Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Active Rule Mining for Multivariate Anomaly Detection in Radio Access Networks

Ebenezer R. H. P. Isaac, Joseph H. R. Isaac

TL;DR

This work tackles the gap between multivariate anomaly detection and domain expert interpretation in RAN by introducing Active Rule Mining, a three-stage pipeline that generates, appraises, and applies interpretable rules linking anomaly patterns to concrete operator actions. The method handles time-series and non-time-series data and adapts to concept drift by periodically updating reference statistics; it also supports updating rules via splitting, combining, and whitelisting with SME feedback. The approach yields actionable rules that can be automated for remediation and prioritization, reducing manual review and enabling production-ready responses. Demonstrated on time-series RAN data, the system effectively maps detected anomalies to business-relevant rules and responses.

Abstract

Multivariate anomaly detection finds its importance in diverse applications. Despite the existence of many detectors to solve this problem, one cannot simply define why an obtained anomaly inferred by the detector is anomalous. This reasoning is required for network operators to understand the root cause of the anomaly and the remedial action that should be taken to counteract its occurrence. Existing solutions in explainable AI may give cues to features that influence an anomaly, but they do not formulate generalizable rules that can be assessed by a domain expert. Furthermore, not all outliers are anomalous in a business sense. There is an unfulfilled need for a system that can interpret anomalies predicted by a multivariate anomaly detector and map these patterns to actionable rules. This paper aims to fulfill this need by proposing a semi-autonomous anomaly rule miner. The proposed method is applicable to both discrete and time series data and is tailored for radio access network (RAN) anomaly detection use cases. The proposed method is demonstrated in this paper with time series RAN data.

Active Rule Mining for Multivariate Anomaly Detection in Radio Access Networks

TL;DR

This work tackles the gap between multivariate anomaly detection and domain expert interpretation in RAN by introducing Active Rule Mining, a three-stage pipeline that generates, appraises, and applies interpretable rules linking anomaly patterns to concrete operator actions. The method handles time-series and non-time-series data and adapts to concept drift by periodically updating reference statistics; it also supports updating rules via splitting, combining, and whitelisting with SME feedback. The approach yields actionable rules that can be automated for remediation and prioritization, reducing manual review and enabling production-ready responses. Demonstrated on time-series RAN data, the system effectively maps detected anomalies to business-relevant rules and responses.

Abstract

Multivariate anomaly detection finds its importance in diverse applications. Despite the existence of many detectors to solve this problem, one cannot simply define why an obtained anomaly inferred by the detector is anomalous. This reasoning is required for network operators to understand the root cause of the anomaly and the remedial action that should be taken to counteract its occurrence. Existing solutions in explainable AI may give cues to features that influence an anomaly, but they do not formulate generalizable rules that can be assessed by a domain expert. Furthermore, not all outliers are anomalous in a business sense. There is an unfulfilled need for a system that can interpret anomalies predicted by a multivariate anomaly detector and map these patterns to actionable rules. This paper aims to fulfill this need by proposing a semi-autonomous anomaly rule miner. The proposed method is applicable to both discrete and time series data and is tailored for radio access network (RAN) anomaly detection use cases. The proposed method is demonstrated in this paper with time series RAN data.
Paper Structure (24 sections, 7 equations, 8 figures, 1 algorithm)

This paper contains 24 sections, 7 equations, 8 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Active Rule Mining – An Overview
  4. Method
  5. Training Phase
  6. Application Phase
  7. Rule Generation Stage
  8. Compute Reference Statistics
  9. Context
  10. Statistical measure
  11. Collate Outliers
  12. Formulate Rules
  13. Rule Appraisal Stage
  14. Assign Response
  15. Split rule
  16. ...and 9 more sections

Figures (8)

  • Figure 1: Anomaly Detection Pipeline
  • Figure 2: Phases and Stages of the Anomaly Rule Miner
  • Figure 3: Rule Generation Flow
  • Figure 4: Rule Appraisal Flow. Once the rules are generated, they are appraised by a domain expert. A rule can be split to multiple rules, combined with an existing appraised rule, whitelisted as a false positive, or assigned an appropriate response to be taken on its occurrence. The rule may also be whitelisted if its count in the dataset is beyond the critical frequency, $f_c$, for statistical automation.
  • Figure 5: Rule Matching and Discovery Flow. In production, each anomaly is tested against the rule set. Once a matching rule is found, appropriate action is taken based on the response set during appraisal. However, if a matching rule is not found, a default action is taken and then a new rule is created corresponding to the anomalous occurrence.
  • ...and 3 more figures