WAVE-CUSUM: Improving CUSUM performance in network anomaly detection by means of wavelet analysis

n/

Advanced Techniques for Detecting Anomalies in Backbone Networks

Con il rapido sviluppo e la crescente complessita' delle reti di computer, i meccanismi tradizionali di network security non riescono a fornire soluzioni dinamiche e integrate adatte a garantire la completa sicurezza di un sistema. In questo contesto, l’uso di sistemi per la rilevazione delle intrusioni (Intrusion Detection System - IDS) e' diventato un elemento chiave nell’ambito della sicurezza delle reti. In questo lavoro di tesi affrontiamo tale problematica, proponendo soluzioni innovative per l’intrusion detection, basate sull’uso di tecniche statistiche (Wavelet Aanalysis, Principal Component Analysis, etc.) la cui applicazione per la rilevazione delle anomalie nel traffico di rete, risulta del tutto originale. L’analisi dei risultati presentata, in questo lavoro di tesi, evidenzia l’efficacia dei metodi proposti

Low Latency Anomaly Detection with Imperfect Models

The problem of anomaly detection deals with detecting abrupt changes/anomalies in the distribution of sequentially observed data in a stochastic system. This problem applies to many applications, such as signal processing, intrusion detection, quality control, medical diagnosis, etc. A low latency anomaly detection algorithm, which is based on the framework of quickest change detection (QCD), aims at minimizing the detection delay of anomalies in the sequentially observed data while ensuring satisfactory detection accuracy. Moreover, in many practical applications, complete knowledge of the post-change distribution model might not be available due to the unexpected nature of the change. Hence, the objective of this dissertation is to study low latency anomaly detection or QCD algorithms for systems with imperfect models such that any type of abnormality in the system can be detected as quickly as possible for reliable and secured system operations. This dissertation includes the theoretical foundations behind these low latency anomaly detection algorithms along with real-world applications. First, QCD algorithms are designed for detecting changes in systems with multiple post-change models under both Bayesian and non-Bayesian settings. Next, a QCD algorithm is studied for real-time detection of false data injection attacks in smart grids with dynamic models. Finally, a QCD algorithm for detecting wind turbine bearing faults is developed by analyzing the statistical behaviors of stator currents generated by the turbines. For all the proposed algorithms, analytical bounds of the system performance metrics are derived using asymptotic analysis and the simulation results show that the proposed algorithms outperform existing algorithms

Dirichlet Process Gaussian Mixture Models for Real-Time Monitoring and Their Application to Chemical Mechanical Planarization

The goal of this work is to use sensor data for online detection and identification of process anomalies (faults). In pursuit of this goal, we propose Dirichlet process Gaussian mixture (DPGM) models. The proposed DPGM models have two novel outcomes: 1) DP-based statistical process control (SPC) chart for anomaly detection and 2) unsupervised recurrent hierarchical DP clustering model for identification of specific process anomalies. The presented DPGM models are validated using numerical simulation studies as well as wireless vibration signals acquired from an experimental semiconductor chemical mechanical planarization (CMP) test bed. Through these numerically simulated and experimental sensor data, we test the hypotheses that DPGM models have significantly lower detection delays compared with SPC charts in terms of the average run length (ARL1) and higher defect identification accuracies (F-score) than popular clustering techniques, such as mean shift. For instance, the DP-based SPC chart detects pad wear anomaly in CMP within 50 ms, as opposed to over 140 ms with conventional control charts. Likewise, DPGM models are able to classify different anomalies in CMP

Anomaly detection mechanisms to find social events using cellular traffic data

The design of new tools to detect on-the-fly traffic anomaly without scalability problems is a key point to exploit the cellular system for monitoring social activities. To this goal, the paper proposes two methods based on the wavelet analysis of the cumulative cellular traffic. The utilisation of the wavelets permits to easily filter “normal” traffic anomalies such as the periodic trends present in the cellular traffic. The two presented approaches, denoted as Spatial Analysis (SA) and Time Analysis (TA), differ on how they consider the spatial information of the traffic data. We examine the performance of the considered algorithms using cellular traffic data acquired from one the most important Italian Mobile Network Operator in the city of Milan throughout December 2013. The results highlight the weak points of TA and some important features of SA. Both approaches overcome the performance of one reference algorithm present in literature. The strategy used in the SA emerges as the most suitable for exploiting the spatial correlation when we aim at the detection of the traffic anomaly focused on the localisation of social events

Fault Detection and Diagnosis Encyclopedia for Building Systems:A Systematic Review

This review aims to provide an up-to-date, comprehensive, and systematic summary of fault detection and diagnosis (FDD) in building systems. The latter was performed through a defined systematic methodology with the final selection of 221 studies. This review provides insights into four topics: (1) glossary framework of the FDD processes; (2) a classification scheme using energy system terminologies as the starting point; (3) the data, code, and performance evaluation metrics used in the reviewed literature; and (4) future research outlooks. FDD is a known and well-developed field in the aerospace, energy, and automotive sector. Nevertheless, this study found that FDD for building systems is still at an early stage worldwide. This was evident through the ongoing development of algorithms for detecting and diagnosing faults in building systems and the inconsistent use of the terminologies and definitions. In addition, there was an apparent lack of data statements in the reviewed articles, which compromised the reproducibility, and thus the practical development in this field. Furthermore, as data drove the research activity, the found dataset repositories and open code are also presented in this review. Finally, all data and documentation presented in this review are open and available in a GitHub repository