Many network monitoring tools use simple thresholding techniques of single parameter measurements to alert the operator to unusual events. For satellite communications, signal levels, bit error rates, and lock status are some of the primary metrics used. This approach, however, fails to detect more nuanced anomalies. These occur when a number of variables present in a rare combination. In such a scenario each variable in isolation may appear normal, yet the data as a whole indicates that the system is in an anomalous state. This paper describes how a One Class Support Vector Machine (OCSVM) was trained to detect anomalies using historical multivariate data from a satellite communications network. The advantage of the OCSVM is that the training data does not need to include anomalies, nor is the labelling of 'normal' versus 'anomalous' data required. Moreover, the trained OCSVM examines multiple variables simultaneously, rather than looking at each in isolation, and is able to perform real-time outlier detection and quantify how abnormal the outliers are. The latter is obtained by measuring the distance of the outlier to the decision plane of the OCSVM. The technique has been applied to alert satellite communiction network operators to unusual conditions requiring their attention.
[1]
Bernhard Schölkopf,et al.
A tutorial on support vector regression
,
2004,
Stat. Comput..
[2]
Bernhard Schölkopf,et al.
New Support Vector Algorithms
,
2000,
Neural Computation.
[3]
John Platt,et al.
Probabilistic Outputs for Support vector Machines and Comparisons to Regularized Likelihood Methods
,
1999
.
[4]
Chih-Jen Lin,et al.
LIBSVM: A library for support vector machines
,
2011,
TIST.
[5]
Slim Abdennadher,et al.
Enhancing one-class support vector machines for unsupervised anomaly detection
,
2013,
ODD '13.