tags:

views:

106

answers:

1
+3  Q: 

Simple algorithm for online outlier detection of a generic time series

I am working with a large amount of time series. These time series are basically network measurements coming every 10 minutes, and some of them are periodic (i.e. the bandwidth), while some other aren't (i.e. the amount of routing traffic).

I would like a simple algorithm for doing an online "outlier detection". Basically, I want to keep in memory (or on disk) the whole historical data for each time series, and I want to detect any outlier in a live scenario (each time a new sample is captured). What is the best way to achieve these results?

I'm currently using a moving average in order to remove some noise, but then what next? Simple things like standard deviation, mad, ... against the whole data set doesn't work well (I can't assume the time series are stationary), and I would like something more "accurate", ideally a black box like:

double outlier_detection(double* vector, double value);

where vector is the array of double containing the historical data, and the return value is the anomaly score for the new sample "value" .

+2  A: 

This is a big and complex subject, and the answer will depend on (a) how much effort you want to invest in this and (b) how effective you want your outlier detection to be. One possible approach is adaptive filtering, which is typically used for applications like noise cancelling headphones, etc. You have a filter which constantly adapts to the input signal, effectively matching its filter coefficients to a hypothetical short term model of the signal source, thereby reducing mean square error output. This then gives you a low level output signal (the residual error) except for when you get an outlier, which will result in a spike, which will be easy to detect (threshold). Read up on adaptive filtering, LMS filters, etc, if you're serious about this kind of technique.

Paul R  2010-08-02 18:13:45
Thank you for your response. This seems like a good approach, but what if the signal exhibits a high seasonality (i.e. a lot of network measurements are characterized by a daily and weekly pattern at the same time, for example night vs day or weekend vs working days)? Will an adaptive filter be able to model this aspect? In my ideal world, I would like to detect a peak of traffic happening during the sunday morning, while the same value might be completely normal on Monday.
gighi  2010-08-02 19:20:27
So long as you have enough terms in your filter to model the various periodicities then it should just work - the adaptive filter will remove these frequencies leaving just residual noise.
Paul R  2010-08-02 20:43:12
Thank you again, I would like to try an algorithm based on this stuff. Do you know if there are some general purpose libraries to do a preliminary simulation of this method, before doing a real implementation (which probably takes some time)?
gighi  2010-08-02 20:51:22
You can probably prototype this quite quickly and easily in MATLAB (or a free clone like Octave). See e.g. http://www.mathworks.com/matlabcentral/fileexchange/3649-lms-algorithm-demo
Paul R  2010-08-02 21:08:27

related questions

What are some good rigid body dynamics references?
Algorithm to find a common multiplier to convert decimal numbers to whole numbers
How to test randomness (case in point - Shuffling)
What are the core mathematical concepts a good developer should know?
How to get the base 10 logarithm of a Fixnum in Ruby?
Can you be terrible at math and still a great programmer?
Modulus operation with negatives values - weird thing ??
How do I calculate a trendline for a graph?
Calculate Video Duration
Russell's Paradox
Popularity algorithm
How do I calculate distance between two latitude longitude points?
The Google Calculator Glitch, could float vs. double be a possible reason?
Calculating Distance Between 2 Cities
Prime factors
Where can I find a "Math topic dependency tree" to assist my self-guided refresher on the subject?
How to Round Up The Result Of Integer Division
Do you have to be good at math to be a good programmer?
Useful math for programmers
Puzzle: Find largest rectangle (maximal rectangle problem)
What does the term "BODMAS" mean?
Mapping latitude/longitude to a distorted map
A little diversion into floating point (im)precision, part 1
Solving a linear equation
What's the difference between Math.Floor() and Math.Truncate() in .NET?