Skip to main content

Anomaly detection in distributed networks

Article Category

Article available in the folowing languages:

Signalling the abnormal

The assessment and analysis of a computer network's ability to detect anomalies is a hot research topic. Advances in this area are important for applications ranging from surveillance systems to complex biological networks.

Digital Economy

The 'Anomaly detection in distributed networks' (DAD) project focused on distributed and non-parametric anomaly (novelty) detection. The EU-funded project considered this problem under complex, large-scale, distributed and constantly changing network conditions. Researchers used spatiotemporal graphical models and existing message-passing methods to study the fundamental performance bounds and analyse data and real world measurements. One of the project's results was the development of a distributed version of principal component analysis (PCA), a classical method that has proved successful for anomaly detection in high dimensional settings. However, standard PCA involves various parameters not easily implemented in distributed networks. Project partners therefore aimed to combine PCA with a specific graphical model that allows for decentralised processing. In this way, DAD partners were able to implement a distributed PCA method based on message passing and then identify a prior conditional independence graph that facilitated distributed anomaly detection in the network. The performance of the derived methodology was compared to existing methods, and its advantage was demonstrated using a real world dataset. On completion of the project, a unified framework for distributed anomaly detection in networks was proposed, and novel algorithms had been derived and analysed. Results were presented in conferences and accepted for publication in a leading journal. The DAD project contributed significant theoretical and practical worth to the current state of the art in distributed network design and anomaly detection analysis. The resulting distributed anomaly detection method is applicable to many practical networks that operate in accordance with internal conditional independence structures.

Discover other articles in the same domain of application