In-network PCA and anomaly detectionIn-network PCA and anomaly detection
Πλήρης Δημοσίευση σε Συνέδριο
Conference Full Paper
2015-12-012006enWe consider the problem of network anomaly detection in large distributed systems. In this
setting, Principal Component Analysis (PCA) has been proposed as a method for discovering
anomalies by continuously tracking the projection of the data onto a residual subspace.
This method was shown to work well empirically in highly aggregated networks, that is,
those with a limited number of large nodes and at coarse time scales. This approach, however,
has scalability limitations. To overcome these limitations, we develop a PCA-based
anomaly detector in which adaptive local data filters send to a coordinator just enough data
to enable accurate global detection. Our method is based on a stochastic matrix perturbation
analysis that characterizes the tradeoff between the accuracy of anomaly detection and
the amount of data communicated over the network.http://creativecommons.org/licenses/by/4.0/20th Annual Conference on Neural Information Processing Systems
Huang Ling
Nguyen XuanLong
Garofalakis Minos
Γαροφαλακης Μινως
Jordan Michael I.
Joseph Anthony
Taft Nina
Databases
Management