Galley Proof
7/02/2007; 14:38
File: ifs363.tex; BOKCTP/ljl p. 1
1
Journal of Intelligent & Fuzzy Systems 18 (2007) 1–8 IOS Press
Anomaly detection in mobile communication networks using the self-organizing map Rewbenio A. Frota∗ , Guilherme A. Barreto and Jo˜ao C.M. Mota Department of Teleinformatics Engineering, Federal University of Cear a´ (UFC), CP 6005, CEP 60455-760, Fortaleza, Ceara´ , Brazil
Abstract. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. In this paper we propose a general procedure for the computation of decision thresholds for anomaly detection in mobile communication networks. The proposed method is based on Kohonen’s Self-Organizing Map (SOM) and the computation of nonparametric (i.e. percentile-based) confidence intervals. Through simulations we compare the performance of the proposed and standard SOM-based anomaly detection methods with respect to the false positive rates produced.
1. Introduction The multi-service character of today’s mobile radio technology brings totally new requirements into network optimization process and radio resource management algorithms, differing significantly from traditional speech-dominated technologies [13]. One of these new aspects is related to the quality of service (QoS) requirements. Because of them, operation and maintenance of such cellular networks is becoming more and more challenging, since mobile cells interact and interfere more, have hundreds of adjustable parameters and monitor and record several hundreds of different variables in each cell, thus producing a huge amount of data. Considering scenarios with thousands of cells, it is clear that for optimum handling of the radio access network (RAN), effective data mining methods for performance analysis based on Key Performance Indicator (KPI) are required. KPIs are a set of essential measurements which summarize the behavior of the cellular network of interest, and can be used for system acceptance, benchmarking and system specification. A good choice of KPIs to monitor and analyze collected data are crucial to understand the reasons for the var∗ Corresponding
author. E-mail: rewbenio@deti.ufc.br.
ious operational states of the cellular network, noticing abnormal behaviors, analyzing them and providing possible solutions. Data mining is an expanding area of research in artificial intelligence and information management whose objective is to extract relevant information from large databases [4]. Typical data mining and analysis tasks include classification, regression, and clustering of data, aiming at determining parameter/data dependencies and finding various anomalies from the data. In this paper, we are interested in the clustering capabilities of the Self-Organizing Map (SOM) [8] applied to the detection of anomalous states of a CDMA2000 cellular systems. The SOM is an important unsupervised competitive learning algorithm, being able to extract statistical regularities from the input data vectors and encode them in the weights without supervision [14]. Such a learning machine will then be used to build a compact internal representation of the cellular network, in the sense that the data vectors representing its behavior are projected onto a reduced number of prototype vectors (each representing a given cluster of data), which can be further analyzed in search of hidden data structures. In addition to data clustering, the SOM is also widely used for visualization of cluster structures [2]. This visualization ability is particularly suitable to network optimization purposes, as discussed in a number of re-
1064-1246/07/$17.00 2007 – IOS Press and the authors. All rights reserved