In this paper we present a distributed mechanism based on Principal Component Analysis (PCA) to profile the behavior of the legitimate users in telephone networks. The idea is to take advantage of probes distributed over the network to obtain a compact snapshot of the users they serve. A collector node effectively combines such information to gather the description of the legitimate-user behavior. Eventually, it distributes the profile to the probes, which perform anomaly detection. Experimental results on several weeks of phone data collected by a telecom operator show that our profiling mechanism is stable over time and allows an operator to decentralize the anomaly detection stage directly to its probes. Furthermore, when compared to a centralized-PCA approach, our technique has the advantage of preventing the creation of polluted profiles, since it avoids that widespread anomalies, which are localized within one (or few) probes, enter into the description of the legitimate-user behavior. © 2012 IEEE.

Distributed PCA-based anomaly detection in telephone networks through legitimate-user profiling

CALLEGARI, CHRISTIAN
2012-01-01

Abstract

In this paper we present a distributed mechanism based on Principal Component Analysis (PCA) to profile the behavior of the legitimate users in telephone networks. The idea is to take advantage of probes distributed over the network to obtain a compact snapshot of the users they serve. A collector node effectively combines such information to gather the description of the legitimate-user behavior. Eventually, it distributes the profile to the probes, which perform anomaly detection. Experimental results on several weeks of phone data collected by a telecom operator show that our profiling mechanism is stable over time and allows an operator to decentralize the anomaly detection stage directly to its probes. Furthermore, when compared to a centralized-PCA approach, our technique has the advantage of preventing the creation of polluted profiles, since it avoids that widespread anomalies, which are localized within one (or few) probes, enter into the description of the legitimate-user behavior. © 2012 IEEE.
2012
9781457720529
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/811856
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact