Automated Detection of High-Impact Faults in Azure Core Workload Insights

A system named MARIO has been developed to automatically detect high-significant faults or anomalies in Azure Core workload insights data using a combination of time-series forecasting models and Extreme Value Theory.

The paper presents a system called MARIO that addresses the challenge of efficiently processing and analyzing Azure Core workload insights data to detect high-significant faults or anomalies. The key highlights are: Azure Core workload insights data contains time-series data with various metrics, resources, and dimensions. Faults or anomalies need to be detected for each metric-resource-dimension combination. The goal is to identify a limited set of highly significant anomalies (5-20 per hour) that are easily perceivable by users, have high reconstruction error in time-series forecasting models, and can help in proactive issue detection and root cause analysis. The proposed solution has two stages: Stage 1: Use an enhanced version of Microsoft's Anomaly Detection as a Service (ADaaS) to yield fewer anomalies (less than 150 per hour) without reducing true positives. Stage 2: Employ Extreme Value Theory (EVT) on top of the enhanced ADaaS to further filter out low-significance anomalies and identify only the high-significant ones (around 5-20 per hour). The system is deployed as part of the MARIO service and has been tested on Azure Core workload insights data as well as benchmark datasets like Electricity and Volatility. It outperforms state-of-the-art methods like Temporal Fusion Transformers (TFT) and DeepAR in identifying high-significant anomalies. The solution is designed to provide high transparency through confidence scores, enable proactive issue detection, and reduce cognitive load on users by surfacing only the most critical anomalies.

The Azure Core workload insights data contains 152 unique resource types, 62 unique metrics, and 33,647 unique dimension values, resulting in 139,483,854 records. The Electricity dataset has 26 anomalies out of 9,000 data points (0.29%), and the Volatility dataset has 21 anomalies out of 510 data points (4.12%).

"The number of anomalies reported should be highly significant and in a limited number, e.g., 5-20 anomalies reported per hour." "The reported anomalies will have significant user perception and high reconstruction error in any time-series forecasting model."