Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Distributed Detection of Network-Wide Traffic Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan* Anthony Joseph*

Published byGwen Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Distributed Detection of Network-Wide Traffic Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan* Anthony Joseph*"— Presentation transcript:

1 1 Distributed Detection of Network-Wide Traffic Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel Research

2 Detection of Network-wide Anomalies A volume anomaly is a sudden change in an Origin-Destination flow: example Given link traffic measurements, diagnose the volume anomalies PCA approach to separate normal from anomalous traffic  Normal traffic is well approximated as occupying a low dimensional subspace

3 Traffic vector of all links at a particular point in time Normal traffic vector Residual traffic vector The Subspace Method Normal Subspace : space spanned by the first k principal components Anomalous Subspace : space spanned by the remaining principal components Then, decompose traffic on all links by projecting onto and to obtain: Where P is the matrix of top K eigenvectors

4 Detection Illustration Value of over time (all traffic) over time (SPE) Value of SPE at anomaly time points clearly stand out

5 Capture size of vector using squared prediction error: Assuming Gaussian data, we can find bounds which SPE should only exceed 1- % of the time Result due to [Jackson and Mudholkar, 1979] Detection Traffic on Link 1 Traffic on Link 2

6 Distributed Detection   aintain  1  accurate PCA decomposition   2 -accurate detection via distributed triggers

7 The Tracking Framework

8 Background: Matrix Norm

9 Background: Matrix Perturbation Theory Perturbation bound on eigenvalues

10 Background: Matrix Perturbation Theory II

11 For orthogonal projection, we have:

12 The Root Mean Square of Eigen Error

13 Individual Eigen Errors

14 Filtering Error and Δ Recall that monitors have the distributed m x n matrix

15 Filtering Error and Eigen Error Recall that

16 The F-Norm of Perturbation Error I The assumptions: Lemma:

17 The F-Norm of Perturbation Error II Lemma

18 The F-Norm of Perturbation Error III

19 Lemma

20 How Good is The Model? Slack

21 Application to Network Anomaly Detection

Download ppt "1 Distributed Detection of Network-Wide Traffic Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan* Anthony Joseph*"

Similar presentations

Partitional Algorithms to Detect Complex Clusters

Partitional Algorithms to Detect Complex Clusters
EigenFaces and EigenPatches Useful model of variation in a region –Region must be fixed shape (eg rectangle) Developed for face recognition Generalised.

EigenFaces and EigenPatches Useful model of variation in a region –Region must be fixed shape (eg rectangle) Developed for face recognition Generalised.
3D Geometry for Computer Graphics

3D Geometry for Computer Graphics
Chapter 28 – Part II Matrix Operations. Gaussian elimination Gaussian elimination LU factorization LU factorization Gaussian elimination with partial.

Chapter 28 – Part II Matrix Operations. Gaussian elimination Gaussian elimination LU factorization LU factorization Gaussian elimination with partial.
Air Force Technical Applications Center 1 Subspace Based Three- Component Array Processing Gregory Wagner Nuclear Treaty Monitoring Geophysics Division.

Air Force Technical Applications Center 1 Subspace Based Three- Component Array Processing Gregory Wagner Nuclear Treaty Monitoring Geophysics Division.
Principal Component Analysis Based on L1-Norm Maximization Nojun Kwak IEEE Transactions on Pattern Analysis and Machine Intelligence, 2008.

Principal Component Analysis Based on L1-Norm Maximization Nojun Kwak IEEE Transactions on Pattern Analysis and Machine Intelligence, 2008.
Input Space versus Feature Space in Kernel- Based Methods Scholkopf, Mika, Burges, Knirsch, Muller, Ratsch, Smola presented by: Joe Drish Department of.

Input Space versus Feature Space in Kernel- Based Methods Scholkopf, Mika, Burges, Knirsch, Muller, Ratsch, Smola presented by: Joe Drish Department of.
Sensitivity of PCA for Traffic Anomaly Detection Evaluating the robustness of current best practices Haakon Ringberg 1, Augustin Soule 2, Jennifer Rexford.

Sensitivity of PCA for Traffic Anomaly Detection Evaluating the robustness of current best practices Haakon Ringberg 1, Augustin Soule 2, Jennifer Rexford.
1 Communication-Efficient Online Detection of Network-Wide Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan*

1 Communication-Efficient Online Detection of Network-Wide Anomalies Ling Huang* XuanLong Nguyen* Minos Garofalakis § Joe Hellerstein* Michael Jordan*
Object Orie’d Data Analysis, Last Time Finished NCI 60 Data Started detailed look at PCA Reviewed linear algebra Today: More linear algebra Multivariate.

Object Orie’d Data Analysis, Last Time Finished NCI 60 Data Started detailed look at PCA Reviewed linear algebra Today: More linear algebra Multivariate.
1cs542g-term1-2006 High Dimensional Data  So far we’ve considered scalar data values f i (or interpolated/approximated each component of vector values.

1cs542g-term High Dimensional Data  So far we’ve considered scalar data values f i (or interpolated/approximated each component of vector values.
Principal Component Analysis CMPUT 466/551 Nilanjan Ray.

Principal Component Analysis CMPUT 466/551 Nilanjan Ray.
Dimensionality reduction. Outline From distances to points : – MultiDimensional Scaling (MDS) – FastMap Dimensionality Reductions or data projections.

Dimensionality reduction. Outline From distances to points : – MultiDimensional Scaling (MDS) – FastMap Dimensionality Reductions or data projections.
Symmetric Matrices and Quadratic Forms

Symmetric Matrices and Quadratic Forms
1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.

1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.
Computer Graphics Recitation 5.

Computer Graphics Recitation 5.
Computer Graphics Recitation 6. 2 Last week - eigendecomposition A We want to learn how the transformation A works:

Computer Graphics Recitation 6. 2 Last week - eigendecomposition A We want to learn how the transformation A works:
3D Geometry for Computer Graphics

3D Geometry for Computer Graphics
SAC’06 April 23-27, 2006, Dijon, France On the Use of Spectral Filtering for Privacy Preserving Data Mining Songtao Guo UNC Charlotte Xintao Wu UNC Charlotte.

SAC’06 April 23-27, 2006, Dijon, France On the Use of Spectral Filtering for Privacy Preserving Data Mining Songtao Guo UNC Charlotte Xintao Wu UNC Charlotte.
Prénom Nom Document Analysis: Data Analysis and Clustering Prof. Rolf Ingold, University of Fribourg Master course, spring semester 2008.

Prénom Nom Document Analysis: Data Analysis and Clustering Prof. Rolf Ingold, University of Fribourg Master course, spring semester 2008.

Similar presentations

Ads by Google