ML Anthology

In-Network PCA and Anomaly Detection

Ling Huang, Xuanlong Nguyen, Minos Garofalakis, Michael I. Jordan, Anthony Joseph, Nina Taft
NeurIPS 2006 pp. 617-624
/neurips/2006/huang2006neurips-innetwork/

Abstract

We consider the problem of network anomaly detection in large distributed systems. In this setting, Principal Component Analysis (PCA) has been proposed as a method for discover- ing anomalies by continuously tracking the projection of the data onto a residual subspace. This method was shown to work well empirically in highly aggregated networks, that is, those with a limited number of large nodes and at coarse time scales. This approach, how- ever, has scalability limitations. To overcome these limitations, we develop a PCA-based anomaly detector in which adaptive local data (cid:2)lters send to a coordinator just enough data to enable accurate global detection. Our method is based on a stochastic matrix perturba- tion analysis that characterizes the tradeoff between the accuracy of anomaly detection and the amount of data communicated over the network.

PDF NeurIPS Semantic Scholar

Cite

Text

Huang et al. "In-Network PCA and Anomaly Detection." Neural Information Processing Systems, 2006.

Markdown

[Huang et al. "In-Network PCA and Anomaly Detection." Neural Information Processing Systems, 2006.](https://mlanthology.org/neurips/2006/huang2006neurips-innetwork/)

BibTeX

@inproceedings{huang2006neurips-innetwork,
  title     = {{In-Network PCA and Anomaly Detection}},
  author    = {Huang, Ling and Nguyen, Xuanlong and Garofalakis, Minos and Jordan, Michael I. and Joseph, Anthony and Taft, Nina},
  booktitle = {Neural Information Processing Systems},
  year      = {2006},
  pages     = {617-624},
  url       = {https://mlanthology.org/neurips/2006/huang2006neurips-innetwork/}
}