Major incident detection
T.J. Kolenbrander (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Sebastian Proksch – Mentor (TU Delft - Software Engineering)
A. van Van Deursen – Graduation committee member (TU Delft - Software Technology)
D. M J Tax – Coach (TU Delft - Pattern Recognition and Bioinformatics)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Incident management is one of the top priorities for IT companies. Within incident management the so-called major incidents, incidents with a severe impact on the company, require emergency actions to reduce this impact. An earlier detection of these major incidents will lead to a faster resolution time and this can be achieved by using software analytics methods. These methods have been used on incident management before which faces challenges with data quality and imbalance. However, software analytics have not been applied to major incidents in particular, which is what this thesis aims to do. To gain more insight into the possibilities and challenges of automated major incident detection, a case study at ING (a large global bank) was performed. For this case study a machine learning system has been created and assessed by eight
experts through interviews. Following from these interviews, three novel challenges were identified. The first challenge is that the impact should be measured to make a more accurate prediction. The second challenge is combining multiple information sources and the third challenge is the explainability of the decision. Furthermore, two solutions to existing challenges were investigated during the creation of the machine learning system. The first being the suitability of different machine learning models for incident data, as no direct comparison is available in literature. It is shown that Logistic Regression is best suited for this use case while the Support Vector Machine and Neural Network also perform well on incident data. Finally, some findings on the
pre-processing of the incident data are reported. It is shown that assumptions in literature about automatically generated incident data being easier to use, can not always be made and that imbalanced data still remains an unsolved problem as sampling is not suited. The main contribution of this thesis are the insights and challenges in the unexplored topic of major incident detection and general recommendations for handling incident data.