Adding rigor to the comparison of anomaly detector outputs
Size: px
Start display at page:

Download "Adding rigor to the comparison of anomaly detector outputs"

Transcription

1 Adding rigor to the comparison of anomaly detector outputs Romain Fontugne, National Institute of Informatics / SOKENDAI, Tokyo Pierre Borgnat, Physics Lab, CNRS, ENS Lyon Patrice Abry, Physics Lab, CNRS, ENS Lyon Kensuke Fukuda, National Institute of Informatics / PRESTO JST, Tokyo April 25, 2010 Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 1

2 Motivation Anomaly detection in backbone traffic Active research domain Wavelet [IMC 02], PCA [SIGCOMM 05, SIGMETRICS 07], gamma law [LSAD 07], association rule [IMC 09]... Tricky evaluation, lack of common ground truth: Manual inspection Synthetic traffic Comparison with other methods Similar problems arise in traffic classification Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 2

3 Goal Long term goal: Provide common ground truth data Labeling MAWI archive Combining several anomaly detector results Ground truth relative to the state of the art Goal of this work: Find relations between outputs of different classifiers Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 3

4 Problem statement: Eventx=Eventy?? Event (= anomaly detector s alarm) Set of traffic feature containing at least 2 timestamps and one traffic feature. i.e. one flow, one IP address, a set of flows, a set of packets... Main difficulties Different granularities: Event1=Event2?=Event3? Overlapping: Event4=Event5? Different points of view: Event1=Event6? Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 4

5 Proposed method Approach Identify similar events by using community mining on graph Overview Oracle: Uncover relations between traffic and events Graph gen.: Represent events and their relations in a graph Community Mining: Find similar events by looking at dense components Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 5

6 Oracle Uncover relations between original traffic and events List the events that match each packet of the original traffic i.e. pkt1:{ip1 : 80 IP2 : 12345} = Event1:{srcIP = IP1} Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 6

7 Graph generator Build a non-directed weighted graph from the Oracle output Nodes are events and edges are shared packets Weight on each edge: similarity measure, Simpson index, E 1 E 2 / min( E 1, E 2 ), E i : packets matching event i Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 7

8 Community mining Identify community (= dense component) in the graph Louvain algorithm 1 : based on Modularity 2 Take into account node connectivity and edge weight 1 Blondel et al.: Fast unfolding of communities in large networks. J.STAT.MECH. (2008) 2 Newman, Girvan: Finding and evaluating community structure in networks. Phys. Rev.E (Feb 2004) Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 8

9 Data and anomaly detectors Data set MAWI archive (trans-pacific link) During the outbreak of the Sasser worm (08/2004) Anomaly detectors Sketches and multiresolution gamma modeling 3 Report source or destination IP Image processing: Hough transform 4 Report set of packets 3 Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. SIGCOMM LSAD 07 4 Fontugne, R., Himura, Y., Fukuda, K.: Evaluation of anomaly detection method based on pattern recognition. IEICE Trans. on Commun. E93-B(2) (February 2010) Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 9

10 Results Graph Reported events; Gamma-based: 332, Hough-based: 873 Intersection 235 and 247 events: 124 connected components Biggest component: 47 events (G.34, H.13), 8 communities d;142055pkt s;142054pkt 1;142054pkt s;149836pkt ;142054pkt d;87904pkt 1;87904pkt s;32795pkt e-05;1pkt s;32794pkt e-05;1pkt 1;142054pkt 1;87904pkt 1;87904pkt d;67971pkt s;10616pkt 1;10616pkt s;71331pkt ;67945pkt ;10610pkt s;5098pkt d;80692pkt 1;5098pkt s;64299pkt 1;5098pkt d;102053pkt 1;5098pkt ;50961pkt s;37450pkt ;29126pkt ;80391pkt 1;64299pkt 1;37450pkt d;885pkt s;843pkt ;1pkt s;502pkt ;71pkt s;504pkt ;115pkt s;2963pkt ;1pkt 1;843pkt d;1830pkt s;940pkt ;356pkt s;7985pkt ;1751pkt s;1016pkt ;2pkt s;3307pkt ;2pkt d;635pkt ;8pkt ;706pkt d;595pkt ;1pkt ;132pkt s;860pkt d;2857pkt ;4pkt s;8083pkt ;856pkt s;384pkt ;83pkt s;6575pkt ;877pkt d;171pkt 1;171pkt d;247pkt s;386pkt 1;247pkt s;159pkt ;55pkt ;55pkt s;2777pkt d;10965pkt ;1287pkt s;12282pkt ;1912pkt s;11029pkt ;2391pkt s;2611pkt ;507pkt s;6569pkt ;1681pkt d;10835pkt ;2197pkt 1;10835pkt s;261435pkt d;3276pkt 1;3276pkt d;9815pkt 1;9815pkt d;2783pkt 1;2783pkt d;11798pkt 1;11798pkt d;4047pkt 1;4047pkt d;1442pkt 1;1442pkt s;42747pkt ;40566pkt d;20749pkt ;13040pkt ;7924pkt s;348pkt d;3769pkt 1;348pkt s;1093pkt d;1639pkt 1;1093pkt s;247pkt ;1pkt d;5933pkt s;33509pkt ;2153pkt s;21160pkt ;5910pkt d;99pkt 1;99pkt d;792pkt ;374pkt d;2380pkt ;780pkt d;994pkt ;374pkt d;297pkt 1;297pkt d;253pkt ;216pkt d;6644pkt ;1680pkt d;264pkt ;187pkt d;612pkt ;188pkt d;406pkt ;157pkt d;304pkt ;156pkt d;559pkt ;198pkt d;380pkt ;212pkt d;260pkt ;113pkt d;273pkt ;96pkt d;399pkt ;109pkt d;319pkt ;88pkt d;632pkt ;250pkt d;347pkt ;146pkt d;288pkt ;142pkt d;277pkt ;98pkt d;583pkt ;186pkt d;470pkt ;147pkt d;410pkt ;119pkt d;288pkt ;79pkt d;265pkt ;80pkt ;5544pkt 1;612pkt 1;406pkt 1;260pkt 1;277pkt 1;99pkt s;956pkt d;917pkt ;13pkt s;5210pkt ;870pkt d;356pkt ;21pkt ;44pkt s;5038pkt ;53pkt s;67012pkt ;136pkt d;185pkt ;71pkt s;450pkt d;653pkt ;154pkt d;93713pkt s;93713pkt 1;93713pkt s;98741pkt 1;93713pkt 1;93713pkt s;658pkt d;442pkt ;158pkt ;1pkt s;1287pkt ;48pkt s;273pkt d;4559pkt 1;273pkt s;465pkt ;26pkt ;363pkt ;156pkt ;169pkt s;42184pkt ;11pkt ;114pkt ;13pkt d;573pkt ;6pkt d;727pkt ;4pkt ;2pkt ;105pkt s;405pkt ;3pkt ;2pkt ;16pkt s;554pkt ;5pkt s;2515pkt ;9pkt ;2pkt ;13pkt s;1099pkt d;352pkt ;12pkt s;62pkt ;42pkt s;1079pkt d;3683pkt ;429pkt d;475pkt ;5pkt s;10212pkt ;867pkt ;3583pkt s;17701pkt ;1pkt ;27pkt ;12pkt d;1058pkt s;15083pkt ;3pkt s;30818pkt ;3pkt s;30461pkt ;3pkt s;15063pkt ;3pkt 1;15063pkt d;482pkt 1;482pkt d;1218pkt 1;1218pkt d;2305pkt 1;2305pkt d;2555pkt 1;2555pkt d;4687pkt 1;4687pkt d;286pkt ;136pkt s;5036pkt 1;5036pkt d;341pkt ;171pkt 1;4687pkt d;544pkt s;244pkt ;16pkt d;392pkt ;9pkt s;695pkt d;1185pkt ;1pkt s;551pkt ;1pkt d;1pkt 1;1pkt d;718pkt ;1pkt ;1pkt 1;32794pkt d;63363pkt s;63418pkt 1;63363pkt s;66456pkt ;62944pkt ;62944pkt d;349pkt s;8813pkt ;220pkt d;258pkt ;252pkt d;3099pkt ;78pkt d;1117pkt ;454pkt s;1522pkt 1;1522pkt d;2551pkt 1;2551pkt ;5pkt d;259pkt 1;259pkt d;1074pkt s;707pkt ;78pkt s;811pkt ;9pkt d;8097pkt ;16pkt d;4805pkt ;23pkt d;2345pkt s;374pkt ;369pkt s;301pkt 1;301pkt s;75pkt 1;75pkt s;1175pkt ;567pkt d;1760pkt s;900pkt ;442pkt s;430pkt ;8pkt s;1089pkt d;424pkt ;58pkt d;347pkt ;109pkt d;4862pkt ;64pkt d;843pkt 1;843pkt d;1097pkt ;1081pkt ;16pkt d;250pkt 1;250pkt d;11896pkt 1;11896pkt s;23207pkt ;10079pkt d;13312pkt ;647pkt ;143pkt ;22177pkt 1;13312pkt ;10488pkt d;1950pkt 0.3;129pkt s;216pkt ;155pkt s;124pkt ;41pkt s;320pkt ;51pkt s;40pkt 1;40pkt s;527pkt ;103pkt s;83pkt ;41pkt s;171pkt ;121pkt s;73pkt ;40pkt d;39pkt 1;39pkt 1;39pkt d;668pkt s;313pkt 1;313pkt d;388pkt 1;388pkt 1;313pkt s;334pkt s;173pkt 1;173pkt d;2687pkt s;2687pkt 1;2687pkt s;253pkt 1;253pkt ;70pkt ;44pkt s;2294pkt 1;2294pkt s;933pkt 1;933pkt s;3339pkt ;3319pkt d;5930pkt ;5910pkt ;1937pkt 1;3339pkt s;396pkt ;5pkt s;208pkt 1;208pkt ;5pkt d;1905pkt s;1444pkt ;1249pkt d;1962pkt ;1249pkt s;884pkt ;712pkt ;1249pkt s;259pkt d;28494pkt 1;259pkt s;73pkt 1;73pkt s;539pkt ;370pkt 1;73pkt s;43pkt ;13pkt s;552pkt 1;552pkt s;1636pkt 1;1636pkt s;975pkt ;536pkt s;793pkt ;336pkt s;1pkt 1;1pkt ;460pkt s;7290pkt s;6209pkt 1;6209pkt s;61pkt 1;61pkt d;18248pkt ;11305pkt s;460pkt ;240pkt s;239pkt 1;239pkt s;670pkt ;40pkt 1;7290pkt 1;6209pkt d;2386pkt ;191pkt s;19250pkt ;2132pkt s;70pkt 1;70pkt s;7636pkt ;1pkt d;2385pkt ;470pkt 1;70pkt ;1993pkt d;300pkt s;260pkt 1;260pkt d;7973pkt s;502pkt 1;502pkt s;210pkt 1;210pkt s;2033pkt 1;2033pkt s;1432pkt 1;1432pkt d;1548pkt 1;1548pkt ;1358pkt s;103242pkt s;107977pkt 1;103242pkt d;109463pkt s;4729pkt 1;4729pkt s;3203pkt 1;3203pkt s;3328pkt 1;3328pkt s;15073pkt ;14304pkt s;25388pkt ;24466pkt s;12554pkt 1;12554pkt s;16676pkt ;15807pkt s;5950pkt 1;5950pkt s;5050pkt ;4842pkt s;8016pkt ;7692pkt s;8103pkt ;7796pkt d;71474pkt ;67913pkt s;233pkt ;2pkt s;91pkt ;1pkt ;4635pkt 1;4729pkt 1;3203pkt 1;3203pkt 1;3328pkt 1;15073pkt 1;25388pkt 1;12554pkt 1;16676pkt d;438pkt s;3728pkt ;400pkt d;5966pkt s;30466pkt ;5pkt s;15080pkt ;5pkt s;276pkt s;4186pkt ;203pkt ;3839pkt d;29845pkt s;3831pkt ;1578pkt s;1867pkt 1;1867pkt d;27291pkt ;24723pkt 1;3831pkt 1;1867pkt d;11595pkt s;37091pkt 1;11595pkt d;1407pkt s;1399pkt ;1397pkt d;9593pkt s;8485pkt ;7453pkt s;1774pkt ;458pkt s;1143pkt 1;1143pkt s;1211pkt 1;1211pkt s;2978pkt s;58367pkt 1;2978pkt s;563pkt s;325pkt 0.84;273pkt d;4564pkt ;3198pkt s;69pkt 1;69pkt 1;1522pkt 1;2551pkt 1;1522pkt d;1481pkt ;489pkt s;1147pkt ;457pkt s;371pkt ;184pkt s;1554pkt ;484pkt ;21pkt ;1507pkt d;456pkt s;580pkt ;410pkt s;528pkt s;250pkt 0.372;93pkt d;2667pkt s;19380pkt 1;2667pkt s;603pkt s;1056pkt ;597pkt d;3661pkt s;3373pkt ;1958pkt d;4997pkt s;5005pkt 1;4997pkt d;820pkt s;1477pkt ;815pkt d;2728pkt s;675pkt ;472pkt s;46382pkt ;144pkt d;2522pkt ;269pkt d;4356pkt ;428pkt d;2105pkt 1;2105pkt d;6613pkt 1;6613pkt s;1258pkt s;5067pkt 1;1258pkt d;11009pkt s;18359pkt ;10955pkt d;322pkt s;173pkt ;172pkt s;434pkt s;121pkt 1;121pkt s;288pkt s;817pkt ;282pkt d;433pkt s;644pkt 1;433pkt d;10918pkt s;1421pkt 1;1421pkt s;10612pkt ;7409pkt s;40pkt 0.55;22pkt s;468pkt s;4216pkt ;400pkt ;130pkt ;3841pkt d;39791pkt s;2677pkt 1;2677pkt s;337pkt 1;337pkt s;6523pkt ;2332pkt s;38973pkt ;11393pkt s;19753pkt ;6728pkt s;49145pkt ;14418pkt d;80286pkt ;25666pkt 1;2677pkt ;38828pkt ;41154pkt d;762pkt 1;762pkt d;301pkt 1;301pkt d;233pkt 1;233pkt d;615pkt 1;615pkt d;440pkt ;296pkt ;144pkt d;576pkt 1;576pkt d;432pkt 1;432pkt d;729pkt 1;729pkt d;443pkt 1;443pkt s;1921pkt s;2080pkt ;1625pkt s;1595pkt s;6481pkt ;1106pkt d;625pkt s;994pkt ;607pkt d;290pkt s;38pkt 1;38pkt s;15426pkt s;15426pkt 1;15426pkt s;15004pkt s;15124pkt 1;15004pkt s;14461pkt s;14475pkt 1;14461pkt s;7972pkt s;15527pkt ;7411pkt s;14951pkt s;15112pkt 1;14951pkt s;15062pkt s;15062pkt 1;15062pkt s;15347pkt s;15347pkt 1;15347pkt s;24792pkt s;25248pkt ;24783pkt s;15174pkt s;15174pkt 1;15174pkt d;34145pkt s;33034pkt ;26820pkt s;30pkt1;30pkt d;32751pkt ;26537pkt s;3940pkt ;3507pkt 1;32751pkt d;866pkt s;15559pkt ;7pkt s;12003pkt ;3pkt s;1034pkt ;137pkt s;15204pkt s;14654pkt 1;14654pkt s;7014pkt s;7014pkt 1;7014pkt s;15553pkt s;15553pkt 1;15553pkt s;15795pkt s;15554pkt ;15448pkt s;14806pkt s;14806pkt 1;14806pkt s;9378pkt s;9378pkt 1;9378pkt s;15408pkt s;15216pkt 1;15216pkt s;7686pkt s;7811pkt 1;7686pkt d;3318pkt s;182pkt 1;182pkt d;2465pkt s;2310pkt 1;2310pkt d;1750pkt ;1585pkt ;1585pkt d;444pkt s;761pkt ;284pkt s;580pkt ;2pkt d;384pkt s;7074pkt ;3pkt s;7912pkt ;3pkt s;4558pkt s;4816pkt ;4511pkt s;15324pkt s;15324pkt 1;15324pkt s;11556pkt d;4943pkt 1;4943pkt s;1735pkt d;1037pkt ;723pkt d;1374pkt ;908pkt s;8531pkt d;8684pkt 1;8531pkt s;1980pkt d;1792pkt 1;1792pkt d;59719pkt s;59670pkt 1;59670pkt s;61947pkt ;59343pkt d;655pkt ;215pkt d;60507pkt ;58741pkt ;165pkt ;59343pkt ;215pkt ;58741pkt ;165pkt ;215pkt 1;60507pkt ;165pkt ;215pkt ;165pkt ;165pkt s;352pkt ;16pkt s;273pkt 1;273pkt s;13451pkt d;6522pkt 1;6522pkt s;4198pkt d;1901pkt ;1864pkt s;6852pkt d;138pkt ;67pkt s;497pkt d;453pkt 1;453pkt s;4126pkt d;1599pkt 1;1599pkt s;3830pkt d;1498pkt ;1470pkt s;217pkt d;237pkt 1;217pkt s;461pkt d;184pkt ;7pkt s;364pkt d;233pkt ;182pkt s;842pkt d;2324pkt ;766pkt s;14707pkt d;14593pkt 1;14593pkt s;302pkt d;152pkt 1;152pkt s;946pkt d;1351pkt 1;946pkt s;293pkt d;96pkt 1;96pkt s;361pkt s;361pkt 1;361pkt s;264pkt s;264pkt 1;264pkt d;367pkt s;755pkt ;352pkt s;1152pkt s;1281pkt ;1054pkt s;2016pkt s;24pkt 1;24pkt s;12957pkt s;12916pkt 1;12916pkt s;15335pkt s;14899pkt 1;14899pkt s;823pkt s;880pkt 1;823pkt s;235pkt s;215pkt 1;215pkt s;10521pkt s;15429pkt 1;10521pkt s;105pkt s;71pkt 1;71pkt s;898pkt s;796pkt 1;796pkt s;505pkt s;505pkt 1;505pkt s;226pkt s;461pkt 1;226pkt s;245pkt s;229pkt 1;229pkt s;489pkt s;720pkt 1;489pkt s;408pkt s;853pkt 1;408pkt d;431pkt s;278pkt ;2pkt d;769pkt ;8pkt s;158pkt ;1pkt d;375pkt s;5289pkt ;1pkt Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 10

