Time Series Forecasting Using Holt-Winters Model Applied to Anomaly Detection in Network Traffic

Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski
Sensors ◽  
2021 ◽  
Vol 21 (5) ◽  
pp. 1590
Author(s):  
Arnak Poghosyan ◽  
Ashot Harutyunyan ◽  
Naira Grigoryan ◽  
Clement Pang ◽  
George Oganesyan ◽  
...  

The main purpose of an application performance monitoring/management (APM) software is to ensure the highest availability, efficiency and security of applications. An APM software accomplishes the main goals through automation, measurements, analysis and diagnostics. Gartner specifies the three crucial capabilities of APM softwares. The first is an end-user experience monitoring for revealing the interactions of users with application and infrastructure components. The second is application discovery, diagnostics and tracing. The third key component is machine learning (ML) and artificial intelligence (AI) powered data analytics for predictions, anomaly detection, event correlations and root cause analysis. Time series metrics, logs and traces are the three pillars of observability and the valuable source of information for IT operations. Accurate, scalable and robust time series forecasting and anomaly detection are the requested capabilities of the analytics. Approaches based on neural networks (NN) and deep learning gain an increasing popularity due to their flexibility and ability to tackle complex nonlinear problems. However, some of the disadvantages of NN-based models for distributed cloud applications mitigate expectations and require specific approaches. We demonstrate how NN-models, pretrained on a global time series database, can be applied to customer specific data using transfer learning. In general, NN-models adequately operate only on stationary time series. Application to nonstationary time series requires multilayer data processing including hypothesis testing for data categorization, category specific transformations into stationary data, forecasting and backward transformations. We present the mathematical background of this approach and discuss experimental results based on implementation for Wavefront by VMware (an APM software) while monitoring real customer cloud environments.


2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Piotr Kiedrowski

The article presents solutions to anomaly detection in network traffic for critical smart metering infrastructure, realized with the use of radio sensory network. The structure of the examined smart meter network and the key security aspects which have influence on the correct performance of an advanced metering infrastructure (possibility of passive and active cyberattacks) are described. An effective and quick anomaly detection method is proposed. At its initial stage, Cook’s distance was used for detection and elimination of outlier observations. So prepared data was used to estimate standard statistical models based on exponential smoothing, that is, Brown’s, Holt’s, and Winters’ models. To estimate possible fluctuations in forecasts of the implemented models, properly parameterized Bollinger Bands was used. Next, statistical relations between the estimated traffic model and its real variability were examined to detect abnormal behavior, which could indicate a cyberattack attempt. An update procedure of standard models in case there were significant real network traffic fluctuations was also proposed. The choice of optimal parameter values of statistical models was realized as forecast error minimization. The results confirmed efficiency of the presented method and accuracy of choice of the proper statistical model for the analyzed time series.


Author(s):  
Arnak Poghosyan ◽  
Ashot Harutyunyan ◽  
Naira Grigoryan ◽  
Clement Pang ◽  
George Oganesyan ◽  
...  

One of the key components of application performance monitoring (APM) software is 2 AI/ML empowered data analytics for predictions, anomaly detection, event correlations and root 3 cause analysis. Time series metrics, logs and traces are three pillars of observability and the valuable 4 source of information for IT operations. Accurate, scalable and robust time series forecasting and 5 anomaly detection are desirable capabilities of the analytics. Approaches based on neural networks 6 (NN) and deep learning gain increasing popularity due to their flexibility and ability to tackle complex 7 non-linear problems. However, some of the disadvantages of NN-based models for distributed cloud 8 applications mitigate expectations and require specific approaches. We demonstrate how NN-models 9 pretrained on a global time series database can be applied to customer specific data using transfer 10 learning. In general, NN-models adequately operate only on stationary time series. Application 11 to non-stationary time series requires multilayer data processing including hypothesis testing for 12 data categorization, category specific transformations into stationary data, forecasting and backward 13 transformations. We present the mathematical background of this approach and discuss experimental 14 results from the productized implementation in Wavefront by VMware (an APM software) while 15 monitoring real customer cloud environments.


Sign in / Sign up

Export Citation Format

Share Document