### Use Antagonist to train a symptom detection model 

#### Reproducibility

Set seeds to ensure reproducible results.

In [None]:
# Torch
import torch
torch.manual_seed(0)
torch.use_deterministic_algorithms(True)

# Python
import random
random.seed(0)

# Numpy
import numpy as np
np.random.seed(0)

#### Dataset preparation

Note: the dataset needs to be downloaded using the script `download_SMD_dataset.sh` in the `scripts/antagonist-ml` folder.

In [None]:
import datetime
import pandas as pd
from utils import SMDInfluxDB

In [None]:
# Import the antagonist_ml methods
import sys 
sys.path.append("..")
from antagonist_ml.service import get_network_symptoms_labels, store_network_anomalies_labels, store_network_symptom_labels

In [None]:
group = "Group-1"
machine_id = 'machine-1-1'

In [None]:
# Import data in the last year to be sure to read all the dataset
end = datetime.datetime.now()
start = end - datetime.timedelta(days=365)

In [None]:
db = SMDInfluxDB()
dataframes, machines = db.read_dataset(
    start_date=start,
    end_date=end,
    machine_name=machine_id,
)

In [None]:
df = dataframes[0]
df = df[df.columns[1:].tolist()+['timestamp']]

In [None]:
ground_truth = get_network_symptoms_labels(
    "localhost:5001",
    source_type="human",
    start_timestamp=start.timestamp(),
    end_timestamp=end.timestamp(),
    tags={"machine": machine_id},
)

In [None]:
y_label = np.zeros(df.shape[0])

for symptom in ground_truth:
    y_label[(df["timestamp"] >= pd.Timestamp(symptom['start-time'], unit="s", tz="UTC"))&(df["timestamp"] <= pd.Timestamp(symptom['end-time'], unit="s", tz="UTC"))] = 1

df_labels = pd.DataFrame(y_label, columns=["label"])

#### ML Model Loading

In [None]:
import os
import datetime
import pandas as pd
from ml_ad import AENetworkAnomaly

In [None]:
# Filter up to current day to simulate the predition on the next one
current_day = df['timestamp'].min() + datetime.timedelta(days=12)
next_day = current_day + datetime.timedelta(days=1)

In [None]:
# Create models folder
data_folder = r"..\..\..\data"
models_folder = os.path.join(data_folder,'models')
os.makedirs(models_folder,exist_ok=True)

In [None]:
model_name = f'ae_model_{(current_day).strftime("%Y%m%d")}'
model_folder = os.path.join(models_folder, model_name)

In [None]:
if os.path.exists(model_folder):
    # Load the model if it exist
    ml_model = AENetworkAnomaly.load(model_folder)
else:
    # Create new model 
    ml_model = AENetworkAnomaly(n_inputs=df.shape[1]-1)

    # Get data up to current day (training set)
    df_today = df.loc[df["timestamp"] < current_day.ctime()]

    # Train the model
    X_train = df_today.drop('timestamp',axis=1).values
    ml_model.fit(X_train)

    # Cache the trained model
    ml_model.store(model_folder)

#### Use model for detection

Predict anomalies on the current day data.

In [None]:
df_pred = df.loc[
    (df["timestamp"] >= current_day.ctime())
    & (df["timestamp"] < next_day.ctime())
]

X_pred = df_pred.drop('timestamp',axis=1).values
y_pred = ml_model.predict(X_pred, aggregate=False)
model_predictions = ml_model.parse_predictions(df_pred, y_pred)

### Convert to objects

In the following code overlapping symptoms are aggregated into incidents. The code iterates over the sorted list of symptoms and groups them into incidents based on their overlapping time ranges.

In [None]:
# aggregate overlapping symptoms coming from different metrics
day_symptoms = [
    (metric_id, symptom[0], symptom[1]) for metric_id, symptoms_list in model_predictions.items() for symptom in symptoms_list 
]

# sort by starting timestamp
day_symptoms.sort(key=lambda x: x[1])

if len(day_symptoms) > 0:
    # create a list of incident in the form [(start_timestamp, end_timestamp, [symptom1, symptom2]),...]
    start = day_symptoms[0][1] 
    end = day_symptoms[0][2]
    network_incidents = [[start, end, [day_symptoms[0]]]]
    for symptom in day_symptoms[1:]:
        # if overlapping add to the current incident, new incident otherwise
        if symptom[1] <= end:
            network_incidents[-1][2].append(symptom)
            end = max(end, symptom[2])
            network_incidents[-1][1] = end
        else:
            start = symptom[1]
            end = symptom[2]
            network_incidents.append([start, end, [symptom]])

#### Store into antagonist

In [None]:
for network_incident in network_incidents:

    # Create network incident label
    ni_uuid = store_network_anomalies_labels(
        antagonist_host='localhost:5001',
        author_name=model_name,
        author_type="algorithm",
        author_version=1,
        description=f'Detected Network Anomaly on {machine_id} - {datetime.datetime.fromtimestamp(network_incident[0]).strftime("%Y-%m-%d at %H")}',
        state="incident-potential",
        version=1,
    )

    # Create network symptoms labels and link with the network incident
    for symptom in network_incident[2]:
        store_network_symptom_labels(    
            antagonist_host='localhost:5001',
            author_name=model_name,
            author_type="algorithm",
            author_version=1,
            confidence=1.0,
            concern_score=0.9,
            description=f"Detected Symptom on {db.get_metric_names()[symptom[0]]} of {machine_id}",
            start=symptom[1],
            end=symptom[2],
            version=1,
            tags={"machine": machine_id, "metric": db.get_metric_names()[symptom[0]], "group": group},
            network_anomaly_uuid=ni_uuid,
        )

In [None]:
for network_incident in network_incidents:
    for symptom in network_incident[2]:
        print(f"Detected Symptom on {db.get_metric_names()[symptom[0]]} of {machine_id}")
        print(datetime.datetime.fromtimestamp(symptom[1]))
        print(datetime.datetime.fromtimestamp(symptom[2]))