Anomaly Based Intrusion Detection (ABID+)

As the new technologies and services are added to legacy networks, the importance of multi-technology and multi-vendor KPI/counter based anomaly detection in modern networking environments has increased. In legacy systems, threshold based SLA and problem identification techniques cannot provide the high standards of service assurance and networking performance anymore.

TTG’s ABID+ solution enhances network operation efficiency by providing continuous and autonomous root cause analysis for complex anomalies by correlating the relevant data from network.

•Basic Features
•ABID+ Architecture
•Understanding Data Trends
•Pearson Correlation
•1,2,3,n Dimensional Anomaly Detection
•Root Cause Analysis
•CMEx and NORTH-I Integration
•Case 1
•Case 2

Basic Features:

•    Multi Variant, Multi-Dimensional Anomaly Detection and Correlation Analysis
•    Understanding Data Trends
•    Pearson Correlation
•    KNN (Key Nearest Neighbor) Algorithm
•    1,2,3, n Dimensional Anomaly Detection
•    Root Cause Analysis
•    Dashboard
•    CMEx & North-I Integration

ABID+ Architecture:

Understanding Data Trends:

Understanding Data Trends:

•    17:00 data for 2 months
•    Max values are ‘SUNDAY’
•    Weekly Repeat
•    Monthly Repeat

Sample KPI-List:

Pearson Correlation:

Determines relation between two values
v1, v2 vectors, P = Pearson result

Grouping Highly Correlated Values

•Long Term Relation Analysis
•Short Term Relation Analysis
•Suggested Counter/KPI
•Can combine any ‘time series’ values such as weather, configuration etc...

Anomally Algorithm
• Finds closest n value to selected one
• Decide according %50 date trending, %50 value level
• Close dates behavior are important
• Close point values are important

Maharanis Distance:
•    Decide values as an anomaly or not
•    Can be changed by user
•    Default value is 2
•    Uses outputs (Closest values)

N Dimensional Anomaly Detection with Machine Learning
With ABID+, TTG introduces a novel method for detecting anomalies in multivariate time series. The method also works for univariate time series.

• 1 Dim reports have ‘Trust Range’ feature to see expected value
• If a value is outside of trust range limit, value is labeled as anomaly

•    Multi-vendor, multi-technology and Multi-KPIs Anomaly Detection
•    Multi-Dimensional time series based models Machine Learning Anomaly Detection.
•    ABID+ can detect security anomalies on IoT device, network KPIs and interfaces.
•    Correlation with the other relevant data from network.
•    Detecting deviation where legacy threshold base model cannot.

Automated Anomaly Detection with Machine Learning & Deep Learning

As datasets increase in size and complexity, it becomes impractical to spot problems in the network.  TTG’s technology uses multi-KPIs machine learning algorithms learning features automatically model the normal behavior of your time series data in real time to identify anomalies, streamline root cause analysis with the correlation of the relevant data, and reduce false positives.

Root Cause Analysis


CMEx and NORTH-I Integration