Distributed Detection and Localization of Network Anomalies using Rank Tests
published: Jan. 19, 2010, recorded: December 2009, views: 3436
Report a problem or upload filesIf you have found a problem with this lecture or would like to send us extra material, articles, exercises, etc., please use our ticket system to describe your request and upload the data.
Enter your e-mail into the 'Cc' field, and we will keep you updated with your request's status.
We propose an efficient and decentralized method for detecting change-points in high-dimensional data. This issue is of growing concern to the network security community since, in this context, network anomalies such as denial of service (DoS) attacks are likely to lead to statistical changes in Internet traffic. Our method proposes a way of distributing a centralized approach called TopRank, which consists of a data reduction stage based on record filtering, followed by a nonparametric change-point detection test based on U-statistics. The key point is to aggregate censored time series built locally and to perform a nonparametric test for doubly censored time series resulting from this aggregation. With this new approach, called distributed TopRank in the following, we can address massive data streams and perform network anomaly detection and localization on the fly while limiting the quantity of data exchanged within the network.
Link this pageWould you like to put a link to this lecture on your homepage?
Go ahead! Copy the HTML snippet !