• DocumentCode
    2839918
  • Title

    Tiresias: Online Anomaly Detection for Hierarchical Operational Network Data

  • Author

    Chi-Yao Hong ; Caesar, Matthew ; Duffield, Nick ; Jia Wang

  • Author_Institution
    Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
  • fYear
    2012
  • fDate
    18-21 June 2012
  • Firstpage
    173
  • Lastpage
    182
  • Abstract
    Operational network data, management data such as customer care call logs and equipment system logs, is a very important source of information for network operators to detect problems in their networks. Unfortunately, there is lack of efficient tools to automatically track and detect anomalous events on operational data, causing ISP operators to rely on manual inspection of this data. While anomaly detection has been widely studied in the context of network data, operational data presents several new challenges, including the volatility and sparseness of data, and the need to perform fast detection (complicating application of schemes that require offline processing or large/stable data sets to converge). To address these challenges, we propose Tiresias, an automated approach to locating anomalous events on hierarchical operational data. Tiresias leverages the hierarchical structure of operational data to identify high-impact aggregates (e.g., locations in the network, failure modes) likely to be associated with anomalous events. To accommodate different kinds of operational network data, Tiresias consists of an online detection algorithm with low time and space complexity, while preserving high detection accuracy. We present results from two case studies using operational data collected at a large commercial IP network operated by a Tier-1 ISP: customer care call logs and set-top box crash logs. By comparing with a reference set verified by the ISP´s operational group, we validate that Tiresias can achieve >;94% accuracy in locating anomalies. Tiresias also discovered several previously unknown anomalies in the ISP´s customer care cases, demonstrating its effectiveness.
  • Keywords
    IP networks; security of data; IP network; ISP operator; Tier-1 ISP; Tiresias; anomalous event detection; anomalous event tracking; customer care call logs; data sparseness; data volatility; detection accuracy; equipment system logs; hierarchical operational data; hierarchical operational network data; hierarchical structure; high-impact aggregate; management data; manual inspection; network problem detection; online anomaly detection; online detection algorithm; space complexity; time complexity; Accuracy; Aggregates; Charge coupled devices; Computer crashes; Forecasting; Time series analysis; Vegetation; anomaly detection; log analysis; operational network data; time series analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems (ICDCS), 2012 IEEE 32nd International Conference on
  • Conference_Location
    Macau
  • ISSN
    1063-6927
  • Print_ISBN
    978-1-4577-0295-2
  • Type

    conf

  • DOI
    10.1109/ICDCS.2012.30
  • Filename
    6257990