A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data

Yijun Lin; Yao Yi Chiang

doi:10.1109/BigData55660.2022.10020157

A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data

Yijun Lin, Yao Yi Chiang

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Large network logs, recording multivariate time series generated from heterogeneous devices and sensors in a network, can reveal important information about abnormal activities, such as network intrusions and packet losses. Existing machine learning methods for anomaly detection on multiple multivariate time series typically assume that 1) infrequent behaviors beyond some inference threshold are anomalous for unsupervised models or 2) require a large set of labeled normal and abnormal sequences for supervised models. However, in practice, the reported abnormal events might be available but incomplete and sparse (i.e., much fewer than normal cases). This paper presents a novel semi-supervised approach, SNetAD, that takes advantage of the incomplete and imbalanced labels to effectively learn separable feature embeddings of network activities representing normal and abnormal events. Specifically, SNetAD first generates network representations by capturing relationships across time points and between network devices. Then SNetAD encourages the embeddings to form two clusters using contrastive center loss and improves the separability of the learned clusters using labeled and unlabeled samples in a semi-supervised manner. The experiments demonstrate that SNetAD significantly outperforms state-of-the-art approaches for abnormal event prediction on a large real-world network log.

Original language	English (US)
Title of host publication	Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022
Editors	Shusaku Tsumoto, Yukio Ohsawa, Lei Chen, Dirk Van den Poel, Xiaohua Hu, Yoichi Motomura, Takuya Takagi, Lingfei Wu, Ying Xie, Akihiro Abe, Vijay Raghavan
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1024-1033
Number of pages	10
ISBN (Electronic)	9781665480451
DOIs	https://doi.org/10.1109/BigData55660.2022.10020157
State	Published - 2022
Event	2022 IEEE International Conference on Big Data, Big Data 2022 - Osaka, Japan Duration: Dec 17 2022 → Dec 20 2022

Publication series

Name	Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022

Conference

Conference	2022 IEEE International Conference on Big Data, Big Data 2022
Country/Territory	Japan
City	Osaka
Period	12/17/22 → 12/20/22

Bibliographical note

Funding Information:
This material is based upon work supported in part by the NTT Global Networks and NVIDIA Corporation.

Publisher Copyright:
© 2022 IEEE.

Keywords

multivariate time series
network event prediction
semi-supervised

Publisher link

10.1109/BigData55660.2022.10020157

Find It

Find It at U of M Libraries

Cite this

Lin, Y., & Chiang, Y. Y. (2022). A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data. In S. Tsumoto, Y. Ohsawa, L. Chen, D. Van den Poel, X. Hu, Y. Motomura, T. Takagi, L. Wu, Y. Xie, A. Abe, & V. Raghavan (Eds.), Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022 (pp. 1024-1033). (Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData55660.2022.10020157

A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data. / Lin, Yijun; Chiang, Yao Yi.

Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022. ed. / Shusaku Tsumoto; Yukio Ohsawa; Lei Chen; Dirk Van den Poel; Xiaohua Hu; Yoichi Motomura; Takuya Takagi; Lingfei Wu; Ying Xie; Akihiro Abe; Vijay Raghavan. Institute of Electrical and Electronics Engineers Inc., 2022. p. 1024-1033 (Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lin, Y & Chiang, YY 2022, A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data. in S Tsumoto, Y Ohsawa, L Chen, D Van den Poel, X Hu, Y Motomura, T Takagi, L Wu, Y Xie, A Abe & V Raghavan (eds), Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022. Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022, Institute of Electrical and Electronics Engineers Inc., pp. 1024-1033, 2022 IEEE International Conference on Big Data, Big Data 2022, Osaka, Japan, 12/17/22. https://doi.org/10.1109/BigData55660.2022.10020157

Lin Y, Chiang YY. A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data. In Tsumoto S, Ohsawa Y, Chen L, Van den Poel D, Hu X, Motomura Y, Takagi T, Wu L, Xie Y, Abe A, Raghavan V, editors, Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 1024-1033. (Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022). doi: 10.1109/BigData55660.2022.10020157

Lin, Yijun ; Chiang, Yao Yi. / A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data. Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022. editor / Shusaku Tsumoto ; Yukio Ohsawa ; Lei Chen ; Dirk Van den Poel ; Xiaohua Hu ; Yoichi Motomura ; Takuya Takagi ; Lingfei Wu ; Ying Xie ; Akihiro Abe ; Vijay Raghavan. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 1024-1033 (Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022).

