skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2006-2007 · 
 

Colloquium - Coates

 
10/9/2006
11:00am-12:00pm
ECEE 1B55

Network Monitoring: Sequential Online Anomaly Detection
McGill University
Mark Coates photo

High-speed backbones are continually affected by network anomalies generated by a wide range of sources, from malicious denial-of-service attacks and viruses to harmless large data transfers and accidental equipment failures. Different types of anomaly affect the network in different ways, and it is difficult to know a priori how a potential anomaly will exhibit itself in traffic statistics. In this talk I will describe an online, sequential anomaly detection algorithm, suitable for use with multivariate data. The proposed algorithm is based on the kernel version of the celebrated recursive least squares algorithm. It assumes no model for network traffic or anomalies, and constructs and adapts a dictionary of features that approximately spans the subspace of normal network behaviour. The algorithm raises an alarm immediately upon encountering a deviation from the norm. Through comparison with existing block-based off-line methods based upon Principal Component Analysis, I will demonstrate that the online algorithm is equally effective but has much faster time-to-detection and lower computational complexity.

Mark Coates received the BE degree (first class honours) in computer systems engineering from the University of Adelaide, Australia, in 1995, and a PhD degree in information engineering from the University of Cambridge, U.K., in 1999. Currently, he is an Assistant Professor at McGill University, Montreal, Canada. He was awarded the Texas Instruments Postdoctoral Fellowship in 1999 and was a research associate and lecturer at Rice University, Texas, from 1999-2001. His research interests include network monitoring and modeling, sensor/actuator networks, statistical signal processing, causal analysis, and Bayesian and Monte Carlo inference.

This talk is sponsored by the Department of Electrical and Computer Engineering.


The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

 
See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Questions/Comments?
Send email to

Engineering Center Office Tower
ECOT 717
+1-303-492-7514
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)
 
.