Dtrigger
From RAD Lab
D-Trigger: A General Framework for Efficient Online Detection
- Students:
- Ling Huang
- XuanLong Nguyen
- Faculty:
- Joseph M. Hellerstein
- Michael I. Jordan
- Anthony D. Joseph
- Industry Researchers:
- Minos Garofalakis
- Nina Taft
Overview:
D-Trigger addresses the lack of efficiency and flexibility in today's distributed monitoring and anomaly detection systems.
Today's large-scale distributed monitoring systems deploy monitor
sensors throughout the network to monitor local network status and
continuously generate large set of widely distributed data streams. They
periodically push all data to a Network Operation Center (NOC) for
sophisticated analysis and anomaly detection. However, such a periodic
pushing approach suffers from scalability limitations: When the
detection time goes to a sub-second time scale, coupling with an order of
magnitude (or more) increase in monitors, the volume of data collected
could explode, and would overload the central processing site and
saturated the network links for many production networks.
D-Trigger is a general framework for distributed monitoring systems
which allows the graceful integration of varied optimization algorithms.
D-Trigger is designed with focus on data collection for anomaly
detection, and bridges together the best techniques from continuously
data streaming, online machine learning and distributed signal
processing. D-Trigger involves in-network processing at distributed
local sites, and decision making at the NOC. The combination of
distributed local processing strategies, sophisticated detection
algorithms, and theoretical analysis tools enable D-Trigger to perform
in-network tracking which achieves high detection accuracy with low
communication overhead. In addition, D-Trigger is able to accommodate a
broad set of machine learning algorithms for the detection of various
unusual events, including botnet attack, volume anomaly on ISP network,
powergrid outage, etc.
D-Trigger consists of following three projects:
