Distributed PCA and Network Anomaly Detection
Ling Huang, Xuanlong Nguyen, Minos Garofalakis, Michael Jordan, Anthony D. Joseph and Nina Taft
EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2006-99
July 14, 2006
http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.pdf
We consider the problem of network anomaly detection given the data collected and processed over large distributed systems. Our algorithmic framework can be seen as an approximate, distributed version of the well-known Principal Component Analysis (PCA) method, which is concerned with continuously tracking the behavior of the data projected onto the residual subspace of the principal components within error bound guarantees. Our approach consists of a protocol for local processing at individual monitoring devices, and global decision-making and monitoring feedback at a coordinator. A key ingredient of our framework is an analytical method based on stochastic matrix perturbation theory for balancing the tradeoff between the accuracy of our approximate network anomaly detection, and the amount of data communication over the network.
BibTeX citation:
@techreport{Huang:EECS-2006-99,
Author = {Ling Huang and Xuanlong Nguyen and Minos Garofalakis and Michael Jordan and Anthony D. Joseph and Nina Taft},
Title = {Distributed PCA and Network Anomaly Detection},
Institution = {EECS Department, University of California, Berkeley},
Year = {2006},
Month = {Jul},
URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.html},
Number = {UCB/EECS-2006-99}
}
EndNote citation:
%0 Report %A Huang, Ling %A Nguyen, Xuanlong %A Garofalakis, Minos %A Jordan, Michael %A Joseph, Anthony D. %A Taft, Nina %T Distributed PCA and Network Anomaly Detection %I EECS Department, University of California, Berkeley %D 2006 %8 July 14 %@ UCB/EECS-2006-99 %U http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-99.html %F Huang:EECS-2006-99