System and method for anomaly detection
A system and method for detecting one or more anomalies in a plurality of observations is provided. In one illustrative embodiment, the observations are real-time network observations collected from a stream of network traffic. The method includes performing a discrete decomposition of the observations, and introducing derived variables to increase storage and query efficiencies. A mathematical model, such as a conditional independence model, is then generated from the formatted data. The formatted data is also used to construct frequency tables which maintain an accurate count of specific variable occurrence as indicated by the model generation process. The formatted data is then applied to the mathematical model to generate scored data. The scored data is then analyzed to detect anomalies.
- Research Organization:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- Assignee:
- Battelle Memorial Institute (Richland, WA)
- Patent Number(s):
- 7,739,082
- Application Number:
- 11/423,046
- OSTI ID:
- 1176372
- Country of Publication:
- United States
- Language:
- English
Similar Records
Anomaly Detection in Dynamic Networks
Real-time detection and classification of anomalous events in streaming data