Anomaly Based Intrusion Detection (ABID+)

Anomaly Based Intrusion Detection (ABID+)

As networks evolve with new technologies and services, the need for multi-technology and multi-vendor anomaly detection based on KPIs/counters has become increasingly important in modern networking environments. Traditional threshold-based SLA and problem identification techniques are no longer sufficient to ensure high standards of service assurance and network performance.

Typically network operators have immense amount of data which has to be correlated via intelligent algorithms to find poor performing nodes are potential bottlenecks in minimal time.

TTG's ABID+ solution enhances network operation efficiency by providing continuous and autonomous root cause analysis for complex anomalies through correlation of relevant network data.

Key Features & Benefits:

  • Multi-variant, multi-dimensional anomaly detection and correlation analysis to understand data trends
  • Multiple models  (such as Pearsn, KNN,etc )  for greater versatility in your analysis
  • Root cause analysis to ease your “real” problem , finding the needle in hay-stack
  • Modular architecture and dashboard  for stand-alone use or ease of integration with your other tools (such as CMEx or  North-I

With ABID+ versatile modelling and modular structure, it can not only parse and process multivendor multidomain data across the network but able to integrate other sources such a s meteorological data extending its compute power further into real-life. Anomaly detection and AL/ML need tailor made models as well, where TTG Int, R&D consultants with academic research reach would assist you throughout your  process


Vodafone TR

For further reading  

Understanding The Data Trends with ABID+

ABID+ leverages advanced algorithms to analyze data trends and identify patterns within your network. By examining historical data, ABID+ identifies key trends and patterns that are crucial for anomaly detection and root cause analysis.

Using sophisticated statistical techniques, ABID+ determines the relationship between different variables and their behavior over time. This analysis allows the system to establish baseline patterns of normal network behavior. Any deviations from these patterns are flagged as potential anomalies, indicating a potential issue or security threat.

By understanding data trends, ABID+ can differentiate between normal fluctuations and abnormal network behavior. It takes into account factors such as time of day, day of the week, and historical patterns to make accurate anomaly detections. This enables the system to provide reliable insights and minimize false positives, ensuring that you can focus on addressing real network issues.

With ABID+, you gain a deeper understanding of your network's data trends, empowering you to take proactive measures to optimize performance and enhance security. By detecting anomalies and identifying patterns, you can make informed decisions, improve network efficiency, and ensure a seamless user experience.

Experience the power of ABID+ and unlock the potential of understanding your network's data trends. Contact us today to learn more and schedule a demo.

Sample KPI-List:

ABID+ offers a wide range of Key Performance Indicators (KPIs) that can be monitored and analyzed to detect anomalies and optimize network performance. Here are some examples of the KPIs that can be tracked using ABID+:

  1. Network Traffic Volume: Measure the total volume of data or traffic flowing through the network within a specific time frame.
  2. Packet Loss Rate: Monitor the percentage of packets that are lost or discarded during transmission, indicating potential network congestion or connectivity issues.
  3. Latency: Track the time it takes for data packets to travel from the source to the destination, helping to identify delays or bottlenecks in the network.
  4. Network Availability: Monitor the uptime and availability of network components and services, ensuring that they meet the desired service level agreements (SLAs).
  5. Error Rate: Measure the rate of errors or anomalies occurring in the network, such as CRC errors or packet errors, indicating potential hardware or transmission issues.
  6. Bandwidth Utilization: Monitor the percentage of available bandwidth being utilized in the network, helping to identify potential capacity constraints or underutilized resources.
  7. Call Setup Success Rate: Measure the success rate of call setup attempts in telecommunication networks, ensuring reliable connectivity for voice or data services.
  8. Network Response Time: Track the time taken for the network to respond to user requests or queries, providing insights into the network's responsiveness and performance.
  9. Service Level Agreement (SLA) Compliance: Monitor the adherence to predefined SLAs, ensuring that network performance meets the expected standards.
  10. Network Security Events: Monitor and analyze security events and anomalies, such as unauthorized access attempts or suspicious network activity.

These are just a few examples of the KPIs that can be monitored and analyzed using ABID+. The system allows for customization and flexibility, enabling operators to define and track KPIs specific to their network environment and business requirements. By monitoring these KPIs, operators can gain valuable insights, detect anomalies, and take proactive measures to optimize network performance and enhance the overall user experience.

