Citrix Systems, Inc.
ROOT CAUSE ANALYSIS IN MULTIVARIATE UNSUPERVISED ANOMALY DETECTION

Abstract:

Described embodiments provide systems and methods for anomaly detection and root cause analysis. A root cause analyzer receives a plurality of data samples input to an anomaly detection engine, and a corresponding plurality of anomaly labels output from the anomaly detection engine. The root cause analyzer trains a classification model using the plurality of data samples and the corresponding plurality of anomaly labels. The root cause analyzer determines, using the trained classification model and the plurality of data samples, relative contributions of anomalous features in a data sample of the plurality of data samples, to a prediction that the data sample is anomalous. The root cause analyzer provides the relative contributions of anomalous features to a device, to determine an action in response to the prediction that the data sample is anomalous.