home · mobile · calendar · colloquia · 2006-2007 · 

Colloquium - Coates

Network Monitoring: Sequential Online Anomaly Detection
McGill University

High-speed backbones are continually affected by network anomalies generated by a wide range of sources, from malicious denial-of-service attacks and viruses to harmless large data transfers and accidental equipment failures. Different types of anomaly affect the network in different ways, and it is difficult to know a priori how a potential anomaly will exhibit itself in traffic statistics. In this talk I will describe an online, sequential anomaly detection algorithm, suitable for use with multivariate data. The proposed algorithm is based on the kernel version of the celebrated recursive least squares algorithm. It assumes no model for network traffic or anomalies, and constructs and adapts a dictionary of features that approximately spans the subspace of normal network behaviour. The algorithm raises an alarm immediately upon encountering a deviation from the norm. Through comparison with existing block-based off-line methods based upon Principal Component Analysis, I will demonstrate that the online algorithm is equally effective but has much faster time-to-detection and lower computational complexity.

Mark Coates received the BE degree (first class honours) in computer systems engineering from the University of Adelaide, Australia, in 1995, and a PhD degree in information engineering from the University of Cambridge, U.K., in 1999. Currently, he is an Assistant Professor at McGill University, Montreal, Canada. He was awarded the Texas Instruments Postdoctoral Fellowship in 1999 and was a research associate and lecturer at Rice University, Texas, from 1999-2001. His research interests include network monitoring and modeling, sensor/actuator networks, statistical signal processing, causal analysis, and Bayesian and Monte Carlo inference.

This talk is sponsored by the Department of Electrical and Computer Engineering.

Department of Computer Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
May 5, 2012 (14:13)