Artificial intelligence and supervision of information systems
- Zoom
- 11 March 2021
Recent events provide ample evidence of the public’s demand for reliability, security and availability of information systems.
Whether for essential services such as remote payment or managing one’s electricity contract, or for nice-to-haves such as social networks or online gaming platforms, users demand strict protection of their privacy, but also high availability of the information system and robust protection against malicious attacks.
In other words: user loyalty to a service provider is strongly conditioned by the quality of its information system.
Recent events provide ample evidence of the public’s demand for reliability, security and availability of information systems.
A lot of work is being done in this field, with various perspectives (availability, fraud detection, cyber security, personal data protection, …) and using various techniques, including artificial intelligence.
This field of computer science, Machine Learning, allows computers to “learn” by observing the real world, without human intervention to define an explicit method for solving the problem at hand. Artificial intelligence currently abounds in new applications, from natural language to face recognition, but also, in particular, in the supervision of complex and widely distributed information systems.
Let’s note that it is frequent that an information system of a large bank, or a large national companycomprises several tens of thousands of equipments or servers, which are supervised in real time, and whose availability must be guaranteed without interruption, 24 hours a day and 7 days a week.
Given these requirements, one of the areas of investigation is to try to predict incidents. Indeed, if we have a reliable prediction, we can consider palliative solutions, before the incident occurs, which allow us to bypass the problem.
It is therefore a question of implementing a machine learning system adapted to the prediction of alerts in information systems, which proceeds in two stages: in the first stage, the system observes the network and “learns” to distinguish normal situations from abnormal situations.
In particular, we try to identify “profiles” that announce alerts, a kind of signature of a good or bad functioning through the present observations.
In a second step, when such a learning is acquired by the machine , the model obtained is applied in real time to predict alerts during the operation of the information system.
The problem of alert prediction is difficult, and its solutions do not seem to be universal: they seem to depend strongly on the information system considered. However, in some situations, we manage to obtain remarkable results. In particular, in the context of work that I have recently conducted, we have obtained for nine servers, predictions of alerts of a very encouraging reliability. These results are illustrated in the following video.
This video is an accelerated screen recording, while our alert prediction software is running: one hour in real time corresponds to one second in video.
The alert prediction software has performed an initial learning phase (training) based on network monitoring information, on 18 months of data, running until May 31, 2019, for nine servers.
For obvious reasons of convenience, this learning was not done in real time, but based on historical information recorded at the supervisory room level. Then, using data from June 1 to June 23, 2019, the software attempted to predict alerts, calculating hour by hour the probability of an incident occurring within an hour.
Each of the nine servers has a box associated with it. The probability of an incident on the server, which is calculated hour by hour, is displayed in the associated box using a color code: red for an almost certain alert (probability close to 1), blue when the probability of an alert is very low. Moreover, for each server, an “X” is displayed in the corresponding box if an alert was really observed during the considered hour.
Thus, a good functioning of our predictive system is illustrated by the presence of an “X” only when the color code of the considered cell turns to red. The video shows the reliability of the predictions obtained.
Ces travaux, qui nécessitent encore d’être étendus et généraliséThis work, which still needs to be extended and generalized, is very encouraging for the prediction of alerts in complex information systems. Research is underway, in partnership with the company HN-Services, which has entrusted me with the responsibility, with the support of the ANRT (Agence Nationale Recherche et Technologie).
JACOB Ouanounou
Director HN-Lab, Data Science