TY - GEN
T1 - Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis
AU - Segal, Yoram
AU - Vilenchik, Dan
AU - Hadar, Ofer
N1 - Funding Information:
This work was supported by the Israel Innovation Authority (Formerly the Office of the Chief Scientist and MATIMOP).
Publisher Copyright:
© 2018, Springer International Publishing AG, part of Springer Nature.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.
AB - Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.
KW - Anomaly detection
KW - Data mining
KW - Machine learning
KW - PCA
UR - http://www.scopus.com/inward/record.url?scp=85049028244&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-94147-9_6
DO - 10.1007/978-3-319-94147-9_6
M3 - Conference contribution
AN - SCOPUS:85049028244
SN - 9783319941462
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 68
EP - 83
BT - Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings
A2 - Dinur, Itai
A2 - Dolev, Shlomi
A2 - Lodha, Sachin
PB - Springer Verlag
T2 - 2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018
Y2 - 21 June 2018 through 22 June 2018
ER -