HURRA! Human readable router anomaly detection

TL;DR

HURRA is a human-readable system that enhances network anomaly detection by ranking features and incorporating expert knowledge, significantly aiding operators in troubleshooting diverse router anomalies.

Contribution

The paper introduces HURRA, a novel system that improves anomaly explanation and leverages expert knowledge without human intervention, adaptable to various datasets.

Findings

High agreement with expert annotations

Simple statistical methods effectively utilize past expert knowledge

Deployment challenges include selecting and tuning anomaly detection algorithms

Abstract

This paper presents HURRA, a system that aims to reduce the time spent by human operators in the process of network troubleshooting. To do so, it comprises two modules that are plugged after any anomaly detection algorithm: (i) a first attention mechanism, that ranks the present features in terms of their relation with the anomaly and (ii) a second module able to incorporates previous expert knowledge seamlessly, without any need of human interaction nor decisions. We show the efficacy of these simple processes on a collection of real router datasets obtained from tens of ISPs which exhibit a rich variety of anomalies and very heterogeneous set of KPIs, on which we gather manually annotated ground truth by the operator solving the troubleshooting ticket. Our experimental evaluation shows that (i) the proposed system is effective in achieving high levels of agreement with the expert, that (ii) even a simple statistical approach is able to extracting useful information from expert knowledge gained in past cases to further improve performance and finally that (iii) the main difficulty in live deployment concerns the automated selection of the anomaly detection algorithm and the tuning of its hyper-parameters.