11 Simple connected components Two event component 86 small components, mainly Sasser Gamma-based = red; Hough-based = green (1) Sasser infected host. (2) Different src.ip and dest.ip. Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 11

12 Large connected components I Large component with one community 38 components having more than two events RSync traffic identified by 5 events Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 12

13 Large connected components II DNS traffic 29 events in which 27 are from the gamma-based detector Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 13

14 Communities in components Distinct traffics Network scan on port 3128 and nntp traffic Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 14

15 Communities in components Same kind of traffic 14 events reporting HTTP traffic s;273pkt s;352pkt s;396pkt 1;273pkt ;16pkt ;5pkt 1;208pkt d;4805pkt s;208pkt ;5pkt ;44pkt ;9pkt s;811pkt ;23pkt d;1074pkt 1;253pkt ;78pkt s;253pkt ;70pkt s;707pkt ;16pkt d;8097pkt 1;2294pkt 1;933pkt ;3319pkt s;2294pkt s;933pkt s;3339pkt ;5910pkt ;1937pkt 1;3339pkt d;5930pkt Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 15

16 Discussion Advantages Uncover relations between classifier outputs Able to compare outputs of different kinds of classifiers Applications Comparing/combining anomaly detectors Clarifying output of a single detector Understanding detector sensitivity to parameter tuning Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 16

17 Conclusion and future work Conclusion Uncover relations between classifiers outputs Graph theory General and rigorous method Future work Deeper analysis of the method Combining anomaly detectors Labelling MAWI Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 17

18 Thank you! Questions? Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 18

19 [1] Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: Uncovering relations between traffic classifiers and anomaly detectors via graph theory. TMA (2010) Adding rigor to the comparison of anomaly detector outputs, Fontugne, Borgnat, Abry, Fukuda 19

Similar documents

An Automatic and Dynamic Parameter Tuning of a Statistic-based Anomaly Detection Algorithm

An Automatic and Dynamic Parameter Tuning of a Statistic-based Anomaly Detection Algorithm An Automatic and Dynamic Parameter Tuning of a Statistic-based Anomaly Detection Algorithm Yosuke Himura The University of Tokyo him@hongo.wide.ad.jp Kensuke Fukuda National Institute of Informatics /

More information

An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm

An evaluation of automatic parameter tuning of a statistics-based anomaly detection algorithm INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT Int. J. Network Mgmt ; : 95 6 Published online in Wiley Online Library (wileyonlinelibrary.com) DOI:./nem.749 An evaluation of automatic parameter tuning of

More information

Anomaly Extraction in Backbone Networks using Association Rules

Anomaly Extraction in Backbone Networks using Association Rules 1 Anomaly Extraction in Backbone Networks using Association Rules Daniela Brauckhoff, Xenofontas Dimitropoulos, Arno Wagner, and Kave Salamatian TIK-Report 309 ftp://ftp.tik.ee.ethz.ch/pub/publications/tik-report-309.pdf

More information

ADMIRE: Anomaly Detection Method Using Entropy-based PCA with Three-step Sketches

ADMIRE: Anomaly Detection Method Using Entropy-based PCA with Three-step Sketches ADMIRE: Anomaly Detection Method Using Entropy-based PCA with Three-step Sketches Yoshiki Kanda a, Romain Fontugne b, Kensuke Fukuda b,c, Toshiharu Sugawara a a Graduate School of Fundamental Science and

