Online Internet Anomaly Detection With High Accuracy: A Fast Tensor Factorization Solution

Traffic anomaly detection is critical for advanced Internet management. Existing detection algorithms usually work off-line and cannot timely detect anomalies. They also suffer from high cost for storage and computation. Although online and accurate traffic anomaly detection is very important, it very difficult to achieve. We propose to utilize tensor model to well exploit the multi-dimensional information hidden in the traffic data for more accurate online Internet anomaly detection. We decouple the tensor recovery problem to iteratively solve two sub problems, a tensor factorization sub-problem and an anomaly detection sub-problem. To reduce the high cost for computation and storage involved in tensor factorization, we propose two lightweight techniques to effectively derive factor matrices of tensor in the current window and iteration, taking advantage of tensor decomposition results of the previous window and iteration. We have done extensive experiments using two real traffic traces to compare with three tensor based algorithms and three matrix based algorithms. The experiment results demonstrate that our online anomaly detection algorithm can achieve the same anomaly detection accuracy as that of the best offline tensor based algorithm, but at 6100 times faster speed and with very low storage cost.

[1]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[2]  Xi Chen,et al.  Direct Robust Matrix Factorizatoin for Anomaly Detection , 2011, 2011 IEEE 11th International Conference on Data Mining.

[3]  C. S. Hood,et al.  Proactive network-fault detection [telecommunications] , 1997 .

[4]  Pachunoori Naresh,et al.  Anomaly Detection via Online Over-Sampling Principal Component Analysis , 2014 .

[5]  Xinbo Gao,et al.  Robust tensor subspace learning for anomaly detection , 2011, Int. J. Mach. Learn. Cybern..

[6]  Robert M. Haralick,et al.  Feature normalization and likelihood-based similarity measures for image retrieval , 2001, Pattern Recognit. Lett..

[7]  Ling Huang,et al.  Compromising PCA-based Anomaly Detectors for Network-Wide Traffic , 2008 .

[8]  Lei Zou,et al.  HeavyGuardian: Separate and Guard Hot Items in Data Streams , 2018, KDD.

[9]  Tong Yang,et al.  Empowering Sketches with Machine Learning for Network Measurements , 2018, NetAI@SIGCOMM.

[10]  Zhi-Quan Luo,et al.  Bilinear Factor Matrix Norm Minimization for Robust PCA: Algorithms and Applications , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[11]  Tamara G. Kolda,et al.  Tensor Decompositions and Applications , 2009, SIAM Rev..

[12]  Xin Wang,et al.  Graph based Tensor Recovery for Accurate Internet Anomaly Detection , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[13]  Gaogang Xie,et al.  Accurate recovery of Internet traffic data: A tensor completion approach , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[14]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[15]  Jiannong Cao,et al.  On-Line Anomaly Detection With High Accuracy , 2018, IEEE/ACM Transactions on Networking.

[16]  Prateek Jain,et al.  Tensor vs. Matrix Methods: Robust Tensor Decomposition under Block Sparse Perturbations , 2015, AISTATS.

[17]  Yuh-Jye Lee,et al.  Anomaly Detection via Online Oversampling Principal Component Analysis , 2013, IEEE Transactions on Knowledge and Data Engineering.

[18]  Jiannong Cao,et al.  Accurate Recovery of Internet Traffic Data: A Sequential Tensor Completion Approach , 2018, IEEE/ACM Transactions on Networking.

[19]  Peng Liu,et al.  Elastic sketch: adaptive and fast network-wide measurements , 2018, SIGCOMM.

[20]  Kymie M. C. Tan,et al.  Benchmarking anomaly-based detection systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[21]  Guangdong Feng,et al.  Traffic volume data outlier recovery via tensor model , 2013 .

[22]  Yi Ma,et al.  Robust principal component analysis? , 2009, JACM.

[23]  Lei Gao,et al.  PCA-subspace method — Is it good enough for network-wide anomaly detection , 2012, 2012 IEEE Network Operations and Management Symposium.

[24]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[25]  Donald Goldfarb,et al.  Robust Low-Rank Tensor Recovery: Models and Algorithms , 2013, SIAM J. Matrix Anal. Appl..

[26]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[27]  Jiannong Cao,et al.  Fast Tensor Factorization for Accurate Internet Anomaly Detection , 2017, IEEE/ACM Transactions on Networking.

[28]  Qi Li,et al.  Cache Assisted Randomized Sharing Counters in Network Measurement , 2018, ICPP.

[29]  Allen Y. Yang,et al.  Robust Face Recognition via Sparse Representation , 2009, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[30]  Wei Wang,et al.  Noisy Bloom Filters for Multi-Set Membership Testing , 2016, SIGMETRICS.

[31]  Jun Huang,et al.  Fast low-rank matrix approximation with locality sensitive hashing for quick anomaly detection , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[32]  Steve Uhlig,et al.  Providing public intradomain traffic matrices to the research community , 2006, CCRV.