Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

A common factor of every network monitoring system is an alerting module for time series. This module aims at triggering a warning when any type of abnormal behavior is detected in the patterns of a time series. Such a search for anomalies can be carried out by network managers as a supervised task such that the thresholds for considering a measurement as an anomaly are set following a manual process. Alternatively, we focus on how to translate such a task to an unsupervised one, thus alleviating network managers' dedication. To this end, we have developed, based on the experience of monitoring dozens of networks, a player of real anomalies. Thus, by recreating real issues, the alerting systems' parametrization can be carried out without supervision. Additionally, as a novelty, we propose to consider the network managers' workforce as a significant parameter to configure the thresholds of the alerting module-essentially, avoiding triggering alarms that will hardly receive attention. Then, we propose to measure and rank alarms by relevance, and relate them to the time to be solved for constructing, eventually, automatic schedules for the members of the staff-according to their time availability. Finally, all these proposals have been put into practice in various deployments of monitoring systems on networks in operation, which gives us evidence of its usefulness and low demand for resources.

Automated summary

This article introduces the alerting module for time series in network monitoring systems, and discusses how to transform the task of monitoring anomalies into an unsupervised task in order to reduce the workload of network managers. By developing a player of real anomalies and considering the network managers' workforce as a parameter for configuring thresholds of the alerting module, a novel approach is proposed.