Data Management

In-Network PCA and Anomaly Detection

Download Now Date Added: Jan 2012
Format: PDF

The authors consider the problem of network anomaly detection in large distributed systems. In this setting, Principal Component Analysis (PCA) has been proposed as a method for discovering anomalies by continuously tracking the projection of the data onto a residual subspace. This method was shown to work well empirically in highly aggregated networks, that is, those with a limited number of large nodes and at coarse time scales. This approach, however, has scalability limitations. To overcome these limitations, they develop a PCA-based anomaly detector in which adaptive local data filters send to a coordinator just enough data to enable accurate global detection.