Detection and Characterization of Network Anomalies in Large-Scale RTT Time Series

Abstract

Network anomalies, such as wide-area congestion and packet loss, can seriously degrade network performance. To this end, it is critical to accurately identify network anomalies on end-to-end paths for high quality network services in practice. In this work, we propose an unsupervised two-step method for the detection and characterization of general network anomalies. It first finds the change-points in large-scale RTT time series by formalizing an optimization problem in terms of data series segmentation. Then we mark the segments as normal or abnormal on different sides of a change-point through exploitation of their distribution statistics. After detecting an anomaly, a further step is introduced to analyze the relations between links with state changes and localize the entities (nodes or links) that most likely cause the corresponding event. We believe such unsupervised and light-weighed method can provide valuable insights on anomaly mining in large-scale time series data. Extensive experiments on both simulated (artificial time series with ground truth) and real-network (RIPE Atlas traceroute measurements) datasets are performed. The results demonstrate that the proposed method can achieve better performance, w.r.t. accuracy and efficiency, than existing solutions.