An efficient sequential procedure for detecting changes in multichannel and distributed systems

In the conventional formulation of the change-point detection problem, there is a sequence of observations whose distribution changes at some unknown point in time, and the goal is to detect this change as quickly as possible, subject to false alarm constraints. It is known that in the case where the observations are i.i.d. and the change point is modeled as deterministic but unknown, the cumulative sum (CUSUM) detection procedure of Page (1954) and the randomized Shiryaev-Roberts detection procedure proposed by Pollak (1985) minimize the expected detection lag, subject to a constraint on the false alarm rate. In this paper, we are interested in the two generalizations of this problem. The first is the generalization regarding multichannel systems. Here all the channels are either statistically identical or the change occurs in one of them at unknown point in time. It is necessary to detect the change in distribution as soon as possible after it occurs, while controlling the rate of false alarms at a given level. The second generalization corresponds to the multi-sensor situation where the information available for decision-making is distributed across a set of sensors. The sensors send quantized versions of their observations to a fusion center where the change detection is performed based on all the sensor messages. We propose multi-channel and distributed versions of the CUSUM procedure and prove that they are asymptotically optimal as the average frequency of false alarms goes to zero. The general results are applied to the two important application areas-target detection in surveillance systems and attack/intrusion detection in distributed computer networks. Experimental results show that the proposed detection methods are highly efficient.

[1]  M. Pollak Optimal Detection of a Change in Distribution , 1985 .

[2]  Venugopal V. Veeravalli,et al.  Multihypothesis sequential probability ratio tests - Part I: Asymptotic optimality , 1999, IEEE Trans. Inf. Theory.

[3]  Tze Leung Lai,et al.  On $r$-Quick Convergence and a Conjecture of Strassen , 1976 .

[4]  M. Woodroofe Nonlinear Renewal Theory in Sequential Analysis , 1987 .

[5]  John N. Tsitsiklis,et al.  Extremal properties of likelihood-ratio quantizers , 1993, IEEE Trans. Commun..

[6]  G. Lorden PROCEDURES FOR REACTING TO A CHANGE IN DISTRIBUTION , 1971 .

[7]  Venugopal V. Veeravalli Decentralized quickest change detection , 2001, IEEE Trans. Inf. Theory.

[8]  M. Pollak Average Run Lengths of an Optimal Method of Detecting a Change in Distribution. , 1987 .

[9]  Alexander G. Tartakovsky,et al.  A novel approach to detection of \denial{of{service" attacks via adaptive sequential and batch{sequential change{point detection methods , 2001 .

[10]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[11]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[12]  A. Shiryaev On Optimum Methods in Quickest Detection Problems , 1963 .

[13]  S. Kent,et al.  On the trail of intrusions into information systems , 2000 .

[14]  Alʹbert Nikolaevich Shiri︠a︡ev,et al.  Optimal stopping rules , 1977 .

[15]  Michèle Basseville,et al.  Detection of Abrupt Changes: Theory and Applications. , 1995 .