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement Security Project Automatic Enrollment Works Legal since 1999. All legal questions resolved 2006. Most larger 401(k)s incorporate automatic

137 views • 13 slides

More recommend