Near Real-Time Anomaly Detection in NFV Infrastructures II: From SM to AGMP

Our prior work on single-metric near real-Time anomaly detection is extended in this paper through the generalization of a model that was initially developed for the monitoring of CPU utilization anomalies in Vodafone's Network Functions Virtualization (NFV) infrastructure. The initial generalization involves the model being adapted to other critical infrastructure KPIs, with a specific focus placed on average Network and Memory usage. Subsequently, a significant reduction in the model's free parameters is introduced, with the original count of 13 being decreased to a single parameter. Building upon this refined single-metric model, a novel multi-metric anomaly detection model is then constructed. The quality of anomaly detection is demonstrably enhanced by this model through a substantial reduction in the incidence of both false positive and false negative classifications. Empirical results from an experiment conducted on real-world data obtained from Vodafone's infrastructure are presented, with the superior performance of the newly developed multi-metric predictor being illustrated in comparison to its single-metric counterparts. The dataset utilized in this study, along with the corresponding labeled anomaly dataset, is released under an open data license to facilitate further research in this domain.