HUMAN - Hierarchical Clustering forUnsupervised Anomaly Detection & Interpretation

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F20%3A00342469" target="_blank" >RIV/68407700:21230/20:00342469 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/NoF50125.2020.9249194" target="_blank" >https://doi.org/10.1109/NoF50125.2020.9249194</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NoF50125.2020.9249194" target="_blank" >10.1109/NoF50125.2020.9249194</a>

Jazyk výsledku

angličtina

Název v původním jazyce

HUMAN - Hierarchical Clustering forUnsupervised Anomaly Detection & Interpretation

Popis výsledku v původním jazyce

The automatic detection and interpretation of network traffic anomalies through machine learning is a well-known problem, for which no general solution is available. Both supervised and unsupervised (i.e., anomaly detection) approaches require prior knowledge on the monitoring data, either in terms of normal operation profiles or on the specific anomalies to detect. As a consequence, both approaches have clear limitations when it comes to detecting, and in particular interpreting, previously unseen events. We present HUMAN, a general hierarchical-clustering-based approach for unsupervised network traffic analysis, which can both detect and interpret anomalous behaviors ina completely black-box manner, without relying on any ground-truth on the system under analysis. HUMAN can detect and interpret complex patterns in the analyzed data, using a structural approach which exploits hierarchical cluster relationships and correlations among features. We describe the building blocks of HUMAN and explain its functioning in detail, using as case study the detection and interpretation of performance issues in major cloud platforms, through the unsupervised analysis of distributed active cloud latency measurements. The HUMAN approach can be applied to the unsupervised analysis of any kind of nested or hierarchically structured multi-dimensional data, showing the potential of hierarchical clustering for general unsupervised data analytics.

Název v anglickém jazyce

HUMAN - Hierarchical Clustering forUnsupervised Anomaly Detection & Interpretation

Popis výsledku anglicky

The automatic detection and interpretation of network traffic anomalies through machine learning is a well-known problem, for which no general solution is available. Both supervised and unsupervised (i.e., anomaly detection) approaches require prior knowledge on the monitoring data, either in terms of normal operation profiles or on the specific anomalies to detect. As a consequence, both approaches have clear limitations when it comes to detecting, and in particular interpreting, previously unseen events. We present HUMAN, a general hierarchical-clustering-based approach for unsupervised network traffic analysis, which can both detect and interpret anomalous behaviors ina completely black-box manner, without relying on any ground-truth on the system under analysis. HUMAN can detect and interpret complex patterns in the analyzed data, using a structural approach which exploits hierarchical cluster relationships and correlations among features. We describe the building blocks of HUMAN and explain its functioning in detail, using as case study the detection and interpretation of performance issues in major cloud platforms, through the unsupervised analysis of distributed active cloud latency measurements. The HUMAN approach can be applied to the unsupervised analysis of any kind of nested or hierarchically structured multi-dimensional data, showing the potential of hierarchical clustering for general unsupervised data analytics.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

11th International Conference on Networks of the Future (NoF 2020)

ISBN

978-1-7281-8055-7

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

132-140

Název nakladatele

IEEE

Místo vydání

St. Paul, Minnesota

Místo konání akce

Bordeaux

Datum konání akce

12. 10. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—