6533b7d3fe1ef96bd12613c5

RESEARCH PRODUCT

Using affinity perturbations to detect web traffic anomalies

Amir AverbuchGil ShabatYaniv ShmueliTuomo Sipola

subject

diffuusiokarttaulottuvuuden pienennysweb trafficverkkoliikenneeigenvalue problemdiffusion mapsominaisarvo-ongelmaperturbaatioteoriaanomaly detectionpoikkeavuuden havaitseminenperturbation theorydimensionality reduction

description

The initial training phase of machine learning algorithms is usually computationally expensive as it involves the processing of huge matrices. Evolving datasets are challenging from this point of view because changing behavior requires updating the training. We propose a method for updating the training profile efficiently and a sliding window algorithm for online processing of the data in smaller fractions. This assumes the data is modeled by a kernel method that includes spectral decomposition. We demonstrate the algorithm with a web server request log where an actual intrusion attack is known to happen. Updating the kernel dynamically using a sliding window technique, prevents the problem of single initial training and can process evolving datasets more efficiently. peerReviewed

yearjournalcountryeditionlanguage
2013-09-09
http://urn.fi/URN:NBN:fi:jyu-201402051189