Disrupt the static nature of BI with Predictive Anomaly Detection

Disrupt the static nature of BI with Predictive Anomaly Detection

by Nir KalishSenior Director, Solution Engineering, Anodot

3

What is the problem?

Delayed business insights cost companies millions of dollars

Real Time Business Incident Detection

4

Business Incidents Use Cases

Drop in transactions across partners, mobile devices, type of loan

Online Payments/Loans Peak in revenues, impressions across publisher, advertiser, campaign

Ad-Tech

Drop in number of rides across city’s mobile devices, drivers

Ride SharingDrop in conversion for hotel reservations across browsers, countries

E-commerce

5

Getting Business Insights using traditional BI tools? Monitoring Systems?

Maintenance, not

automated

False Positive

No Real time

Millions of metrics

%

0 1 0 1 1 0 1 0 1 0 1 0

6

Find the Anomaly… Using traditional BI tools

Dashboards

7

So How do we get Real Time Business Insight?

8

How to Track the Millions and Get the Insights?

Automated Anomaly DetectionDisrupting the static nature of BI

Aggregate, Detect, Group and Alert

9

What is Anomaly Detection?

10

Automatic Anomaly Detection in five Steps

Metrics Collection – Universal, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback Based

Learning

1 2 3 4 5

11

Automatic Anomaly Detection in five Steps

Metrics Collection – Granular, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback Based

Learning

1 2 3 4 5

12

Anomaly Detection in every granularity

Number of Purchases

Product Category Geo Device

OSRevenue $ gift card

TV modelPhone model

Gift cards

Cell Phones

Electronics

US

EMEA

APJ

iOS

Windows

Android

Large Scale Anomaly Detection System Architecture

Kafka

Events Queue

AnomalyGrouping

Signals Correlation

Map

Real-TimeRollups Store

Cassandra

Anodotd

RESTWebApp

OnlineBase LineLearning

Aggregator

Elasticsearch

DWH S3

HADOOP/SparkHIVE

Offline Learning

Management &

Portal

Anodot-Web

User MgmtRDBMS

Customer DSAgent

• 5.4 billion daily samples• 120,000,000 metrics• 240,000,000 models

• updated with each sample• 500,000,000 correlation links

• Updated daily• 14,000,000 seasonal models

• Updated daily• 30 types of learning algorithms

• Metric classification, seasonality detection, trend, baseline models, clustering algos, LSH, …

• And counting…

14

Automatic Anomaly Detection in five Steps

Metrics Collection – Universal, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback based

learning

1 2 3 4 5

15

Static Thresholds versus Anomaly Based Alert

Anomaly Based Alert will find the problems hours before the static based one

16

Normal Behaviour Modelling: Not so Simple…

Signal TypeSeasonal pattern Adapt to changes

17

Seasonality

18

Learning the normal behavior: Not all signals are created equal

Smooth Irregular sampling

Multi Modal Sparse

Discrete “Step”

Step 1 Classify signal to Category

Step 2Match

Category with

Baseline Distribution

and Algorithm

19

Metric types distribution

20

Distribution of metric types per industry

21

Update rate with adaptive online models: Avoiding pitfalls

What should be the learning rate?

Too Slow

Too Fast

22

Update rate with adaptive online models: Avoiding pitfalls

What should be the learning rate?“Al Dente”

Auto tuning required!

23

Automatic Anomaly Detection in five Steps

Metrics Collection – Universal, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback Based

Learning

1 2 3 4 5

Abnormal behavior modelP(Anomaly Significance | Duration, Deviation)

90

70

5030 2010

Abnormal Behaviour Learning

25

Abnormal Behaviour Learning

Anomaly Score to enable correct prioritization of problems

26

Automatic Anomaly Detection in five Steps

Metrics Collection – Universal, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback Based

Learning

1 2 3 4 5

27

Behavioral Topology Learning and Correlation

Viewing correlated metrics in context enables correct problem identification

Price glitch – increase in purchases / decrease in revenue

28

Automatic Anomaly Detection in five Steps

Metrics Collection – Universal, scale to millions

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

Feedback Based

Learning

1 2 3 4 5

29

Feedback Based Learning

Enables continuance improvement of the machine learning process

Weekly anomaly stats: The importance of all steps

Based on 120,000,000 metrics

Normal behavior learning

Abnormal behavior learning

Behavioral Topology Learning

31

Anomaly Detection is every where

Social

Fintech

IT Ad-Tech

E-commerce

IOT

Business Incident

Detection

32

Current Anodot Customers – Partial List

- Pedro Silva, Senior product, Credit Karma

It used to take us up to several days to identify an issue on a specific page, offer, or service that was draining our revenues. Anodot identifies when a metric increases or decreases in real time, so we can resolve it quickly, before business suffers or revenue is lost.

THANK YOU