More information

MINING ANOMALOUS ELECTRICITY CONSUMPTION USING ENSEMBLE EMPIRICAL MODE DECOMPOSITION

MINING ANOMALOUS ELECTRICITY CONSUMPTION USING ENSEMBLE EMPIRICAL MODE DECOMPOSITION MINING ANOMALOUS ELECTRICITY CONSUMPTION USING ENSEMBLE EMPIRICAL MODE DECOMPOSITION Romain Fontugne,, Nicolas Tremblay 3, Pierre Borgnat 3, Patrick Flandrin 3, Hiroshi Esaki The University of Tokyo JFLI,

More information

A Comparative Study of Two Network-based Anomaly Detection Methods

A Comparative Study of Two Network-based Anomaly Detection Methods A Comparative Study of Two Network-based Anomaly Detection Methods Kaustubh Nyalkalkar, Sushant Sinha, Michael Bailey and Farnam Jahanian Electrical Engineering and Computer Science, University of Michigan,

More information

Machine Learning Approaches to Network Anomaly Detection

Machine Learning Approaches to Network Anomaly Detection Machine Learning Approaches to Network Anomaly Detection Tarem Ahmed, Boris Oreshkin and Mark Coates tarem.ahmed@mail.mcgill.ca, boris.oreshkin@mail.mcgill.ca, coates@ece.mcgill.ca USENIX SysML, Cambridge,

More information

Recovery of Low-Rank Plus Compressed Sparse Matrices with Application to Unveiling Traffic Anomalies

Recovery of Low-Rank Plus Compressed Sparse Matrices with Application to Unveiling Traffic Anomalies July 12, 212 Recovery of Low-Rank Plus Compressed Sparse Matrices with Application to Unveiling Traffic Anomalies Morteza Mardani Dept. of ECE, University of Minnesota, Minneapolis, MN 55455 Acknowledgments:

More information

Mining Anomalies Using Traffic Feature Distributions

Mining Anomalies Using Traffic Feature Distributions Boston University OpenBU Computer Science http://open.bu.edu CAS: Computer Science: Technical Reports 25--5 Mining Anomalies Using Traffic Feature Distributions Lakhina, Anukool Boston University Computer

More information

Using Degree Constrained Gravity Null-Models to understand the structure of journeys networks in Bicycle Sharing Systems.

Using Degree Constrained Gravity Null-Models to understand the structure of journeys networks in Bicycle Sharing Systems. Using Degree Constrained Gravity Null-Models to understand the structure of journeys networks in Bicycle Sharing Systems. Remy Cazabet1 and Pierre Borgnat 2 and Pablo Jensen2 1- Sorbonne Universites, UPMC

More information

Modeling of IP scanning activities with Hidden Markov Models: Darknet case study

Modeling of IP scanning activities with Hidden Markov Models: Darknet case study Modeling of IP scanning activities with Hidden Markov Models: Darknet case study Giulia De Santis, Abdelkader Lahmadi, Jerome Francois, Olivier Festor To cite this version: Giulia De Santis, Abdelkader

More information

Temporal Multi-View Inconsistency Detection for Network Traffic Analysis

Temporal Multi-View Inconsistency Detection for Network Traffic Analysis WWW 15 Florence, Italy Temporal Multi-View Inconsistency Detection for Network Traffic Analysis Houping Xiao 1, Jing Gao 1, Deepak Turaga 2, Long Vu 2, and Alain Biem 2 1 Department of Computer Science

More information

On Detecting Abrupt Changes in Network Entropy Time Series

On Detecting Abrupt Changes in Network Entropy Time Series On Detecting Abrupt Changes in Network Entropy Time Series Philipp Winter, Harald Lampesberger, Markus Zeilinger, and Eckehard Hermann Upper Austria University of Applied Sciences Department of Secure

More information

Spectral Methods for Subgraph Detection

Spectral Methods for Subgraph Detection Spectral Methods for Subgraph Detection Nadya T. Bliss & Benjamin A. Miller Embedded and High Performance Computing Patrick J. Wolfe Statistics and Information Laboratory Harvard University 12 July 2010

More information

Maximum Likelihood Estimation of the Flow Size Distribution Tail Index from Sampled Packet Data

Maximum Likelihood Estimation of the Flow Size Distribution Tail Index from Sampled Packet Data Maximum Likelihood Estimation of the Flow Size Distribution Tail Index from Sampled Packet Data Patrick Loiseau 1, Paulo Gonçalves 1, Stéphane Girard 2, Florence Forbes 2, Pascale Vicat-Blanc Primet 1

More information

Graph Clustering Algorithms

Graph Clustering Algorithms PhD Course on Graph Mining Algorithms, Università di Pisa February, 2018 Clustering: Intuition to Formalization Task Partition a graph into natural groups so that the nodes in the same cluster are more

More information

On efficient use of entropy centrality for social network analysis and community detection

On efficient use of entropy centrality for social network analysis and community detection On efficient use of entropy centrality for social network analysis and community detection ALEXANDER G. NIKOLAEV, RAIHAN RAZIB, ASHWIN KUCHERIYA PRESENTER: PRIYA BALACHANDRAN MARY ICSI 445/660 12/1/2015

More information

Impact of Packet Sampling on Portscan Detection

Impact of Packet Sampling on Portscan Detection Impact of Packet Sampling on Portscan Detection Jianning Mai, Student Member, IEEE, Ashwin Sridharan, Member, IEEE, Chen-Nee Chuah, Member, IEEE, Hui Zang, Senior Member, IEEE, and Tao Ye, Member, IEEE

More information

SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis

SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis SENATUS: An Approach to Joint Traffic Anomaly Detection and Root ause Analysis Atef Abdelkefi, Yuming Jiang, Sachin Sharma 2 NTNU - Norwegian University of Science and Technology, Norway. 2 NE Laboratories

More information

Invariant Scattering Convolution Networks

Invariant Scattering Convolution Networks Invariant Scattering Convolution Networks Joan Bruna and Stephane Mallat Submitted to PAMI, Feb. 2012 Presented by Bo Chen Other important related papers: [1] S. Mallat, A Theory for Multiresolution Signal

More information

Modeling Residual-Geometric Flow Sampling

Modeling Residual-Geometric Flow Sampling Modeling Residual-Geometric Flow Sampling Xiaoming Wang Joint work with Xiaoyong Li and Dmitri Loguinov Amazon.com Inc., Seattle, WA April 13 th, 2011 1 Agenda Introduction Underlying model of residual

More information

Theory and Methods for the Analysis of Social Networks

Theory and Methods for the Analysis of Social Networks Theory and Methods for the Analysis of Social Networks Alexander Volfovsky Department of Statistical Science, Duke University Lecture 1: January 16, 2018 1 / 35 Outline Jan 11 : Brief intro and Guest lecture

More information

Salt Dome Detection and Tracking Using Texture Analysis and Tensor-based Subspace Learning

Salt Dome Detection and Tracking Using Texture Analysis and Tensor-based Subspace Learning Salt Dome Detection and Tracking Using Texture Analysis and Tensor-based Subspace Learning Zhen Wang*, Dr. Tamir Hegazy*, Dr. Zhiling Long, and Prof. Ghassan AlRegib 02/18/2015 1 /42 Outline Introduction

More information

Entropy-based data organization tricks for browsing logs and packet captures

Entropy-based data organization tricks for browsing logs and packet captures Entropy-based data organization tricks for browsing logs and packet captures Department of Computer Science Dartmouth College Outline 1 Log browsing moves Pipes and tables Trees are better than pipes and

More information

Non-Gaussian and Long Memory Statistical Characterisations for Internet Traffic with Anomalies.

