Professional Documents
Culture Documents
Taxonomy of Anomaly Detection
Taxonomy of Anomaly Detection
• Univariate methods are simpler, so they are easier to scale to many metrics
and large datasets. However, someone would then need to unravel the
causal relationships between the anomalies in the resulting alert storm.
• This approach also produces anomaly alerts. These are hard to interpret
because all the metrics are inputs that generate a single output from the
anomaly detection system.
Knowledge-based techniques
• This group of techniques is also referred to as an expert system method.
This approach requires creating a knowledge base which reflects the
legitimate traffic profile.
• Unlike the other classes of AIDS, the standard profile model is normally
created based on human knowledge, in terms of a set of rules that try to
define normal system activity.