Distributed PCA-Based Anomaly Detection in Telephone Networks Through Legitimate-User Profiling
In this paper, the authors present a distributed mechanism based on Principal Component Analysis (PCA) to profile the behavior of the legitimate users in telephone networks. The idea is to take advantage of probes distributed over the network to obtain a compact snapshot of the users they serve. A collector node effectively combines such information to gather the description of the legitimate-user behavior. Eventually, it distributes the profile to the probes, which perform anomaly detection. Experimental results on several weeks of phone data collected by a telecom operator show that their profiling mechanism is stable over time and allows an operator to decentralize the anomaly detection stage directly to its probes.