Non-Gaussian and Long Memory Statistical Characterisations for Internet Traffic with Anomalies. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. XX, NO. Y, OCTOBER 26, FOR PUBLICATION 1 Non-Gaussian and Long Memory Statistical Characterisations for Internet Traffic with Anomalies. A. Scherrer,

More information

Nonparametric Bayesian Matrix Factorization for Assortative Networks

Nonparametric Bayesian Matrix Factorization for Assortative Networks Nonparametric Bayesian Matrix Factorization for Assortative Networks Mingyuan Zhou IROM Department, McCombs School of Business Department of Statistics and Data Sciences The University of Texas at Austin

More information

Machine learning: lecture 20. Tommi S. Jaakkola MIT CSAIL

Machine learning: lecture 20. Tommi S. Jaakkola MIT CSAIL Machine learning: lecture 20 ommi. Jaakkola MI CAI tommi@csail.mit.edu opics Representation and graphical models examples Bayesian networks examples, specification graphs and independence associated distribution

More information

AFI (AVO Fluid Inversion)

AFI (AVO Fluid Inversion) AFI (AVO Fluid Inversion) Uncertainty in AVO: How can we measure it? Dan Hampson, Brian Russell Hampson-Russell Software, Calgary Last Updated: April 2005 Authors: Dan Hampson, Brian Russell 1 Overview

More information

Spatial analysis of dynamic movements of Vélo v, Lyon s shared bicycle program

Spatial analysis of dynamic movements of Vélo v, Lyon s shared bicycle program Noname manuscript No. (will be inserted by the editor) Spatial analysis of dynamic movements of Vélo v, Lyon s shared bicycle program Pierre Borgnat Eric Fleury Céline Robardet Antoine Scherrer Received:

More information

BasisDetect : A Model-based Network Event Detection Framework

BasisDetect : A Model-based Network Event Detection Framework BasisDetect : A Model-based Network Event Detection Framework Brian Eriksson UW-Madison bceriksson@wisc.edu Nick Duffield AT&T Research duffield@research.att.com Paul Barford UW-Madison and Nemean Networks

More information

Lesson 3-6: Compound Inequalities Name:

Lesson 3-6: Compound Inequalities Name: Lesson 3-6: Compound Inequalities Name: W hen people plan a house, they often have many requirements in mind that can be written as inequalities. Such requirements could be the dimensions of rooms or the

More information

The weighted spectral distribution; A graph metric with applications. Dr. Damien Fay. SRG group, Computer Lab, University of Cambridge.

The weighted spectral distribution; A graph metric with applications. Dr. Damien Fay. SRG group, Computer Lab, University of Cambridge. The weighted spectral distribution; A graph metric with applications. Dr. Damien Fay. SRG group, Computer Lab, University of Cambridge. A graph metric: motivation. Graph theory statistical modelling Data

More information

Anomaly Detection for the CERN Large Hadron Collider injection magnets

Anomaly Detection for the CERN Large Hadron Collider injection magnets Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU Leuven - Department of Computer Science In cooperation with CERN 2018-07-27 0 Outline 1 Context 2 Data 3 Preprocessing

More information

Roberto Perdisci^+, Guofei Gu^, Wenke Lee^ presented by Roberto Perdisci. ^Georgia Institute of Technology, Atlanta, GA, USA

Roberto Perdisci^+, Guofei Gu^, Wenke Lee^ presented by Roberto Perdisci. ^Georgia Institute of Technology, Atlanta, GA, USA U s i n g a n E n s e m b l e o f O n e - C l a s s S V M C l a s s i f i e r s t o H a r d e n P a y l o a d - B a s e d A n o m a l y D e t e c t i o n S y s t e m s Roberto Perdisci^+, Guofei Gu^, Wenke

More information

Comparing linear modularization criteria using the relational notation

Comparing linear modularization criteria using the relational notation Comparing linear modularization criteria using the relational notation Université Pierre et Marie Curie Laboratoire de Statistique Théorique et Appliquée April 30th, 2014 1/35 Table of contents 1 Introduction

More information

Observed structure of addresses in IP traffic

Observed structure of addresses in IP traffic Observed structure of addresses in IP traffic Eddie Kohler, Jinyang Li, Vern Paxson, Scott Shenker ICSI Center for Internet Research Thanks to David Donoho and Dick Karp Problem How can we model the set

More information

P1.20 AN ANALYSIS OF SYNOPTIC PATTERNS ASSOCIATED WITH STRONG NORTH TEXAS COLD FRONTS DURING THE COLD SEASON

P1.20 AN ANALYSIS OF SYNOPTIC PATTERNS ASSOCIATED WITH STRONG NORTH TEXAS COLD FRONTS DURING THE COLD SEASON P1.20 AN ANALYSIS OF SYNOPTIC PATTERNS ASSOCIATED WITH STRONG NORTH TEXAS COLD FRONTS DURING THE 2005-06 COLD SEASON Stacie Hanes* and Gregory R. Patrick NOAA/NWS Weather Forecast Office Fort Worth, TX

More information

Unsupervised Anomaly Detection for High Dimensional Data

Unsupervised Anomaly Detection for High Dimensional Data Unsupervised Anomaly Detection for High Dimensional Data Department of Mathematics, Rowan University. July 19th, 2013 International Workshop in Sequential Methodologies (IWSM-2013) Outline of Talk Motivation

More information

Solution Choose several values for x, and find the corresponding values of (x), or y.

Solution Choose several values for x, and find the corresponding values of (x), or y. Example 1 GRAPHING FUNCTIONS OF THE FORM (x) = ax n Graph the function. 3 a. f ( x) x Solution Choose several values for x, and find the corresponding values of (x), or y. f ( x) x 3 x (x) 2 8 1 1 0 0

More information

Deep Learning for Gravitational Wave Analysis Results with LIGO Data

Deep Learning for Gravitational Wave Analysis Results with LIGO Data Link to these slides: http://tiny.cc/nips arxiv:1711.03121 Deep Learning for Gravitational Wave Analysis Results with LIGO Data Daniel George & E. A. Huerta NCSA Gravity Group - http://gravity.ncsa.illinois.edu/

More information

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel OPEN ACCESS Conference Proceedings Paper Entropy www.sciforum.net/conference/ecea-1 Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis

More information

Internet Traffic Mid-Term Forecasting: a Pragmatic Approach using Statistical Analysis Tools

Internet Traffic Mid-Term Forecasting: a Pragmatic Approach using Statistical Analysis Tools Internet Traffic Mid-Term Forecasting: a Pragmatic Approach using Statistical Analysis Tools Rachel Babiarz Jean-Sebastien Bedo France Telecom R&D Division, Innovation Economics Laboratory, 38-40 rue du

More information

Hybrid Isolation Forest - Application to Intrusion Detection

Hybrid Isolation Forest - Application to Intrusion Detection Hybrid Isolation Forest - Application to Intrusion Detection Pierre-François Marteau, Saeid Soheily-Khah, Nicolas Béchet To cite this version: Pierre-François Marteau, Saeid Soheily-Khah, Nicolas Béchet.

