Title: A Streaming Model for Anomaly Detection in Communication Networks: A Renewal Theory Approach
Speaker: Brian Thompson, CS, Rutgers University
Date: Monday, February 21, 2011 12:00 - 1:00 pm
Location: DIMACS Center, CoRE Bldg, Room 431, Rutgers University, Busch Campus, Piscataway, NJ
Abstract:
Anomaly detection has a wide range of real-world applications, including: monitoring computer network usage, virus detection (computer or human), credit card fraud detection, and natural disaster prediction. Unprecedented growth in the capability to collect massive amounts of data has revolutionized the field. Gigabytes of data from communication networks such as cell phone, email, and internet traffic are captured every second, introducing new challenges in efficiency and scalability. Furthermore, communication data is highly dynamic, so a comprehensive solution should exploit temporal as well as relational aspects of network communication.
In this work we propose an approach to anomaly detection in streaming communication data that is able to leverage the wealth of temporal and relational information inherent in the data. We first build a stochastic model for the system based on temporal communication patterns across each edge, which we call the REWARDS (REneWal theory Approach for Real-time Data Streams) model. We then define a measure of anomaly for an arbitrary subgraph based on the likelihood of its recent activity given past behavior. Finally, we develop an algorithm to efficiently identify subgraphs with the most anomalous activity. Experiments on a variety of real-world datasets show the effectiveness and scalability of our approach.
Joint work with J. Abello.