Signalling the abnormal
The 'Anomaly detection in distributed networks' (DAD) project focused on distributed and non-parametric anomaly (novelty) detection. The EU-funded project considered this problem under complex, large-scale, distributed and constantly changing network conditions. Researchers used spatiotemporal graphical models and existing message-passing methods to study the fundamental performance bounds and analyse data and real world measurements. One of the project's results was the development of a distributed version of principal component analysis (PCA), a classical method that has proved successful for anomaly detection in high dimensional settings. However, standard PCA involves various parameters not easily implemented in distributed networks. Project partners therefore aimed to combine PCA with a specific graphical model that allows for decentralised processing. In this way, DAD partners were able to implement a distributed PCA method based on message passing and then identify a prior conditional independence graph that facilitated distributed anomaly detection in the network. The performance of the derived methodology was compared to existing methods, and its advantage was demonstrated using a real world dataset. On completion of the project, a unified framework for distributed anomaly detection in networks was proposed, and novel algorithms had been derived and analysed. Results were presented in conferences and accepted for publication in a leading journal. The DAD project contributed significant theoretical and practical worth to the current state of the art in distributed network design and anomaly detection analysis. The resulting distributed anomaly detection method is applicable to many practical networks that operate in accordance with internal conditional independence structures.
