Examining the Essentials: What is Anomaly Detection?
In the first post of our three-part series on “Why anomaly detection is a business essential,” we’re going to take a look at what constitutes an anomaly, what anomaly detection is, and how it could have a huge impact on your business’s success.
What is an anomaly?
With all the analytics programs and various management software available, it’s now easier than ever for companies to effectively measure every single aspect of business activity. This includes the operational performance of applications and infrastructure components as well as key performance indicators (KPIs) that evaluate the success of the organization. With millions of metrics that can be measured, companies tend to end up with quite an impressive dataset to explore the performance of their business.
Within this dataset are data patterns that represent, basically, business as usual. An unexpected change within these data patterns, or an event that does not conform to the expected data pattern, is considered an anomaly. In other words, an anomaly is a deviation from business as usual.
But then what do we mean by “business as usual” when it comes to business metrics? Surely we don’t mean “unchanging” or “constant;” there’s nothing unusual about an ecommerce website collecting a large amount of revenue in a single day – certainly if that day is Cyber Monday. That’s not unusual because a high volume of sales on Cyber Monday is a well-established peak in the natural business cycle of any business with a web storefront.
Indeed, it would be an anomaly if such a company didn’t have high sales volume on Cyber Monday, especially if Cyber Monday sales volumes for previous years were very high. The absence of change can be an anomaly if it breaks a pattern that is normal for the data from that particular metric. Anomalies aren’t categorically good or bad, they’re just deviations from the expected value for a metric at a given point in time.
Why do companies need anomaly detection?
Outliers in the data are caused by business incidents in the real world: a new successful marketing campaign which increases leads, a promotional discount that drives up sales, the launch of a much improved module that reduces load time of key pages, lifting conversion rates, or a software update which breaks the localization code for an ecommerce website, tanking online sales in Asia.
Business incidents are the real-world causes, the anomalies in KPIs are the effects.
In the case of a new marketing campaign, the quantifiable increase in leads above the norm is the anomaly which tells you that campaign was successful. When the anomaly is a good thing, as it is in this case, we want to accurately attribute it to the right business incident so that we can repeat that success and increase the effect. Maybe the marketing team behind that campaign needs a bigger budget next fiscal year, along with a bigger headcount?
You can’t correctly attribute a specific anomaly to the underlying business incident if you don’t know about anomalies to begin with. And that’s one of the main reasons companies need anomaly detection: to get accurate feedback on the effectiveness of business initiatives so that money and manpower can be utilized much more efficiently and to greater impact for a company’s bottom line.
Furthermore, would you rather find out instantly from your own data metrics that something is amiss with your online sales or from angry (and now lost) customers on social media? Anomaly detection can point to positive business incidents as well as to potential disasters. The sooner you discover the drop-off in online sales in Asia, the sooner you can get things back on track.
How are anomalies detected?
As we’ve explained above, anomalies are deviations from expected values for the time series of that particular metric. Those expectations are derived from a model built and continuously updated by the same data we’re checking for outliers. The reasoning here may seem circular: we’re comparing a sequence of values against a known standard (in this case, a model) which itself was created from and is being updated by those same values.
Let’s use a simple example to demonstrate. Imagine you’ve recently moved into a new neighborhood where you don’t know any of your new neighbors. Now, also imagine one of these neighbors leaves his house for his morning jog every morning at seven—rain, wind or shine. Months later, one morning, you don’t see him leave. Nor do you ever see him return home, confirming your suspicion that he never left.
Your months of observing your neighbor jogging every morning is a pretty weird thing to do, but technically speaking, it has created and then reinforced a mental model (every morning at seven she starts jogging), which in turn created an expectation (every morning I will see her start her jog at or near seven) which isn’t met in one particular instance (I expected to see her start her jog at seven this morning, but didn’t).
Our human brains naturally focus on and flag anomalies, the rare exceptions to the rule. An anomaly detection system is a piece of software written to do the same thing, but with data.
Continuing with our neighbor analogy, after seeing this anomaly you might speculate as to the cause: maybe she’s too sick for exercise right now, maybe she’s out of town. And it will probably stop there because, aside from neighborly curiosity, it’s really none of your business.
When it comes to your organization’s KPIs, however, anomalies literally are your business.
In our second post, we’ll discuss why it’s critical for your business to detect anomalies in real time.