Design of experiment
There are many domain specific problems where time-series anomaly detection brings value and insight into the data. Some of them are more straightforward and easier to solve than other. Executives of a retail sales company want to be alerted if there is a sudden drop in the sales of a product or a car rental company desires to monitor the number of rented cars. These types of problems require to analyze one target variable (KPI) with possible explanatory variables that affect the KPI.
On the other hand, there are industries where vast amount of data is produced by different kinds of sensors like temperature, humidity, rotation speed etc. Such data usually describe “health” of one or more machines or systems. Instead of one metric/KPI being monitored, such problems require to monitor the system as whole.
Evaluating each metric separately is unfeasible if the data is cross-correlated which is often the case. Such methods don't account for the correlations resulting in many false positives/negatives.
Another possibility is to approach these problems with multivariate time-series anomaly detection. Such methods treat the data as one bulk; they try to identify the normal behavior regarding to the data interdependencies and produce model that should be capable of recognizing anomalous behavior. If we take into consideration that there are hundreds or thousands of different measurements it can be a challenging task. These methods suffer from the “curse of dimensionality” phenomena – as the dimensionality increases it is more and more difficult to identify the true relationships among the metrics which is crucial for building reasonable normal behavior model.
Our approach to complex machinery problems¶
We feel that to tackle these problems some supervision is necessary. We propose an approach where an anomaly detection problem is divided into several subproblems. Each subproblem represents some part of the whole system and is defined by one target metric and possible explanatory metrics affecting it. Specifying the subproblems requires knowledge of the underlying process. The group of metrics of a subproblem should closely relate to each other with causal or correlation effects. On the other hand, correlation of some metrics does not necessarily mean that the relationship is important for evaluation of a record being anomalous or not. Therefore, understanding of the problem is crucial.
A simplified schema of a system or machine with identified subproblems could look as on the figure below.
Such example could be generalized with arbitrary number of metrics/variables. Each of the subproblems is a separate anomaly detection task for the TIM Anomaly Detection engine. The proposed approach has also the advantage of locating a potential problem of the system more accurately. This would be much more difficult to accomplish using classic multivariate approach and the results would be rather unreliable.