On the Periodicity of Time-series Network and Service Metrics

The presence of an underlying periodicity in time-series network and service metrics has been used as a basis for some recent anomaly detection techniques. These techniques however assume the presence of a periodicity, and would benefit from the concept of a quantitative figure of merit for the strength of a given periodicity in the metric. We survey a number of potential techniques for this purpose, and find none suitable. As such, we construct such a figure of merit to suit our application. Use of the figure of merit allows selection of the most appropriate period for the metric, and we present an efficient automated method for this selection. Furthermore, this figure of merit is a useful indicator of whether periodic analysis for anomaly detection is in fact suitable for the given metric. Finally, we suggest a number of other areas where use of the figure of merit could enhance anomaly detection using periodic analysis.

[1]  Mark Burgess,et al.  Measuring system normality , 2002, TOCS.

[2]  Symeon Papavassiliou,et al.  Adaptive and automated detection of service anomalies in transaction-oriented WANs: network analysis, algorithms, implementation, and deployment , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Harry L. Hurd,et al.  Climatological time series with periodic correlation , 1995 .

[4]  Qiang Chen,et al.  Computer intrusion detection through EWMA for autocorrelated and uncorrelated data , 2003, IEEE Trans. Reliab..

[5]  Artur Andrzejak,et al.  Characterizing and Predicting Resource Demand by Periodicity Mining , 2005, Journal of Network and Systems Management.

[6]  Mark Burgess,et al.  Probabilistic anomaly detection in distributed computer networks , 2006, Sci. Comput. Program..

[7]  Joseph L. Hellerstein,et al.  Mining partially periodic event patterns with unknown periods , 2001, Proceedings 17th International Conference on Data Engineering.

[8]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[9]  William H. Press,et al.  Numerical Recipes in C, 2nd Edition , 1992 .

[10]  Mark Burgess Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems , 2002, DSOM.

[11]  Symeon Papavassiliou,et al.  Adaptive Anomaly Detection in Transaction-Oriented Networks , 2004, Journal of Network and Systems Management.

[12]  Walid G. Aref,et al.  On the Discovery of Weak Periodicities in Large Time Series , 2002, PKDD.

[13]  Goutam Saha,et al.  Robust method for periodicity detection and characterization of irregular cyclical series in terms of embedded periodic components , 1999 .

[14]  Alexandr Seleznyov,et al.  A Methodology to Detect Temporal Regularities in User Behavior for Anomaly Detection , 2001, SEC.

[15]  Sushil Jajodia,et al.  Enhancing Profiles for Anomaly Detection Using Time Granularities , 2002, J. Comput. Secur..

[16]  William H. Allen,et al.  On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..