2013 IEEE 13th International Conference on Data Mining Workshops (2010)
Dec. 13, 2010 to Dec. 13, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDMW.2010.90
We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.
network anomaly detection, principal component analysis, distance-based approach, density-based approach, commute distance based approach
Zainab Zaidi, Sanjay Chawla, Nguyen Lu Dang Khoa, Tahereh Babaie, "Network Anomaly Detection Using a Commute Distance Based Approach", 2013 IEEE 13th International Conference on Data Mining Workshops, vol. 00, no. , pp. 943-950, 2010, doi:10.1109/ICDMW.2010.90