Title :
Applying PCA for Traffic Anomaly Detection: Problems and Solutions
Author :
Brauckhoff, Daniela ; Salamatian, Kave ; May, Martin
Author_Institution :
ETH Zurich, Zurich
Abstract :
Spatial Principal Component Analysis (PCA) has been proposed for network-wide anomaly detection. A recent work has shown that PCA is very sensitive to calibration settings. Unfortunately, the authors did not provide further explanations for this observation. In this paper, we fill this gap and provide the reasoning behind the found discrepancies. We revisit PCA for anomaly detection and evaluate its performance on our data. We develop a slightly modified version of PCA that uses only data from a single router. Instead of correlating data across different spatial measurement points, we correlate the data across different metrics. With the help of the analyzed data, we explain the pitfalls of PCA and underline our argumentation with measurement results. We show that the main problem is that PCA fails to capture temporal correlation. We propose a solution to deal with this problem by replacing PCA with the Karhunen-Loeve transform. We find that when we consider temporal correlation, anomaly detection results are significantly improved.
Keywords :
Karhunen-Loeve transforms; principal component analysis; telecommunication traffic; Karhunen-Loeve transform; PCA; calibration settings; network-wide anomaly detection; spatial measurement points; spatial principal component analysis; temporal correlation; traffic anomaly detection; Calibration; Communications Society; Data analysis; Karhunen-Loeve transforms; Predictive models; Principal component analysis; Random variables; Signal processing; Stochastic processes; Telecommunication traffic;
Conference_Titel :
INFOCOM 2009, IEEE
Conference_Location :
Rio de Janeiro
Print_ISBN :
978-1-4244-3512-8
Electronic_ISBN :
0743-166X
DOI :
10.1109/INFCOM.2009.5062248
