Data Management

In-Network PCA and Anomaly Detection

Download Now Free registration required

Executive Summary

The authors consider the problem of network anomaly detection in large distributed systems. In this setting, Principal Component Analysis (PCA) has been proposed as a method for discovering anomalies by continuously tracking the projection of the data onto a residual subspace. This method was shown to work well empirically in highly aggregated networks, that is, those with a limited number of large nodes and at coarse time scales. This approach, however, has scalability limitations. To overcome these limitations, they develop a PCA-based anomaly detector in which adaptive local data filters send to a coordinator just enough data to enable accurate global detection.

  • Format: PDF
  • Size: 247.4 KB