Revisit Dynamic ARIMA Based Anomaly Detection

On the assumption that a model is correctly learned and built, the typical usage of ARIMA in anomaly detection compares data points with those predicated through the model to determine whether anomalies occur. Yet the time variability by the coefficients in those dynamic regression models is possibly indicative of whether anomalies are in the data set on which the ARIMA model builds. Thus we introduce a corresponding framework and a novel anomaly detection method that combines the Kalman filter for identifying the parameters of those dynamic models with a General Likelihood Ratio (GLR) test that is based on the former for detecting suspicious changes in the parameters and therefore the models. We illustrate the idea through experiments and show its promising potential in terms of accuracy and robustness.

[1]  David R. Cox,et al.  Time Series Analysis , 2012 .

[2]  Bonnie Zhu,et al.  Robust discovering and tracking in challenging environments , 2011, 2011 IEEE International Symposium on Safety, Security, and Rescue Robotics.

[3]  Albert G. Greenberg,et al.  Network anomography , 2005, IMC '05.

[4]  Andrew Harvey,et al.  Forecasting, Structural Time Series Models and the Kalman Filter. , 1991 .

[5]  R. Tsay Outliers, Level Shifts, and Variance Changes in Time Series , 1988 .

[6]  Richard A. Davis,et al.  Introduction to time series and forecasting , 1998 .

[7]  Jonathan D. Cryer,et al.  Time Series Analysis , 1986, Encyclopedia of Big Data.

[8]  A. Willsky,et al.  A generalized likelihood ratio approach to the detection and estimation of jumps in linear systems , 1976 .

[9]  Andrew Harvey,et al.  Estimating Missing Observations in Economic Time Series , 1984 .

[10]  J. Nyblom Testing for the Constancy of Parameters over Time , 1989 .

[11]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[12]  Su Fong Chien,et al.  ARIMA Based Network Anomaly Detection , 2010, 2010 Second International Conference on Communication Software and Networks.

[13]  Francis X. Diebold,et al.  Elements of Forecasting , 1997 .

[14]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[15]  Michèle Basseville,et al.  Detection of abrupt changes , 1993 .

[16]  G. Cobb The problem of the Nile: Conditional solution to a changepoint problem , 1978 .

[17]  Mario Reyes de los Mozos,et al.  Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis , 2010, CISIS.

[18]  Jeremy Penzer,et al.  Diagnosing Shocks in Time Series , 1998 .

[19]  Rittwik Jana,et al.  Change detection in teletraffic models , 2000, IEEE Trans. Signal Process..