Silhouettes: a graphical aid to the interpretation and validation of cluster analysis
Journal of Computational and Applied Mathematics
Applied multivariate statistical analysis
Applied multivariate statistical analysis
On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Self-organizing maps
LOF: identifying density-based local outliers
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Distance-based outliers: algorithms and applications
The VLDB Journal — The International Journal on Very Large Data Bases
A Computer Host-Based User Anomaly Detection System Using the Self-Organizing Map
IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 5 - Volume 5
Multivariate Statistical Analysis of Network Traffic for Intrusion Detection
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Characterization of CDMA2000 Cellular Data Network Traffic
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Pattern Recognition and Machine Learning (Information Science and Statistics)
Pattern Recognition and Machine Learning (Information Science and Statistics)
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
Network traffic analysis using singular value decomposition and multiscale transforms
Information Sciences: an International Journal
IEEE Transactions on Pattern Analysis and Machine Intelligence
Advanced analysis methods for 3G cellular networks
IEEE Transactions on Wireless Communications
Clustering of the self-organizing map
IEEE Transactions on Neural Networks
Real anomaly detection in telecommunication multidimensional data using data mining techniques
ICCCI'10 Proceedings of the Second international conference on Computational collective intelligence: technologies and applications - Volume PartI
Information Sciences: an International Journal
Bio-inspired enhancement of reputation systems for intelligent environments
Information Sciences: an International Journal
| Hi-index | 0.07 |
Huge amounts of operation data are constantly collected from various parts of communication networks. These data include measurements from the radio connections and system logs from servers. System operators and developers need robust, easy to use decision support tools based on these data. One of their key applications is to detect anomalous phenomena of the network. In this paper we present an anomaly detection method that describes the normal states of the system with a self-organizing map (SOM) identified from the data. Large deviation in the data samples from the SOM nodes is detected as anomalous behavior. Large deviation has traditionally been detected using global thresholds. If variation of the data occurs in separate parts of the data space, the global thresholds either fail to reveal anomalies or reveal false anomalies. Instead of one global threshold, we can use local thresholds, which depend on the local variation of the data. We also present a method to find an adaptive threshold using the distribution of the deviations. Our anomaly detection method can be used both in exploration of history data or comparison of unforeseen data against a data model derived from history data. It is applicable to wide range of processes that produce multivariate data. In this paper we present examples of this method applied to server log data and radio interface data from mobile networks.