Discover the power of ABID+ and leverage its comprehensive KPI monitoring capabilities to ensure the stability, reliability, and security of your network. Contact us today to learn more and schedule a demo.

Pearson Correlation:

The Pearson correlation coefficient is a statistical measure used to determine the relationship between two variables or values in a dataset. In the context of ABID+, the Pearson correlation method is employed to analyze the correlation between different KPIs or performance metrics within the network.

The Pearson correlation coefficient, denoted as "r," is calculated using the following formula:

r = (Σ((xi - x̄)(yi - ȳ))) / (sqrt(Σ(xi - x̄)²) * sqrt(Σ(yi - ȳ)²))


  • Σ denotes the sum of the values
  • xi and yi represent individual data points from the two variables
  • x̄ and ȳ are the means of the two variables

The resulting value of r ranges from -1 to +1. A value of +1 indicates a perfect positive correlation, meaning that as one variable increases, the other variable also increases proportionally. A value of -1 represents a perfect negative correlation, where as one variable increases, the other variable decreases proportionally. A value of 0 indicates no correlation or a random relationship between the variables.

In the case of ABID+, the Pearson correlation is utilized to understand the relationship between two KPIs or performance metrics. By calculating the correlation coefficient using the formula mentioned above, ABID+ can determine if there is a strong positive or negative correlation between the variables. This information is valuable for identifying patterns, dependencies, or causal relationships between different aspects of network performance.

For example, let's consider two KPIs: network traffic volume and latency. By calculating the Pearson correlation coefficient between these two variables, ABID+ can reveal whether there is a correlation 

between high traffic volume and increased latency. If the correlation coefficient is positive and close to +1, it suggests that as the network traffic volume increases, the latency also tends to increase. This information can help operators identify potential bottlenecks orcongestion issues in the network.

By leveraging the power of the Pearson correlation method, ABID+ enables operators to gain insights into the interdependencies and relationships between various KPIs within the network. This information can assist in troubleshooting, performance optimization, and proactive decision-making to ensure optimal network performance and enhance the overall user experience.

Harness the analytical capabilities of ABID+ and leverage the Pearson correlation method to uncover hidden insights and improve the efficiency of your network operations. Contact us today to learn more about ABID+ and its advanced analytical features.

Grouping Highly Correlated Values:

Based on the provided data, the Pearson correlation analysis can be conducted to examine the relationships between the different KPIs. The results are shown in the table below:

RAN Availability
Packet Loss Rate
RAN Availability
Packet Loss Rate

*Significant at the 0.05 level (2-tailed).

The Pearson correlation coefficients show a strong negative correlation between RAN availability and packet loss rate (-0.76), indicating that improving RAN availability can also improve the packet loss rate. This suggests that when the RAN availability increases, the packet loss rate tends to decrease.

The analysis also reveals a positive correlation between packet loss rate and latency (0.63*), suggesting that reducing the packet loss rate can lead to improved latency. In other words, as the packet loss rate decreases, the latency is expected to improve.

However, there is a weak negative correlation between RAN availability and latency (-0.43), indicating that improving RAN availability may have a limited impact on latency. This means that while an increase in RAN availability may have some positive effect on reducing latency, it is not the sole determining factor.

By grouping highly correlated values together, operators can gain insights into the dependencies and relationships between different KPIs. In this case, the strong negative correlation between RAN availability and packet loss rate suggests that focusing on improving RAN availability can have a direct impact on reducing packet loss. Similarly, the positive correlation between packet loss rate and latency highlights the importance of addressing packet loss to improve latency.

These findings from the correlation analysis can assist network operators in making informed performance optimization decisions and prioritizing areas for improvement. By understanding the interplay between different KPIs, operators can focus their efforts on the most influential factors and work towards enhancing the overall network performance.

Leverage the power of correlation analysis within ABID+ to uncover meaningful relationships between KPIs and drive data-driven optimization strategies. Contact us today to learn more about ABID+ and how it can help you gain valuable insights into your network performance.

Additionally, ABID+ goes beyond simple correlation analysis by utilizing advanced machine learning algorithms to perform N-dimensional anomaly detection. This enables the system to identify anomalies in multivariate time series data, taking into account multiple KPIs simultaneously.

