hawkeye : a real-time anomaly detection system
TRANSCRIPT
![Page 1: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/1.jpg)
HawkEye: A Real-Time Anomaly Detection System
Satnam Singh
![Page 2: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/2.jpg)
Use case: IT Infrastructure Monitoring
![Page 3: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/3.jpg)
• Local Anomalies
• Global Anomalies
Anomaly Types: Demo
BaselineGlobal Anomaly
Number of Requests madeon Retail website
Tuesday Tuesday Tuesday
![Page 4: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/4.jpg)
HawkEye: Anomaly Detection Framework
1. Data Stream
Complexity Estimator
2. Local Anomaly Detection
3. Global Anomaly Detection
4. AnomalySuppressionand Fusion
AlertsdB
Metricsdata
UserDashboard
![Page 5: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/5.jpg)
Local Anomaly Detection
- Page’s Test- Parametric Models - One Class SVM- Kernel Density
Estimator- Ensemble of
Detectors
CPU
Baseline1
Baseline2
Anomaly1
Anomaly2
Anomaly3
Memory
µ +3σ-3σ
![Page 6: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/6.jpg)
Local Anomaly Detection: Page’s Test
Process beginsat t = 75
Detectiondeclared at t = 80
h = 30
Test statistic 1max 0, ( )n n nS S g x
log likelihood ratio
Test statistic Sn is “clamped” at zero
( )( ) ln
( )K n
nH n
f xg x
f x
![Page 7: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/7.jpg)
Local Anomaly Detection Results: Page’s Test
![Page 8: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/8.jpg)
Seasonality Detection and Prediction
Time Series Models- ARMA
![Page 9: HawkEye : A Real-time Anomaly Detection System](https://reader031.vdocuments.net/reader031/viewer/2022030309/58f2cc1b1a28ab856e8b45bb/html5/thumbnails/9.jpg)
Summary• Real-time anomaly detection• Local anomalies + Global Anomalies• Anomaly suppression - alerts• Ensemble of detectors• Hyper-parameters tuning using multi-model
approach