Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Distributed PCA and Network Anomaly Detection

Ling Huang, Xuanlong Nguyen, Minos Garofalakis, Michael Jordan, Anthony D. Joseph and Nina Taft

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2006-99
July 14, 2006

http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.pdf

We consider the problem of network anomaly detection given the data collected and processed over large distributed systems. Our algorithmic framework can be seen as an approximate, distributed version of the well-known Principal Component Analysis (PCA) method, which is concerned with continuously tracking the behavior of the data projected onto the residual subspace of the principal components within error bound guarantees. Our approach consists of a protocol for local processing at individual monitoring devices, and global decision-making and monitoring feedback at a coordinator. A key ingredient of our framework is an analytical method based on stochastic matrix perturbation theory for balancing the tradeoff between the accuracy of our approximate network anomaly detection, and the amount of data communication over the network.


BibTeX citation:

@techreport{Huang:EECS-2006-99,
    Author = {Huang, Ling and Nguyen, Xuanlong and Garofalakis, Minos and Jordan, Michael and Joseph, Anthony D. and Taft, Nina},
    Title = {Distributed PCA and Network Anomaly Detection},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2006},
    Month = {Jul},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.html},
    Number = {UCB/EECS-2006-99},
    Abstract = {We consider the problem of network anomaly detection given
the data collected and processed over large distributed systems.
Our algorithmic framework can be seen as an approximate, 
distributed version of the well-known Principal Component Analysis (PCA)
method, which is concerned with continuously tracking the behavior 
of the data projected onto the residual subspace of the principal 
components within error bound guarantees. 
Our approach consists of a protocol for local processing at 
individual monitoring devices, and global decision-making and 
monitoring feedback at a coordinator.
A key ingredient of our framework is an analytical
method based on stochastic matrix perturbation theory for
balancing the tradeoff between the accuracy of our approximate 
network anomaly detection, and the amount of data communication 
over the network.}
}

EndNote citation:

%0 Report
%A Huang, Ling
%A Nguyen, Xuanlong
%A Garofalakis, Minos
%A Jordan, Michael
%A Joseph, Anthony D.
%A Taft, Nina
%T Distributed PCA and Network Anomaly Detection
%I EECS Department, University of California, Berkeley
%D 2006
%8 July 14
%@ UCB/EECS-2006-99
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.html
%F Huang:EECS-2006-99