By leveraging machine learning techniques, ABID+ can detect complex patterns and anomalies in the network that may not be apparent through traditional threshold-based methods. The system analyzes the historical data and learns the normal behavior of the network, allowing it to identify deviations from the expected patterns.

With its root cause analysis capabilities, ABID+ helps operators pinpoint the underlying causes of anomalies. By correlating the relevant data from the network, it provides valuable insights into the factors contributing to the detected anomalies. This empowers operators to take proactive measures in resolving network issues and optimizing performance.

The intuitive dashboard of ABID+ provides a comprehensive view of the network's anomaly status, allowing operators to monitor the network health in real-time. It presents visualizations and reports that highlight the identified anomalies, their severity, and the potential root causes. This enables operators to prioritize their actions and allocate resources effectively.

Integration with other systems such as CMEx and NORTH-I further enhances the observability of the network. By combining the capabilities of these tools, operators can have a comprehensive view of their network infrastructure, configuration, performance, and anomalies. This integration enables a holistic approach to network management and optimization.

Through the combined power of advanced anomaly detection, root cause analysis, and integration with other tools, ABID+ empowers operators to proactively identify and address network anomalies, ensuring optimal performance, reliability, and customer satisfaction.

Take advantage of ABID+ to enhance the observability of your network and gain valuable insights into your network's performance. Contact us today to learn more about ABID+ and how it can help you optimize your network operations.

N Dimensional Anomaly Detection with Machine Learning:

ABID+ introduces a powerful capability for detecting anomalies in multivariate time series data using machine learning algorithms. This advanced feature allows the system to analyze multiple KPIs simultaneously, providing a comprehensive view of the network's behavior and performance.

Traditional anomaly detection methods often focus on univariate time series data, considering each KPI in isolation. However, in complex network environments, anomalies are often correlated across multiple KPIs, making it crucial to analyze them collectively

With ABID+, operators can leverage machine learning algorithms to detect anomalies in N-dimensional space, where N represents the number of KPIs being monitored. By considering the relationships and dependencies between various KPIs, ABID+ can uncover hidden patterns and anomalies that may go unnoticed with traditional approaches.

The system learns the normal behavior of the network through historical data analysis and establishes a baseline for each KPI. It then compares the real-time data to the established baseline and identifies any deviations or anomalies. By employing advanced statistical techniques and machine learning models, ABID+ can effectively differentiate between normal network behavior and abnormal patterns.

The N-dimensional anomaly detection capability of ABID+ offers several advantages. First, it provides a more comprehensive understanding of network performance by considering multiple factors simultaneously. This holistic view enables operators to identify complex anomalies that may have a significant impact on network operations.

Furthermore, ABID+ can adapt to changing network conditions and evolving patterns by continuously updating its models. This adaptive nature ensures that the system remains effective in detecting anomalies in dynamic network environments.

The integration of machine learning algorithms in ABID+ enhances its accuracy and robustness, enabling it to handle large-scale data sets and complex network structures. Operators can rely on ABID+ to proactively identify anomalies, investigate their causes, and take appropriate actions to optimize network performance and minimize service disruptions.

With N-dimensional anomaly detection powered by machine learning, ABID+ provides a cutting-edge solution for comprehensive network observability. It empowers operators to stay ahead of network issues, improve troubleshooting efficiency, and deliver a superior experience to their customers.

Harness the power of N-dimensional anomaly detection with ABID+ and unlock valuable insights into your network's performance. Contact us today to learn more about ABID+ and its advanced capabilities.

Automated Anomaly Detection with Machine Learning & Deep Learning:

As networks continue to grow in complexity and scale, manual analysis of data to identify anomalies becomes impractical and time-consuming. ABID+ revolutionizes the anomaly detection process by leveraging the power of machine learning and deep learning algorithms.

With ABID+, operators can automate the detection of anomalies in real-time, ensuring prompt identification and response to any deviations from normal network behavior. The system uses advanced machine learning models to learn the patterns and characteristics of normal network operation, allowing it to detect even subtle anomalies that may indicate underlying issues.

By continuously analyzing network data and comparing it to the learned patterns, ABID+ can automatically identify and flag any anomalies. This automated approach significantly reduces the manual effort required for monitoring and detecting anomalies, freeing up valuable time and resources for network operators.

The machine learning algorithms used in ABID+ are capable of handling large volumes of data and complex network structures. They can learn intricate relationships between different KPIs and detect anomalies across multiple dimensions simultaneously. This enables operators to gain a comprehensive understanding of network performance and identify potential issues across various aspects of the network.

Deep learning techniques further enhance the anomaly detection capabilities of ABID+. Deep neural networks can learn hierarchical representations of network data, enabling them to capture complex patterns and dependencies. This enables ABID+ to detect anomalies that may not be evident using traditional statistical methods or threshold-based approaches.

The automated anomaly detection provided by ABID+ offers several advantages. First, it allows operators to detect anomalies in real-time, ensuring prompt response and mitigation. Early detection of anomalies can prevent service disruptions and improve overall network performance.

Second, the use of machine learning and deep learning algorithms ensures adaptability to changing network conditions. ABID+ can continuously learn and update its models based on evolving network patterns, ensuring its effectiveness in dynamic environments.

Lastly, the automated nature of ABID+ reduces the reliance on manual analysis, minimizing the risk of human errors and providing consistent and reliable anomaly detection across the network.

By integrating ABID+ with NORTH-I and CMeX, operators can achieve comprehensive observability of their network. These solutions work synergistically to provide a holistic view of network performance, detect anomalies, and optimize network operations.

Experience the power of automated anomaly detection with ABID+ and enhance the efficiency and reliability of your network management. Contact us today to learn more about ABID+ and its advanced features.


ABID+ features a user-friendly and intuitive dashboard interface that offers real-time visualizations and insights into network anomalies. The dashboard provides operators with a comprehensive view of the network's performance and highlights any detected anomalies, enabling quick identification and analysis of potential issues.

Key Features:

  1. Real-Time Visualization: The dashboard provides real-time visual representations of network anomalies, allowing operators to monitor the current state of the network at a glance. Interactive charts, graphs, and maps display key metrics and trends, making it easy to identify abnormal patterns or deviations.
  2. Anomaly Alerts: The dashboard features an alert system that notifies operators of any detected anomalies in the network. Alerts are displayed prominently on the dashboard, indicating the severity and nature of the anomalies. Operators can quickly assess the impact and prioritize their actions based on the alerts.
  3. Drill-Down Capabilities: The dashboard allows operators to drill down into specific areas or components of the network for more detailed analysis. Operators can select specific time periods, network segments, or KPIs to focus on, enabling a deeper understanding of the anomalies and their root causes.
  4. Customizable Views: Operators have the flexibility to customize their dashboard views based on their specific needs and preferences. They can choose which metrics and KPIs to display, rearrange the layout, and personalize the visualizations to align with their monitoring priorities.
  5. Historical Data Analysis: The dashboard provides access to historical data, allowing operators to analyze trends and patterns over time. Historical visualizations help identify recurring anomalies or long-term performance issues, providing insights for preventive measures and optimization strategies.
  6. Integration with CMEx and NORTH-I: The dashboard seamlessly integrates with CMEx and NORTH-I, leveraging the configuration management and network monitoring capabilities of these solutions. Operators can access configuration data and performance metrics from CMEx and NORTH-I directly within the dashboard, enabling comprehensive analysis and correlation of data.


  • Real-time visibility: The dashboard provides operators with up-to-date and actionable information about network anomalies, enabling quick response and resolution.
  • Improved decision-making: With real-time visualizations and insights, operators can make informed decisions to optimize network performance and address anomalies promptly.
  • Efficient troubleshooting: The dashboard's drill-down capabilities and historical data analysis empower operators to identify root causes and track the progression of anomalies, streamlining troubleshooting processes.
  • Enhanced collaboration: The dashboard facilitates collaboration among cross-functional teams by providing a centralized platform for sharing information and insights about network anomalies.

The dashboard in ABID+ delivers a powerful tool for monitoring network anomalies and gaining valuable insights into network performance. Operators can leverage its real-time visualizations, alerts, and customizable features to proactively manage anomalies, improve network efficiency, and ensure a superior quality of service for their customers.

CMEx and NORTH-I Integration:

The integration of ABID+ with CMEx and NORTH-I provides a seamless and comprehensive observability solution for the network, enabling proactive management of end-to-end 2G/3G/4G RAN. The integration empowers operators to efficiently monitor network performance, correlate data, and identify and resolve issues in real-time.

