ALSR: An adaptive label screening and relearning approach for interval-oriented anomaly detection

•Interval-oriented method has positive performance for anomaly detection.•Label screening related to anomaly intervals increases the utilization of labels.•Extra learning on finer granularity of anomalies helps for more precise detection.•Feature set combining prediction and statistics suit to multi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Expert systems with applications 2019-12, Vol.136, p.94-104
Hauptverfasser: Wang, Jingyu, Jing, Yuhan, Qi, Qi, Feng, Tongtong, Liao, Jianxin
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:•Interval-oriented method has positive performance for anomaly detection.•Label screening related to anomaly intervals increases the utilization of labels.•Extra learning on finer granularity of anomalies helps for more precise detection.•Feature set combining prediction and statistics suit to multi-types of anomalies. Anomaly detection using KPIs (Key Performance Indicators) is a key part of AIOps (Artificial Intelligence for IT Operations). Recent anomaly detection approaches have adopted Machine Learning to detect anomalies on the perspective of individual time points more than events. These approaches do not effectively utilize the labels of continuous anomaly intervals, nor do they pay attention to the differences among anomaly points. The detection performances are therefore not precise enough to be applied in practice, and the differences in length of anomaly intervals also cause loss of performance. In this paper, we propose an anomaly detection approach named ALSR, which uses a label screening model and a relearning model to analyze and utilize the continuous anomaly intervals of KPIs in finer granularity. The label screening model takes advantage of the continuity of anomaly intervals to remove some unnecessary data from the training set, making it more suitable for interval-oriented anomaly detection. The relearning model based on random forest reclassifies the true/false positive points within domain of detected anomalies, thus effectively reduces the number of false positive points. ALSR uses several features extracted by sliding windows, and the feature set is proved to better describe the characteristics of KPI time series. Finally, we conduct comprehensive experiments on 25 KPIs. The total F-score of ALSR is 0.965, which outperforms state-of-the-art anomaly detection approaches.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2019.06.028