More information

Pulse characterization with Wavelet transforms combined with classification using binary arrays

Pulse characterization with Wavelet transforms combined with classification using binary arrays Pulse characterization with Wavelet transforms combined with classification using binary arrays Overview Wavelet Transformation Creating binary arrays out of and how to deal with them An estimator for

More information

SPLITTING AND MERGING OF PACKET TRAFFIC: MEASUREMENT AND MODELLING

SPLITTING AND MERGING OF PACKET TRAFFIC: MEASUREMENT AND MODELLING SPLITTING AND MERGING OF PACKET TRAFFIC: MEASUREMENT AND MODELLING Nicolas Hohn 1 Darryl Veitch 1 Tao Ye 2 1 CUBIN, Department of Electrical & Electronic Engineering University of Melbourne, Vic 3010 Australia

More information

Random Field Models for Applications in Computer Vision

Random Field Models for Applications in Computer Vision Random Field Models for Applications in Computer Vision Nazre Batool Post-doctorate Fellow, Team AYIN, INRIA Sophia Antipolis Outline Graphical Models Generative vs. Discriminative Classifiers Markov Random

More information

Machine Learning, Midterm Exam

Machine Learning, Midterm Exam 10-601 Machine Learning, Midterm Exam Instructors: Tom Mitchell, Ziv Bar-Joseph Wednesday 12 th December, 2012 There are 9 questions, for a total of 100 points. This exam has 20 pages, make sure you have

More information

Gaussian Traffic Revisited

Gaussian Traffic Revisited Gaussian Traffic Revisited Ricardo de O. Schmidt, Ramin Sadre, Aiko Pras University of Twente, The Netherlands Email: {r.schmidt, a.pras}@utwente.nl Aalborg University, Denmark Email: rsadre@cs.aau.dk

More information

An Information-Theoretic Measure of Intrusion Detection Capability

An Information-Theoretic Measure of Intrusion Detection Capability An Information-Theoretic Measure of Intrusion Detection Capability Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee College of Computing, Georgia Institute of Technology, Atlanta GA 3332 {guofei,prahlad,dagon,wenke}@cc.gatech.edu

More information

Strip, Bind, and Search: A Method for Identifying Abnormal Energy Consumption in Buildings

Strip, Bind, and Search: A Method for Identifying Abnormal Energy Consumption in Buildings Strip, Bind, and Search: A Method for Identifying Abnormal Energy Consumption in Buildings Romain Fontugne 1,5, Jorge Ortiz, Nicolas Tremblay 3, Pierre Borgnat 3 Patrick Flandrin 3, Kensuke Fukuda 4, David

More information

The Trouble with Community Detection

The Trouble with Community Detection The Trouble with Community Detection Aaron Clauset Santa Fe Institute 7 April 2010 Nonlinear Dynamics of Networks Workshop U. Maryland, College Park Thanks to National Science Foundation REU Program James

More information

An IDS Visualization System for Anomalous Warning Events

An IDS Visualization System for Anomalous Warning Events International Journal of Networked and Distributed Computing, Vol. 2, No. 1 (January 2014), 45-53 An IDS Visualization System for Anomalous Warning Events Satoshi Kimura 1 Hiroyuki Inaba 2 1 Computer Science,

More information

Uncovering the Digital Divide and the Physical Divide in Senegal Using Mobile Phone Data

Uncovering the Digital Divide and the Physical Divide in Senegal Using Mobile Phone Data Uncovering the Digital Divide and the Physical Divide in Senegal Using Mobile Phone Data Song Gao, Bo Yan, Li Gong, Blake Regalia, Yiting Ju, Yingjie Hu STKO Lab, Department of Geography, University of

More information

WAVELET DOMAIN BOOTSTRAP FOR TESTING THE EQUALITY OF BIVARIATE SELF-SIMILARITY EXPONENTS

WAVELET DOMAIN BOOTSTRAP FOR TESTING THE EQUALITY OF BIVARIATE SELF-SIMILARITY EXPONENTS WAVELET DOMAIN BOOTSTRAP FOR TESTING THE EQUALITY OF BIVARIATE SELF-SIMILARITY EXPONENTS Herwig Wendt, Patrice Abry, Gustavo Didier 3 IRIT, CNRS (UMR 555), Université de Toulouse, France. Univ Lyon, Ens

More information

Chapter 2 Polynomial and Rational Functions

Chapter 2 Polynomial and Rational Functions Chapter 2 Polynomial and Rational Functions Overview: 2.2 Polynomial Functions of Higher Degree 2.3 Real Zeros of Polynomial Functions 2.4 Complex Numbers 2.5 The Fundamental Theorem of Algebra 2.6 Rational

More information

Mice and Elephants Visualization of Internet

Mice and Elephants Visualization of Internet Mice and Elephants Visualization of Internet Traffic J. S. Marron, Felix Hernandez-Campos 2 and F. D. Smith 2 School of Operations Research and Industrial Engineering, Cornell University, Ithaca, NY, 4853,

More information

Comparing Robustness of Pairwise and Multiclass Neural-Network Systems for Face Recognition

Comparing Robustness of Pairwise and Multiclass Neural-Network Systems for Face Recognition Comparing Robustness of Pairwise and Multiclass Neural-Network Systems for Face Recognition J. Uglov, V. Schetinin, C. Maple Computing and Information System Department, University of Bedfordshire, Luton,

More information

Anomaly Detection. Jing Gao. SUNY Buffalo

Anomaly Detection. Jing Gao. SUNY Buffalo Anomaly Detection Jing Gao SUNY Buffalo 1 Anomaly Detection Anomalies the set of objects are considerably dissimilar from the remainder of the data occur relatively infrequently when they do occur, their

More information

Sequential Anomaly Detection in Wireless Sensor Networks and Effects of Long-Range Dependent Data

Sequential Anomaly Detection in Wireless Sensor Networks and Effects of Long-Range Dependent Data This article was downloaded by: [Nationwide Childrens Hospital], [John Baras] On: 16 October 2012, At: 19:28 Publisher: Taylor & Francis Informa Ltd Registered in England and Wales Registered Number: 1072954

More information

Asymptotic Modularity of some Graph Classes

Asymptotic Modularity of some Graph Classes Asymptotic Modularity of some Graph Classes Fabien de Montgolfier 1, Mauricio Soto 1, and Laurent Viennot 2 1 LIAFA, UMR 7089 CNRS - Université Paris Diderot. 2 INRIA and Université Paris Diderot fm@liafa.jussieu.fr

More information

Measurements made for web data, media (IP Radio and TV, BBC Iplayer: Port 80 TCP) and VoIP (Skype: Port UDP) traffic.