Use Case: Proactively managing end-to-end 2G/3G/4G RAN

A Turkish mobile operator faced challenges in meeting its business and customer experience objectives due to RAN quality issues and prolonged problem resolution times. With limited resources, the operator sought a solution to radically improve its level of service. The operator had deployed various performance, configuration, and alarm management systems over time, resulting in fragmented and disconnected data that hindered end-to-end visibility and analysis.

As part of a project to upgrade its radio access and core mobile network infrastructure, the operator decided to implement TTG's NORTH-I, CMeX, and ABID. This comprehensive solution offered the operator the ability to proactively manage and correlate data across multiple vendor and domain networks, all while achieving a lower Total Cost of Ownership (TCO).

With NORTH-I, CMeX, and ABID, the operator gained a unified system where performance, configuration, and correlated network alarm data from all technologies and equipment vendors were collected and harmonized. This data was immediately available to the operations and engineering teams, enabling them to monitor the network's health, prioritize resolution actions, and perform sophisticated correlation, trending, and analysis to prevent performance problems.

On a daily basis, the operator's operations engineers utilized the scheduled Key Performance Indicators (KPIs) provided by NORTH-I, CMeX, and ABID. They identified the worst-performing elements in the network by region, allowing them to focus their efforts on resolving critical issues promptly. The powerful capabilities of NORTH-I, CMeX, and ABID allowed the engineers to analyze trends using custom-defined time functions and formulas, comparing current data with historical periods. By storing all data as part of its collection mechanism, NORTH-I, CMeX, and ABID facilitated easy access to historical data for deeper analysis and troubleshooting.

Through the seamless integration of ABID+ with CMEx and NORTH-I, the operator achieved comprehensive observability of its network. The combination of performance management, configuration management, and anomaly detection enabled efficient monitoring, timely issue resolution, and optimization of network performance. The integration provided a unified platform for data correlation and analysis, empowering the operator to proactively manage its end-to-end 2G/3G/4G RAN and deliver an enhanced customer experience.

Experience the power of ABID+ and take control of your network's security and performance. Contact us today to schedule a demo and learn how ABID+ can enhance your network operations, improve efficiency, and ensure a secure and reliable network environment.

With the combined power of CMEx, NORTH-I, and ABID, the operator gained valuable insights into their network's performance and health. The integrated solution enabled them to monitor key performance indicators, detect anomalies, and perform root cause analysis, all within a single platform.

By leveraging the capabilities of CMEx, the operator could effectively manage their network's configuration and changes. The system provided graphical user interfaces for monitoring and operating connections, links, and equipment configurations. This streamlined approach allowed the operator to easily track and manage their network's assets, ensuring optimal performance and efficient resource allocation.

NORTH-I played a crucial role in providing comprehensive performance management. With real-time network monitoring and reporting, the operator gained visibility into network metrics, such as availability, packet loss rate, and latency. The intuitive dashboard presented key performance indicators, enabling the operator to identify bottlenecks and proactively address issues that could impact network performance. The integration of NORTH-I with CMEx and ABID ensured seamless data exchange and correlation for a holistic view of network operations.

ABID, with its anomaly-based intrusion detection capabilities, enhanced the operator's network security. By analyzing data trends and utilizing machine learning algorithms, ABID automatically detected complex anomalies and provided actionable insights. The integration with CMEx and NORTH-I allowed for comprehensive observability, enabling the operator to identify and address security threats promptly.

In summary, the integration of CMEx, NORTH-I, and ABID offered the operator a powerful suite of tools for comprehensive network management. From configuration and performance monitoring to anomaly detection and root cause analysis, the combined solution empowered the operator to optimize their network's performance, enhance security, and deliver an exceptional user experience. With these integrated tools, the operator was able to proactively man.

Call to Action:

Don't let network anomalies go unnoticed! Experience the power of ABID+ and take control of your network's security and performance. Our advanced anomaly detection solution is designed to proactively identify and address network issues, ensuring uninterrupted service and optimal performance.

Contact us today to schedule a demo and see how ABID+ can revolutionize your network operations. Our team of experts will guide you through the features and benefits of ABID+, tailored to your specific network requirements. Stay ahead of the curve and safeguard your network against potential threats with ABID+.