COD: online temporal clustering for outbreak detection

Authors:
Tomáš Šingliar;Denver H. Dash
Affiliations:
Department of Computer Science, University of Pittsburgh, Pittsburgh, PA;Intel Research, Pittsburgh, PA and Department of Biomedical Informatics, University of Pittsburgh, Pittsburgh, PA
Venue:
AAAI'07 Proceedings of the 22nd national conference on Artificial intelligence - Volume 1
Year:
2007

Citing 10
Cited 1

A model for reasoning about persistence and causation

Computational Intelligence
Efficient Approximations for the MarginalLikelihood of Bayesian Networks with Hidden Variables

Machine Learning - Special issue on learning with probabilistic representations
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Bayesian biosurveillance of disease outbreaks

UAI '04 Proceedings of the 20th conference on Uncertainty in artificial intelligence
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Very fast containment of scanning worms

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On the effectiveness of distributed worm monitoring

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An adaptive anomaly detector for worm detection

SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
When gossip is good: distributed probabilistic inference for detection of slow network intrusions

AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2

Collaborative defence as a pervasive service: architectural insights and validation methodologies of a trial deployment

International Journal of Sensor Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present Cluster Onset Detection (COD), a novel algorithm to aid in detection of epidemic outbreaks. COD employs unsupervised learning techniques in an online setting to partition the population into subgroups, thus increasing the ability to make a detection over the population as a whole by decreasing the signal-to-noise ratio. The method is adaptive and able to alter its clustering in real-time without the need for detailed background knowledge of the population. COD attempts to detect a cluster made up primarily of infected hosts. We argue that this technique is largely complementary to the existing methods for outbreak detection and can generally be combined with one or more of them. We show empirical results applying COD to the problem of detecting a worm attack on a system of networked computers, and show that thIs method results in approximately 40% lower infection rate at a false positive rate of 1 per week than the best previously reported results on this data set achieved using an HMM model customized for the outbreak detection task.