@article {119, title = {In-Network PCA and Anomaly Detection}, year = {2007}, month = {01/2007}, institution = {U.C. Berkeley}, type = {Technical Support}, address = {Berkeley, CA}, abstract = {We consider the problem of network anomaly detection in large distributed systems. In this setting, Principal Component Analysis (PCA) has been proposed as a method for discovering anomalies by continuously tracking the projection of the data onto a residual subspace. This method was shown to work well empirically in highly aggregated networks, that is, those with a limited number of large nodes and at coarse time scales. This approach, however, has scalability limitations. To overcome these limitations, we develop a PCA-based anomaly detector in which adaptive local data filters send to a coordinator just enough data to enable accurate global detection. Our method is based on a stochastic matrix perturbation analysis that characterizes the tradeoff between the accuracy of anomaly detection and the amount of data communicated over the network.}, url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-10.pdf}, author = {Ling Huang and Xuanlong Nguyen and Minos Garofalakis and Michael Jordan and Anthony Joseph and Nina Taft} }