@inproceedings{6a9b4aff4aa14becb2b66e80d01ee5e0,

title = "A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data",

abstract = "Large network logs, recording multivariate time series generated from heterogeneous devices and sensors in a network, can reveal important information about abnormal activities, such as network intrusions and packet losses. Existing machine learning methods for anomaly detection on multiple multivariate time series typically assume that 1) infrequent behaviors beyond some inference threshold are anomalous for unsupervised models or 2) require a large set of labeled normal and abnormal sequences for supervised models. However, in practice, the reported abnormal events might be available but incomplete and sparse (i.e., much fewer than normal cases). This paper presents a novel semi-supervised approach, SNetAD, that takes advantage of the incomplete and imbalanced labels to effectively learn separable feature embeddings of network activities representing normal and abnormal events. Specifically, SNetAD first generates network representations by capturing relationships across time points and between network devices. Then SNetAD encourages the embeddings to form two clusters using contrastive center loss and improves the separability of the learned clusters using labeled and unlabeled samples in a semi-supervised manner. The experiments demonstrate that SNetAD significantly outperforms state-of-the-art approaches for abnormal event prediction on a large real-world network log.",

keywords = "multivariate time series, network event prediction, semi-supervised",

author = "Yijun Lin and Chiang, {Yao Yi}",

note = "Funding Information: This material is based upon work supported in part by the NTT Global Networks and NVIDIA Corporation. Publisher Copyright: {\textcopyright} 2022 IEEE.; 2022 IEEE International Conference on Big Data, Big Data 2022 ; Conference date: 17-12-2022 Through 20-12-2022",

year = "2022",

doi = "10.1109/BigData55660.2022.10020157",

language = "English (US)",

series = "Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1024--1033",

editor = "Shusaku Tsumoto and Yukio Ohsawa and Lei Chen and {Van den Poel}, Dirk and Xiaohua Hu and Yoichi Motomura and Takuya Takagi and Lingfei Wu and Ying Xie and Akihiro Abe and Vijay Raghavan",

booktitle = "Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022",

}

TY - GEN

T1 - A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data

AU - Lin, Yijun

AU - Chiang, Yao Yi

PY - 2022

Y1 - 2022

N2 - Large network logs, recording multivariate time series generated from heterogeneous devices and sensors in a network, can reveal important information about abnormal activities, such as network intrusions and packet losses. Existing machine learning methods for anomaly detection on multiple multivariate time series typically assume that 1) infrequent behaviors beyond some inference threshold are anomalous for unsupervised models or 2) require a large set of labeled normal and abnormal sequences for supervised models. However, in practice, the reported abnormal events might be available but incomplete and sparse (i.e., much fewer than normal cases). This paper presents a novel semi-supervised approach, SNetAD, that takes advantage of the incomplete and imbalanced labels to effectively learn separable feature embeddings of network activities representing normal and abnormal events. Specifically, SNetAD first generates network representations by capturing relationships across time points and between network devices. Then SNetAD encourages the embeddings to form two clusters using contrastive center loss and improves the separability of the learned clusters using labeled and unlabeled samples in a semi-supervised manner. The experiments demonstrate that SNetAD significantly outperforms state-of-the-art approaches for abnormal event prediction on a large real-world network log.

AB - Large network logs, recording multivariate time series generated from heterogeneous devices and sensors in a network, can reveal important information about abnormal activities, such as network intrusions and packet losses. Existing machine learning methods for anomaly detection on multiple multivariate time series typically assume that 1) infrequent behaviors beyond some inference threshold are anomalous for unsupervised models or 2) require a large set of labeled normal and abnormal sequences for supervised models. However, in practice, the reported abnormal events might be available but incomplete and sparse (i.e., much fewer than normal cases). This paper presents a novel semi-supervised approach, SNetAD, that takes advantage of the incomplete and imbalanced labels to effectively learn separable feature embeddings of network activities representing normal and abnormal events. Specifically, SNetAD first generates network representations by capturing relationships across time points and between network devices. Then SNetAD encourages the embeddings to form two clusters using contrastive center loss and improves the separability of the learned clusters using labeled and unlabeled samples in a semi-supervised manner. The experiments demonstrate that SNetAD significantly outperforms state-of-the-art approaches for abnormal event prediction on a large real-world network log.

KW - multivariate time series

KW - network event prediction

KW - semi-supervised

UR - http://www.scopus.com/inward/record.url?scp=85147960828&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85147960828&partnerID=8YFLogxK

U2 - 10.1109/BigData55660.2022.10020157

DO - 10.1109/BigData55660.2022.10020157

M3 - Conference contribution

AN - SCOPUS:85147960828

T3 - Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022

SP - 1024

EP - 1033

BT - Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022

A2 - Tsumoto, Shusaku

A2 - Ohsawa, Yukio

A2 - Chen, Lei

A2 - Van den Poel, Dirk

A2 - Hu, Xiaohua

A2 - Motomura, Yoichi

A2 - Takagi, Takuya

A2 - Wu, Lingfei

A2 - Xie, Ying

A2 - Abe, Akihiro

A2 - Raghavan, Vijay

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2022 IEEE International Conference on Big Data, Big Data 2022

Y2 - 17 December 2022 through 20 December 2022

ER -

A Semi-Supervised Learning Approach for Abnormal Event Prediction on Large Network Operation Time-Series Data

Abstract

Publication series

Conference

Bibliographical note

Keywords

Publisher link

Find It

Other files and links

Fingerprint

Cite this