Drexel University - Comprehensive, integrated academics enhanced by co-operative education, technology, and research opportunities. | Drexel University
Drexel University
Search events. View events.

All Categories

Click for help in using calendar displays. Print the contents of the current screen.
Display Format: 
Event Details
Notify me if this event changes.Add this event to my personal calendar.
Go Back
PhD Dissertation Defense: Adaptive Sampling and Statistical Inference for Anomaly Detection
Start Date: 11/20/2015Start Time: 11:00 AM
End Date: 11/20/2015End Time: 1:00 PM

Event Description
Ph.D. Dissertation Defense of Tingshan Huang on Adaptive Sampling and Statistical Inference for Anomaly Detection
 
Advisors
Drs. Nagarajan Kandasamy and Harish Sethu
 
Abstract
Given the rising threat of malware and the increasing inadequacy of signature-based solutions, online performance monitoring has emerged as a critical component of the security infrastructure of data centers and networked systems. Most of the systems that require monitoring are usually large-scale, highly dynamic and time-evolving. These facts add to the complexity of both monitoring and the underlying techniques for anomaly detection. Furthermore, one cannot ignore the costs associated with monitoring and detection which can interfere with the normal operation of a system and deplete the supply of resources available for the system. Therefore, securing modern systems calls for efficient monitoring strategies and anomaly detection techniques that can deal with massive data with high efficiency and report unusual events effectively.
 
This dissertation contributes new algorithms and implementation strategies toward a significant improvement in the effectiveness and efficiency of two components of security infrastructure: (1) system monitoring and (2) anomaly detection. For system monitoring purposes, we develop two techniques which reduce the cost associated with information collection: i) a non-sampling technique and ii) a sampling technique. The non-sampling technique is based on compression and employs the best basis algorithm to automatically select the basis for compressing the data according to the structure of the data. The sampling technique improves upon compressive sampling, a recent signal processing technique for acquiring data at low cost. This enhances the technique of compressive sampling by employing it in an adaptive-rate model wherein the sampling rate for compressive sampling is adaptively tuned to the data being sampled. Our simulation results on measurements collected from a data center show that these two data collection techniques achieve small information loss with reduced monitoring cost. The best basis algorithm can select the basis in which the data is most concisely represented, allowing a reduced sample size for monitoring. The adaptive-rate model for compressive sampling allows us to save 70% in sample size, compared with the constant-rate model.
 
For anomaly detection, this dissertation develops three techniques to allow efficient detection of anomalies. In the first technique, we exploit the properties maintained in the samples of compressive sampling and apply state-of-the-art anomaly detection techniques directly to compressed measurements. Simulation results show that the detection rate of abrupt changes using the compressed measurements is greater than 95% when the size of the measurements is only 18%. In our second approach, we characterize performance-related measurements as a stream of covariance matrices, one for each designated window of time, and then propose a new metric to quantify changes in the covariance matrices. The observed changes are then employed to infer anomalies in the system. In our third approach, anomalies in a system are detected using a low-complexity distributed algorithm when only steams of raw measurement vectors, one for each time window, are available and distributed among multiple locations. We apply our techniques on real network traffic data and show that these two techniques improve detection performance when compared with traditional methods.
Contact Information:
Name: Electrical and Computer Engineering Department
Phone: (215) 895-2241
Email: ece@drexel.edu
Electrical and Computer Engineering Department
Location:
Bossone 302
Audience:
  • Graduate Students
  • Faculty

  • Display Month:

    Advanced Search (New Search)
    Date Range:
    Time Range:
    Category(s):
    Audience: 

    Special Features: 

    Keyword(s):
    Submit
    Select item(s) to Search



    Select item(s) to Search
    Select item(s) to Search
    Select item(s) to Search