Network anomaly detection based on Eigen equation compression

This paper addresses the issue of unsupervised network anomaly detection. In recent years, networks have played more and more critical roles. Since their outages cause serious economic losses, it is quite significant to monitor their changes over time and to detect anomalies as early as possible. In this paper, we specifically focus on the management of the whole network. In it, it is important to detect anomalies which make great impact on the whole network, and the other local anomalies should be ignored. Further, when we detect the former anomalies, it is required to localize nodes responsible for them. It is challenging to simultaneously perform the above two tasks taking into account the nonstationarity and strong correlations between nodes. We propose a network anomaly detection method which resolves the above two tasks in a unified way. The key ideas of the method are: (1)construction of quantities representing feature of a whole network and each node from the same input based on eigen equation compression, and (2)incremental anomalousness scoring based on learning the probability distribution of the quantities. We demonstrate through the experimental results using two benchmark data sets and a simulation data set that anomalies of a whole network and nodes responsible for them can be detected by the proposed method.

[1]  Philip S. Yu,et al.  Local Correlation Tracking in Time Series , 2006, Sixth International Conference on Data Mining (ICDM'06).

[2]  Eamonn J. Keogh,et al.  UCR Time Series Data Mining Archive , 1983 .

[3]  Jimeng Sun,et al.  Less is More: Compact Matrix Decomposition for Large Sparse Graphs , 2007, SDM.

[4]  Jimeng Sun,et al.  Neighborhood formation and anomaly detection in bipartite graphs , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[5]  Jaideep Srivastava,et al.  Event detection from time series data , 1999, KDD '99.

[6]  White,et al.  Density matrix formulation for quantum renormalization groups. , 1992, Physical review letters.

[7]  A. Rukhin Matrix Variate Distributions , 1999, The Multivariate Normal Distribution.

[8]  Sarika Jalan,et al.  Universality in complex networks: random matrix analysis. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  Gene H. Golub,et al.  Matrix computations , 1983 .

[10]  Eamonn J. Keogh,et al.  Finding the most unusual time series subsequence: algorithms and applications , 2006, Knowledge and Information Systems.

[11]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[12]  Kenji Yamanishi,et al.  Dynamic syslog mining for network failure monitoring , 2005, KDD '05.

[13]  Kenji Yamanishi,et al.  A unifying framework for detecting outliers and change points from non-stationary time series data , 2002, KDD.

[14]  Spiros Papadimitriou,et al.  Computing Correlation Anomaly Scores Using Stochastic Nearest Neighbors , 2007, Seventh IEEE International Conference on Data Mining (ICDM 2007).

[15]  Gene H. Golub,et al.  Matrix computations (3rd ed.) , 1996 .

[16]  Hisashi Kashima,et al.  Eigenspace-based anomaly detection in computer systems , 2004, KDD.