This presentation is about applying anomaly detection models and algorithms to monitoring DevOps environments. We survey a collection of techniques that we have applied successfully in DevOps configurations that range from very small to huge. Each of the techniques has strengths and weaknesses that are illustrated via real-world (anonymized) customer data.
Techniques discussed include deterministic and statistical models as well as uni-variate and multi-variate analytics. Examples are given that show concrete evidence where each can succeed and each can fail. This presentation is about concepts and how to think about alternative anomaly detection techniques. This presentation is not an academic discourse in math, statistics or probability theory.
RECORDING AVAILABLE: (CLICK HERE)
SLIDES[seoslides embed_id=”3778c60221c4″ script_src=”https://devops.com/embed-script/netuitive-devops-com-webinar/11827/” overview_src=”https://devops.com/slides/netuitive-devops-com-webinar/” site_src=”https://devops.com” site_title=”DevOps.com” title=”Netuitive DevOps.com Webinar” /]
Q. What is in the black box as you described in the section on statistical machine learning?
A. The short answer is a collection of algorithms that perform uni-variate and multi-variate generalized linear regression models with exponential smoothing applied to the stream of incoming metric observations. The uni-variate models are executed for each metric, as a default. The multi-variate models are applied to various collections of metrics that are defined based upon any one of several possible criteria and specifically tagged for adaptive learning. There are several patents that provide a lot more detail on our algorithms and they are publicly available for you to read if you like. A list of our patents is available on our web-site at www.netutive.com.
Q. What have you encountered in model and matrix sizes?
A. Matrix sizes are limited via a settable collection of parameters. Our current settings specify either 1024 or 2048 metrics per multi-variate model. Some of our “secret sauce” is in the implementation of the algorithms that execute the models.
The good news is that our implementation is amenable to subdivision into individual collections of metrics, so we can scale linearly by adding microservics to meet demand. I will say that the big matrices that we need to deal with are symmetric and positive semi-definite which are characteristics that make the matrices amenable to task-specific optimization strategies.
Also, you mentioned SVMs and neural networks. We like SVMS, but, after multiple attempts, have not had much success with neural networks.
Not surprisingly, we have discovered that 1) having a broad array of models/algorithms and 2) providing a mechanism to add context are critical to increasing precision and SNR.
Alan Shimel, Editor-in-Chief DevOps.com, An often-cited personality in the security and technology community and a sought-after speaker at industry and government events, Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology.
About the Panelist
Elizabeth A. Nichols, Ph.D. (Betsy), Chief Data Scientist at Netuitive
In this role Dr. Nichols is responsible for leading the company’s vision and technologies for analytics, modeling, and algorithms. Betsy has applied mathematics and computer technologies to create systems for war gaming, space craft mission optimization, industrial process control, supply chain logistics, electronic trading, advertising networks, IT security and risk models, and network and systems management. She has co-founded three companies, all of which delivered analytics to commercial and government enterprises. Betsy graduated with an A.B. from Vassar College and a Ph.D. in Mathematics from Duke University. Check her out on LinkedIn for more information.