Performance of Certain Decentralized Distributed Change Detection Procedures

We compare several decentralized change-point detection procedures for multisensor distributed systems when the information available for decision-making is distributed across a set of sensors. Asymptotically optimal procedures for two scenarios are presented. In the first scenario, the sensors send quantized versions of their observations to a fusion center where change detection is performed based on all the sensor messages. If in particular, the quantizers are binary, then the proposed binary CUSUM detection test is optimal in the class of tests with binary quantized data. In the second scenario, the sensors perform local change detection using the CUSUM procedures and send their final decisions to the fusion center for combining. The decision in favor of the change occurrence is made whenever CUSUM statistics at all sensors exceed thresholds. The latter decentralized procedure has the same first order asymptotic (as the false alarm rate is low) minimax operating characteristics as the globally optimal centralized detection procedure that has access to all the sensor observations. However, the presented Monte Carlo experiments for the Poisson example show that despite the fact that the procedure with local decisions is globally asymptotically optimal for a low false alarm rate, it performs worse than the procedure with binary quantization unless the false alarm rate is extremely low. In addition, two voting-type local decision based detection procedures are proposed and evaluated. Applications to network security (rapid detection of computer intrusions) are discussed

[1]  Alexander Novikov,et al.  Statistics and control of random processes , 1995 .

[2]  G. Moustakides Optimal stopping times for detecting changes in distributions , 1986 .

[3]  V.V. Veeravalli,et al.  Quickest change detection in distributed sensor systems , 2003, Sixth International Conference of Information Fusion, 2003. Proceedings of the.

[4]  Rudolf B. Blazek,et al.  Detection of intrusions in information systems by sequential change-point methods , 2005 .

[5]  M. Pollak Optimal Detection of a Change in Distribution , 1985 .

[6]  A. Tartakovsky,et al.  A Nonparametric Multichart CUSUM Test for Rapid Intrusion Detection , 2007 .

[7]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Venugopal V. Veeravalli,et al.  An efficient sequential procedure for detecting changes in multichannel and distributed systems , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[10]  T. Lai Sequential changepoint detection in quality control and dynamical systems , 1995 .

[11]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[12]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[13]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[14]  Venugopal V. Veeravalli,et al.  Multihypothesis sequential probability ratio tests - Part II: Accurate asymptotic expansions for the expected sample size , 2000, IEEE Trans. Inf. Theory.

[15]  S. Kent,et al.  On the trail of intrusions into information systems , 2000 .

[16]  V. Veeravalli,et al.  General Asymptotic Bayesian Theory of Quickest Change Detection , 2005 .

[17]  Yongguo Mei,et al.  Information bounds and quickest change detection in decentralized decision systems , 2005, IEEE Transactions on Information Theory.

[18]  Michèle Basseville,et al.  Detection of Abrupt Changes: Theory and Applications. , 1995 .

[19]  A. Tartakovsky Asymptotic Performance of a Multichart CUSUM Test Under False Alarm Probability Constraint , 2005, Proceedings of the 44th IEEE Conference on Decision and Control.

[20]  D. Siegmund Sequential Analysis: Tests and Confidence Intervals , 1985 .

[21]  G. Lorden PROCEDURES FOR REACTING TO A CHANGE IN DISTRIBUTION , 1971 .

[22]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.