You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@metron.apache.org by cestella <gi...@git.apache.org> on 2017/12/15 21:40:25 UTC

[GitHub] metron pull request #870: METRON-1364: Add an implementation of Robust PCA o...

GitHub user cestella opened a pull request:

    https://github.com/apache/metron/pull/870

    METRON-1364: Add an implementation of Robust PCA outlier detection

    ## Contributor Comments
    With short circuiting in Stellar, we have the opportunity to delve into more computationally intensive outlier detection techniques. Generally these would be executed only if simpler outlier detection techniques indicated an outlier (e.g. statistical outlier tests).
    As the first one of these supported, I'd suggest a Robust PCA based technique similar to Netflix's Surus. See https://medium.com/netflix-techblog/rad-outlier-detection-on-big-data-d6b0494371cc and https://metamarkets.com/2012/algorithmic-trendspotting-the-meaning-of-interesting/ for more detail.
    It should be noted that there are some caveats with this approach around sparsity and orderedness.
    Regarding sparsity,this outlier detection algorithm presumes dense output, which is not the case for data spanning profiles (e.g. the profiler does not write out data every period if no data was seen). To deal with this, I am suggesting a modification to the profiler to allow PROFILE_GET to return a default value. That will be done in a separate JIRA.
    Regarding well-orderedness, this is an outlier detector for time series data, so it is sensitive to order to a certain extent. Given its computational intensity, it is likely to be used with a sample of the data to shrink the size of the data. To that end, uniform sampling is not sensible here, but rather a biased sample for recency. Without this, you may get poor results from this outlier detector. This sampler should be done in a separate JIRA, but I will ensure the infrastructure to add it is contributed in METRON-1350.
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron.  
    Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions.  
    Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides.  
    
    
    In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). 
    - [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
    - [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
    
    
    ### For code changes:
    - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed?
    - [ ] Have you included steps or a guide to how the change may be verified and tested manually?
    - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
      ```
      mvn -q clean integration-test install && build_utils/verify_licenses.sh 
      ```
    
    - [x] Have you written or updated unit tests and or integration tests to verify your changes?
    - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? 
    - [ ] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?
    
    ### For documentation related changes:
    - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`:
    
      ```
      cd site-book
      mvn site
      ```
    
    #### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
    It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request.
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cestella/incubator-metron RAD_outlier

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/metron/pull/870.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #870
    
----
commit 767725385fc1057321c5e7542864a3b0afdd9ae9
Author: cstella <ce...@gmail.com>
Date:   2017-12-13T21:38:29Z

    RAD infrastructure.

commit 36b395b5307cdaabc1b3b989046017c1bf1e7e52
Author: cstella <ce...@gmail.com>
Date:   2017-12-15T18:54:52Z

    Initial commit for RAD

commit 5bfce65da838062c360f4793241469fddde69021
Author: cstella <ce...@gmail.com>
Date:   2017-12-15T21:28:26Z

    Updating docs and tests.

----


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by cestella <gi...@git.apache.org>.
Github user cestella commented on the issue:

    https://github.com/apache/metron/pull/870
  
    it's still alive..sorry, I still owe a test plan and a deconflict. This one is more of a labor of love and I was worried that it may be a bit premature and wanted to validate with a real cybersecurity use-case.


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by JonZeolla <gi...@git.apache.org>.
Github user JonZeolla commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Is this still alive?


---

[GitHub] metron pull request #870: METRON-1364: Add an implementation of Robust PCA o...

Posted by cestella <gi...@git.apache.org>.
Github user cestella closed the pull request at:

    https://github.com/apache/metron/pull/870


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by JonZeolla <gi...@git.apache.org>.
Github user JonZeolla commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Happy to put some effort into running through this/testing if it's ready to go @cestella 


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by ottobackwards <gi...@git.apache.org>.
Github user ottobackwards commented on the issue:

    https://github.com/apache/metron/pull/870
  
    I'll test this when it is ready, but if you have other <cough> reviews </cough> keeping you from this, i can wait ;)



---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by cestella <gi...@git.apache.org>.
Github user cestella commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Thanks @JonZeolla I am planning to try to get around to cleaning this up a bit this week.  I have some concerns about its interactions with the sampling stellar functions.


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by ottobackwards <gi...@git.apache.org>.
Github user ottobackwards commented on the issue:

    https://github.com/apache/metron/pull/870
  
    @cestella 



---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by ottobackwards <gi...@git.apache.org>.
Github user ottobackwards commented on the issue:

    https://github.com/apache/metron/pull/870
  
    as Tribe Called Quest said:  "So what's the scenario"?


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by mmiklavc <gi...@git.apache.org>.
Github user mmiklavc commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Any updates on this PR?


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by ottobackwards <gi...@git.apache.org>.
Github user ottobackwards commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Looking for tests and deconflict


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by ottobackwards <gi...@git.apache.org>.
Github user ottobackwards commented on the issue:

    https://github.com/apache/metron/pull/870
  
    How can we test this?


---

[GitHub] metron issue #870: METRON-1364: Add an implementation of Robust PCA outlier ...

Posted by cestella <gi...@git.apache.org>.
Github user cestella commented on the issue:

    https://github.com/apache/metron/pull/870
  
    Yep, I owe a manual testing plan.  It's going to essentially be the same instructions as we have for [MAD](https://github.com/apache/metron/tree/master/metron-analytics/metron-statistics#median-absolute-deviation).  I'll also be adding a new use-case as a follow-on that tracks outliers in entropy for netflow data.


---