User login

Weekly Report -- 05/10/2012




Added a new anomaly detector to our network event monitor: the Plunge Detector. The basic aim is to detect situations where an otherwise active time series plunges to a very low (or zero) value. Sounds simple, but kinda tricky to do in a generic fashion. The general algorithm is track the median and minimum observed values over the past N measurements and then raise an alarm when the current value is both significantly below the median and the minimum observed values.

Spent much of the week testing both the new Plunge detector and the Shewhart detector against the various LPI time series in my test data set. Lots of refinement going on with both detectors, but starting to get pretty happy with the results.

Started working towards a new libtrace release - mostly just a few little bug fixes and tidyups. Part of the release process is to test it on a FreeBSD machine, but the old emulation image doesn't work with the new emulation network. Set up a FreeBSD 9 machine so that Brendon could make a new image, which was a lot more painful than it should have been. Managed to get libtrace tested and passed the machine over to Brendon for imaging - I expect a decent rant in his weekly report about that step of the process to :)