15,822 research outputs found
Anomaly Detection Based on Indicators Aggregation
Automatic anomaly detection is a major issue in various areas. Beyond mere
detection, the identification of the source of the problem that produced the
anomaly is also essential. This is particularly the case in aircraft engine
health monitoring where detecting early signs of failure (anomalies) and
helping the engine owner to implement efficiently the adapted maintenance
operations (fixing the source of the anomaly) are of crucial importance to
reduce the costs attached to unscheduled maintenance. This paper introduces a
general methodology that aims at classifying monitoring signals into normal
ones and several classes of abnormal ones. The main idea is to leverage expert
knowledge by generating a very large number of binary indicators. Each
indicator corresponds to a fully parametrized anomaly detector built from
parametric anomaly scores designed by experts. A feature selection method is
used to keep only the most discriminant indicators which are used at inputs of
a Naive Bayes classifier. This give an interpretable classifier based on
interpretable anomaly detectors whose parameters have been optimized indirectly
by the selection process. The proposed methodology is evaluated on simulated
data designed to reproduce some of the anomaly types observed in real world
engines.Comment: International Joint Conference on Neural Networks (IJCNN 2014),
Beijing : China (2014). arXiv admin note: substantial text overlap with
arXiv:1407.088
SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis
In this paper, we propose a novel approach, called SENATUS, for joint traffic
anomaly detection and root-cause analysis. Inspired from the concept of a
senate, the key idea of the proposed approach is divided into three stages:
election, voting and decision. At the election stage, a small number of
\nop{traffic flow sets (termed as senator flows)}senator flows are chosen\nop{,
which are used} to represent approximately the total (usually huge) set of
traffic flows. In the voting stage, anomaly detection is applied on the senator
flows and the detected anomalies are correlated to identify the most possible
anomalous time bins. Finally in the decision stage, a machine learning
technique is applied to the senator flows of each anomalous time bin to find
the root cause of the anomalies. We evaluate SENATUS using traffic traces
collected from the Pan European network, GEANT, and compare against another
approach which detects anomalies using lossless compression of traffic
histograms. We show the effectiveness of SENATUS in diagnosing anomaly types:
network scans and DoS/DDoS attacks
- …