Measurements made for web data, media (IP Radio and TV, BBC Iplayer: Port 80 TCP) and VoIP (Skype: Port UDP) traffic. Real time statistical measurements of IPT(Inter-Packet time) of network traffic were done by designing and coding of efficient measurement tools based on the Libpcap package. Traditional Approach of measuring

More information

p(d θ ) l(θ ) 1.2 x x x

p(d θ ) l(θ ) 1.2 x x x p(d θ ).2 x 0-7 0.8 x 0-7 0.4 x 0-7 l(θ ) -20-40 -60-80 -00 2 3 4 5 6 7 θ ˆ 2 3 4 5 6 7 θ ˆ 2 3 4 5 6 7 θ θ x FIGURE 3.. The top graph shows several training points in one dimension, known or assumed to

More information

A signal processing approach to anomaly detection in networks. Kavé Salamatian Université de Savoie

A signal processing approach to anomaly detection in networks. Kavé Salamatian Université de Savoie A signal processing approach to anomaly detection in networks Kavé Salamatian Université de Savoie Acknowledgements Coauthors Daniela Brauckhoff, Martin May, Nahur Fonseca, Mark Crovella, Nina Taft, Augustin

More information

Statistical Filters for Crowd Image Analysis

Statistical Filters for Crowd Image Analysis Statistical Filters for Crowd Image Analysis Ákos Utasi, Ákos Kiss and Tamás Szirányi Distributed Events Analysis Research Group, Computer and Automation Research Institute H-1111 Budapest, Kende utca

More information

Predictability of the Stratospheric Polar Vortex Breakdown

Predictability of the Stratospheric Polar Vortex Breakdown International Symposium on the Whole Atmosphere (ISWA) Session 4: Sudden stratospheric warming and SSW-initiated global coupling 14 September 2016 @ Ito Hall, The University of Tokyo Predictability of

More information

Adaptive Multi-Modal Sensing of General Concealed Targets

Adaptive Multi-Modal Sensing of General Concealed Targets Adaptive Multi-Modal Sensing of General Concealed argets Lawrence Carin Balaji Krishnapuram, David Williams, Xuejun Liao and Ya Xue Department of Electrical & Computer Engineering Duke University Durham,

More information

Consensus Algorithms for Camera Sensor Networks. Roberto Tron Vision, Dynamics and Learning Lab Johns Hopkins University

Consensus Algorithms for Camera Sensor Networks. Roberto Tron Vision, Dynamics and Learning Lab Johns Hopkins University Consensus Algorithms for Camera Sensor Networks Roberto Tron Vision, Dynamics and Learning Lab Johns Hopkins University Camera Sensor Networks Motes Small, battery powered Embedded camera Wireless interface

More information

Incremental Pattern Discovery on Streams, Graphs and Tensors

Incremental Pattern Discovery on Streams, Graphs and Tensors Incremental Pattern Discovery on Streams, Graphs and Tensors Jimeng Sun Thesis Committee: Christos Faloutsos Tom Mitchell David Steier, External member Philip S. Yu, External member Hui Zhang Abstract

More information

Power Supply Quality Analysis Using S-Transform and SVM Classifier

Power Supply Quality Analysis Using S-Transform and SVM Classifier Journal of Power and Energy Engineering, 2014, 2, 438-447 Published Online April 2014 in SciRes. http://www.scirp.org/journal/jpee http://dx.doi.org/10.4236/jpee.2014.24059 Power Supply Quality Analysis

More information

Map Matching Algorithms in GPS Navigating System and Their Functions

Map Matching Algorithms in GPS Navigating System and Their Functions Map Matching Algorithms in GPS Navigating System and Their Functions Abstract R.Kamalambal (M.Phil. Student) Department of computer science & Technology Kajamalai Campus, Bharathidasan University, Trichy,

More information

Physical Science Packet Chapter 15: Composition of Matter

Physical Science Packet Chapter 15: Composition of Matter Physical Science Packet Chapter 15: Composition of Matter Name: Due: Date of Chapter 15 Test 1 Composition of Matter Study Guide Major topics on the test will include: A. Pure Substance vs. Mixtures a.

More information

Dynamic Data Modeling, Recognition, and Synthesis. Rui Zhao Thesis Defense Advisor: Professor Qiang Ji

Dynamic Data Modeling, Recognition, and Synthesis. Rui Zhao Thesis Defense Advisor: Professor Qiang Ji Dynamic Data Modeling, Recognition, and Synthesis Rui Zhao Thesis Defense Advisor: Professor Qiang Ji Contents Introduction Related Work Dynamic Data Modeling & Analysis Temporal localization Insufficient

More information

Manifold Coarse Graining for Online Semi-supervised Learning

Manifold Coarse Graining for Online Semi-supervised Learning for Online Semi-supervised Learning Mehrdad Farajtabar, Amirreza Shaban, Hamid R. Rabiee, Mohammad H. Rohban Digital Media Lab, Department of Computer Engineering, Sharif University of Technology, Tehran,

More information

Not All Apps Are Created Equal:

Not All Apps Are Created Equal: Not All Apps Are Created Equal: Analysis of Spatiotemporal Heterogeneity in Nationwide Mobile Service Usage Cristina Marquez and Marco Gramaglia (Universidad Carlos III de Madrid); Marco Fiore (CNR-IEIIT);

More information

SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS. Eva L. Dyer, Christoph Studer, Richard G. Baraniuk

SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS. Eva L. Dyer, Christoph Studer, Richard G. Baraniuk SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS Eva L. Dyer, Christoph Studer, Richard G. Baraniuk Rice University; e-mail: {e.dyer, studer, richb@rice.edu} ABSTRACT Unions of subspaces have recently been

More information

Towards a Universal Sketch for Origin-Destination Network Measurements

Towards a Universal Sketch for Origin-Destination Network Measurements Towards a Universal Sketch for Origin-Destination Network Measurements Haiquan (Chuck) Zhao 1, Nan Hua 1, Ashwin Lall 2, Ping Li 3, Jia Wang 4, and Jun (Jim) Xu 5 1 Georgia Tech {chz,nanhua,jx}@cc.gatech.edu,

More information

An Overview of Traffic Matrix Estimation Methods

An Overview of Traffic Matrix Estimation Methods An Overview of Traffic Matrix Estimation Methods Nina Taft Berkeley www.intel.com/research Problem Statement 1 st generation solutions 2 nd generation solutions 3 rd generation solutions Summary Outline

More information

EXAM IN STATISTICAL MACHINE LEARNING STATISTISK MASKININLÄRNING

EXAM IN STATISTICAL MACHINE LEARNING STATISTISK MASKININLÄRNING EXAM IN STATISTICAL MACHINE LEARNING STATISTISK MASKININLÄRNING DATE AND TIME: June 9, 2018, 09.00 14.00 RESPONSIBLE TEACHER: Andreas Svensson NUMBER OF PROBLEMS: 5 AIDING MATERIAL: Calculator, mathematical

More information

Boosting: Algorithms and Applications

Boosting: Algorithms and Applications Boosting: Algorithms and Applications Lecture 11, ENGN 4522/6520, Statistical Pattern Recognition and Its Applications in Computer Vision ANU 2 nd Semester, 2008 Chunhua Shen, NICTA/RSISE Boosting Definition

More information

RTM: Laws and a Recursive Generator for Weighted Time-Evolving Graphs

RTM: Laws and a Recursive Generator for Weighted Time-Evolving Graphs RTM: Laws and a Recursive Generator for Weighted Time-Evolving Graphs Leman Akoglu Mary McGlohon Christos Faloutsos Carnegie Mellon University, School of Computer Science {lakoglu, mmcgloho, christos}@cs.cmu.edu

More information

SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS. Eva L. Dyer, Christoph Studer, Richard G. Baraniuk. ECE Department, Rice University, Houston, TX

SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS. Eva L. Dyer, Christoph Studer, Richard G. Baraniuk. ECE Department, Rice University, Houston, TX SUBSPACE CLUSTERING WITH DENSE REPRESENTATIONS Eva L. Dyer, Christoph Studer, Richard G. Baraniuk ECE Department, Rice University, Houston, TX ABSTRACT Unions of subspaces have recently been shown to provide

More information

Graphing Rational Functions KEY. (x 4) (x + 2) Factor denominator. y = 0 x = 4, x = -2

Graphing Rational Functions KEY. (x 4) (x + 2) Factor denominator. y = 0 x = 4, x = -2 6 ( 6) Factor numerator 1) f ( ) 8 ( 4) ( + ) Factor denominator n() is of degree: 1 -intercepts: d() is of degree: 6 y 0 4, - Plot the -intercepts. Draw the asymptotes with dotted lines. Then perform

More information

Feature Engineering, Model Evaluations

Feature Engineering, Model Evaluations Feature Engineering, Model Evaluations Giri Iyengar Cornell University gi43@cornell.edu Feb 5, 2018 Giri Iyengar (Cornell Tech) Feature Engineering Feb 5, 2018 1 / 35 Overview 1 ETL 2 Feature Engineering

More information

The non-backtracking operator

The non-backtracking operator The non-backtracking operator Florent Krzakala LPS, Ecole Normale Supérieure in collaboration with Paris: L. Zdeborova, A. Saade Rome: A. Decelle Würzburg: J. Reichardt Santa Fe: C. Moore, P. Zhang Berkeley:

More information

Discriminative Direction for Kernel Classifiers

Discriminative Direction for Kernel Classifiers Discriminative Direction for Kernel Classifiers Polina Golland Artificial Intelligence Lab Massachusetts Institute of Technology Cambridge, MA 02139 polina@ai.mit.edu Abstract In many scientific and engineering

More information

HYPERGRAPH BASED SEMI-SUPERVISED LEARNING ALGORITHMS APPLIED TO SPEECH RECOGNITION PROBLEM: A NOVEL APPROACH

HYPERGRAPH BASED SEMI-SUPERVISED LEARNING ALGORITHMS APPLIED TO SPEECH RECOGNITION PROBLEM: A NOVEL APPROACH HYPERGRAPH BASED SEMI-SUPERVISED LEARNING ALGORITHMS APPLIED TO SPEECH RECOGNITION PROBLEM: A NOVEL APPROACH Hoang Trang 1, Tran Hoang Loc 1 1 Ho Chi Minh City University of Technology-VNU HCM, Ho Chi

More information

Chapter 6: Securing neighbor discovery

Chapter 6: Securing neighbor discovery Securit and Cooperation in Wireless Networks http://secowinet.epfl.ch/ the wormhole attack; centralized and decentralized wormhole detection mechanisms; 007 Levente Buttán and Jean-Pierre Hubau Introduction

More information

Computer Science Department

Computer Science Department Computer Science Department Technical Report NWU-CS-- January, Network Traffic Analysis, Classification, and Prediction Yi Qiao Peter Dinda Abstract This paper describes a detailed study of aggregated

More information

Physics 1021 Experiment 1. Introduction to Simple Harmonic Motion

Physics 1021 Experiment 1. Introduction to Simple Harmonic Motion 1 Physics 1021 Introduction to Simple Harmonic Motion 2 Introduction to SHM Objectives In this experiment you will determine the force constant of a spring. You will measure the period of simple harmonic

More information

A Robust Anomaly Detection Technique Using Combined Statistical Methods

A Robust Anomaly Detection Technique Using Combined Statistical Methods A Robust Anomaly Detection Technique Using Combined Statistical Methods Joseph Ndong, Kavé Salamatian To cite this version: Joseph Ndong, Kavé Salamatian. A Robust Anomaly Detection Technique Using Combined

More information

Cheng Soon Ong & Christian Walder. Canberra February June 2018

Cheng Soon Ong & Christian Walder. Canberra February June 2018 Cheng Soon Ong & Christian Walder Research Group and College of Engineering and Computer Science Canberra February June 2018 Outlines Overview Introduction Linear Algebra Probability Linear Regression

More information

Data Mining and Classification for Traffic Systems using Genetic Network Programming

Data Mining and Classification for Traffic Systems using Genetic Network Programming Data Mining and Classification for Traffic Systems using Genetic Network Programming ZHOU, Huiyu February 2011 Waseda University Doctoral Dissertation Data Mining and Classification for Traffic Systems

More information

[11] [3] [1], [12] HITS [4] [2] k-means[9] 2 [11] [3] [6], [13] 1 ( ) k n O(n k ) 1 2

[11] [3] [1], [12] HITS [4] [2] k-means[9] 2 [11] [3] [6], [13] 1 ( ) k n O(n k ) 1 2 情報処理学会研究報告 1,a) 1 1 2 IT Clustering by Clique Enumeration and Data Cleaning like Method Abstract: Recent development on information technology has made bigdata analysis more familiar in research and industrial

More information

Anomaly Detection for SOME/IP using Complex Event Processing

Anomaly Detection for SOME/IP using Complex Event Processing Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM) Anomaly Detection for SOME/IP using Complex Event Processing Nadine Herold, Stephan-A. Posselt,

More information

Adaptive Learning and Mining for Data Streams and Frequent Patterns

Adaptive Learning and Mining for Data Streams and Frequent Patterns Adaptive Learning and Mining for Data Streams and Frequent Patterns Albert Bifet Laboratory for Relational Algorithmics, Complexity and Learning LARCA Departament de Llenguatges i Sistemes Informàtics

More information

Feature Extraction and Image Processing

Feature Extraction and Image Processing Feature Extraction and Image Processing Second edition Mark S. Nixon Alberto S. Aguado :*авш JBK IIP AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Streaming multiscale anomaly detection

Streaming multiscale anomaly detection Streaming multiscale anomaly detection DATA-ENS Paris and ThalesAlenia Space B Ravi Kiran, Université Lille 3, CRISTaL Joint work with Mathieu Andreux beedotkiran@gmail.com June 20, 2017 (CRISTaL) Streaming

More information

Better restore the recto side of a document with an estimation of the verso side: Markov model and inference with graph cuts

Better restore the recto side of a document with an estimation of the verso side: Markov model and inference with graph cuts June 23 rd 2008 Better restore the recto side of a document with an estimation of the verso side: Markov model and inference with graph cuts Christian Wolf Laboratoire d InfoRmatique en Image et Systèmes

More information

Basic Equations and Inequalities. An equation is a statement that the values of two expressions are equal.

Basic Equations and Inequalities. An equation is a statement that the values of two expressions are equal. Hartfield College Algebra (Version 2018 - Thomas Hartfield) Unit ZERO Page - 1 - of 7 Topic 0: Definition: Ex. 1 Basic Equations and Inequalities An equation is a statement that the values of two expressions

More information

Recent Advances in Bayesian Inference Techniques

Recent Advances in Bayesian Inference Techniques Recent Advances in Bayesian Inference Techniques Christopher M. Bishop Microsoft Research, Cambridge, U.K. research.microsoft.com/~cmbishop SIAM Conference on Data Mining, April 2004 Abstract Bayesian

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback