Distributed Detection and Localization of Network Anomalies using Rank Tests

author: Alexandre Lung-Yut-Fong, CNRS - LTCI UMR 5141 Telecom ParisTech
published: Jan. 19, 2010,   recorded: December 2009,   views: 3436

Related Open Educational Resources

Related content

Report a problem or upload files

If you have found a problem with this lecture or would like to send us extra material, articles, exercises, etc., please use our ticket system to describe your request and upload the data.
Enter your e-mail into the 'Cc' field, and we will keep you updated with your request's status.
Lecture popularity: You need to login to cast your vote.


We propose an efficient and decentralized method for detecting change-points in high-dimensional data. This issue is of growing concern to the network security community since, in this context, network anomalies such as denial of service (DoS) attacks are likely to lead to statistical changes in Internet traffic. Our method proposes a way of distributing a centralized approach called TopRank, which consists of a data reduction stage based on record filtering, followed by a nonparametric change-point detection test based on U-statistics. The key point is to aggregate censored time series built locally and to perform a nonparametric test for doubly censored time series resulting from this aggregation. With this new approach, called distributed TopRank in the following, we can address massive data streams and perform network anomaly detection and localization on the fly while limiting the quantity of data exchanged within the network.

Link this page

Would you like to put a link to this lecture on your homepage?
Go ahead! Copy the HTML snippet !

Write your own review or comment:

make sure you have javascript enabled or clear this field: