SlideShare a Scribd company logo

Anomaly Detection by Mean and Standard Deviation (LT at AQ)

Download as PPTX, PDF
Yoshihiro Iwanaga, profile picture
Yoshihiro Iwanaga

The document discusses anomaly detection and motivation for detecting anomalies in system monitoring. It notes that traditional monitoring looks for fixed rules and thresholds but behaviors can vary over time, services, and other factors. The key to anomaly detection is watching for differences between usual and unusual behaviors. Examples are given of applying anomaly detection to network traffic amounts and email spam rates to detect issues like DDoS attacks or misconfigured spam filters. Heuristics are suggested like only alerting if an anomaly persists for over 15 minutes to avoid false alarms from temporary spikes.

TechnologyBusiness
1 of 14
Downloaded 41 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Anomaly Detection iwanaga
Who am I @quake_alert @quake_alert_en @quake_alert_fr @quake_alert_kr Yoshihiro Iwanaga
Motivation for detecting anomaly Traditional system monitoring • process existence • ping, http, tcp response • disk usage → “fixed” rule / threshold
Motivation for detecting anomaly Notice something out of ordinary • network traffic is heavier than usual • number of login try is obviously larger • a colleague is strangely gracious today → Unusual behaviors; Indications of fault. Such info helps preventing service degrading in advance!! but rule/threshold vary with service, host, client, time…
key to detect anomaly usual unusual Watch differences b/w
e.g. Network Traffic Mon Tue Wed Thu Fri traffic time
Superimpose 24 hour plot Traffic at 15:00 on workday is about 1.2 Gbps traffic time Periodicity!!
mean mean - 3σ mean + 3σ amount of dispersion from mean Acceptable “range” → e.g. Acceptable range of traffic at 15:00 on workday is 1.01 to 1.38 Gbps
Case examples
DDoS partial hardware failure Traffic
number of mail passed spam filterspam rate e-mail Applied a wrong spam rule
However Reality is not that simple… 人生楽ありゃ苦もあるさ 涙の後には虹も出る 歩いてゆくんだしっかりと 自分の道をふみしめて 山上路夫
downloading large files mass e-mail sending “Traffic spike” happens so frequently Frequent false-positive alerting will be “cry-wolf” system…
heuristic filtering In usual, traffic gets cool down within 15 minutes notify engineers if anomaly continues more than 15 minutes Engineers’ knowledge is gold mine for better algorithm  → one practical example:

More Related Content

PPTX
Resource Monitoring
Preethamms
 
PDF
Drilling Down Into DNS DDoS
APNIC
 
PDF
Donatas Mažionis, Building low latency web APIs
Tanya Denisyuk
 
PPTX
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
PPT
Understanding
webhostingguy
 
PDF
Ariu - Workshop on Artificial Intelligence and Security - 2011
Pluribus One
 
PPT
Network anomaly detection based on statistical
jimmy9090909
 
PDF
Mr201306 machine learning for computer security
FFRI, Inc.
 
Resource Monitoring
Preethamms
 
Drilling Down Into DNS DDoS
APNIC
 
Donatas Mažionis, Building low latency web APIs
Tanya Denisyuk
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
Understanding
webhostingguy
 
Ariu - Workshop on Artificial Intelligence and Security - 2011
Pluribus One
 
Network anomaly detection based on statistical
jimmy9090909
 
Mr201306 machine learning for computer security
FFRI, Inc.
 

Viewers also liked (19)

PDF
Machine learning approach to anomaly detection in cyber security
IAEME Publication
 
PPTX
Anomaly Detection using Spark MLlib and Spark Streaming
Keira Zhou
 
PPTX
Anomaly Detection Via PCA
Deepak Kumar
 
PDF
Jim Geovedi - Machine Learning for Cybersecurity
idsecconf
 
PDF
Sharing is Caring: Understanding and Measuring Threat Intelligence Sharing Ef...
Alex Pinto
 
PDF
Computer security using machine learning
Sandeep Sabnani
 
PDF
Computer security - A machine learning approach
Sandeep Sabnani
 
PDF
Anomaly Detection in Deep Learning (Updated)
Adam Gibson
 
PPTX
Anomaly Detection with Apache Spark
Cloudera, Inc.
 
PPTX
Anomaly detection in deep learning (Updated) English
Adam Gibson
 
PDF
Anomaly Detection
Carol Hargreaves
 
PDF
Anomaly detection in deep learning
Adam Gibson
 
PPTX
Anomaly detection, part 1
David Khosid
 
PDF
Strata 2014 Anomaly Detection
Ted Dunning
 
PPTX
Chapter 10 Anomaly Detection
Khalid Elshafie
 
PPTX
機械学習を用いた異常検知入門
michiaki ito
 
PPTX
Machine Learning in Information Security by Mohammed Zuber
OWASP Delhi
 
PPTX
Anomaly Detection
DataminingTools Inc
 
PDF
Detecting Trends
Stanislav Nikolov
 
Machine learning approach to anomaly detection in cyber security
IAEME Publication
 
Anomaly Detection using Spark MLlib and Spark Streaming
Keira Zhou
 
Anomaly Detection Via PCA
Deepak Kumar
 
Jim Geovedi - Machine Learning for Cybersecurity
idsecconf
 
Sharing is Caring: Understanding and Measuring Threat Intelligence Sharing Ef...
Alex Pinto
 
Computer security using machine learning
Sandeep Sabnani
 
Computer security - A machine learning approach
Sandeep Sabnani
 
Anomaly Detection in Deep Learning (Updated)
Adam Gibson
 
Anomaly Detection with Apache Spark
Cloudera, Inc.
 
Anomaly detection in deep learning (Updated) English
Adam Gibson
 
Anomaly Detection
Carol Hargreaves
 
Anomaly detection in deep learning
Adam Gibson
 
Anomaly detection, part 1
David Khosid
 
Strata 2014 Anomaly Detection
Ted Dunning
 
Chapter 10 Anomaly Detection
Khalid Elshafie
 
機械学習を用いた異常検知入門
michiaki ito
 
Machine Learning in Information Security by Mohammed Zuber
OWASP Delhi
 
Anomaly Detection
DataminingTools Inc
 
Detecting Trends
Stanislav Nikolov
 
Ad

Similar to Anomaly Detection by Mean and Standard Deviation (LT at AQ) (20)

PDF
Logging makes perfect - Riemann, Elasticsearch and friends
Itamar
 
PPTX
Traffic profiles, congestion and network performance
Raj Parekh
 
PPT
Web security
Jin Castor
 
PPT
networking point to point networking is the best .2024.ppt
halosidiq1
 
PPTX
Velocity 2016 Speaking Session - Using Machine Learning to Determine Drivers ...
SOASTA
 
PPTX
Using machine learning to determine drivers of bounce and conversion
Tammy Everts
 
PDF
Datastream management system1
SaritaTripathy3
 
PPTX
anti-ddos GNTC based on P4 /BIH
Leo Chu
 
PPTX
Anomaly Detection and You
Mary Kelly Rich
 
PDF
Lecture6 introduction to data streams
hktripathy
 
PDF
Network Forensics and Practical Packet Analysis
Priyanka Aash
 
PPT
Complete notes security
Kitkat Emoo
 
PDF
Resilient Design Using Queue Theory
ScyllaDB
 
PDF
6 Scope & 7 Live Data Collection
Sam Bowne
 
PPTX
cyber-warfare.pptx
HanzalahKhan8
 
PDF
CNIT 152: 6. Scope & 7. Live Data Collection
Sam Bowne
 
PPTX
DoS or DDoS attack
stollen_fusion
 
PPT
Myles firewalls
Shmulik Avidan
 
PPTX
Splunk live! Customer Presentation – Prelert
Splunk
 
PDF
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Utku Sen
 
Logging makes perfect - Riemann, Elasticsearch and friends
Itamar
 
Traffic profiles, congestion and network performance
Raj Parekh
 
Web security
Jin Castor
 
networking point to point networking is the best .2024.ppt
halosidiq1
 
Velocity 2016 Speaking Session - Using Machine Learning to Determine Drivers ...
SOASTA
 
Using machine learning to determine drivers of bounce and conversion
Tammy Everts
 
Datastream management system1
SaritaTripathy3
 
anti-ddos GNTC based on P4 /BIH
Leo Chu
 
Anomaly Detection and You
Mary Kelly Rich
 
Lecture6 introduction to data streams
hktripathy
 
Network Forensics and Practical Packet Analysis
Priyanka Aash
 
Complete notes security
Kitkat Emoo
 
Resilient Design Using Queue Theory
ScyllaDB
 
6 Scope & 7 Live Data Collection
Sam Bowne
 
cyber-warfare.pptx
HanzalahKhan8
 
CNIT 152: 6. Scope & 7. Live Data Collection
Sam Bowne
 
DoS or DDoS attack
stollen_fusion
 
Myles firewalls
Shmulik Avidan
 
Splunk live! Customer Presentation – Prelert
Splunk
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Utku Sen
 
Ad

More from Yoshihiro Iwanaga (11)

PDF
Arduino and johnny-five, creating IoT device in easiest way
Yoshihiro Iwanaga
 
PDF
Node.js Tutorial at Hiroshima
Yoshihiro Iwanaga
 
PDF
Web Technology for Hardware Control (html5 conference 2015)
Yoshihiro Iwanaga
 
PDF
Map
Yoshihiro Iwanaga
 
PPTX
Mongodb World 2014
Yoshihiro Iwanaga
 
PDF
http2 最速実装 v2
Yoshihiro Iwanaga
 
PPTX
JavaScript と Arduino でオリジナルデバイスを作ろう
Yoshihiro Iwanaga
 
PDF
Anomaly detection using correlations of load
Yoshihiro Iwanaga
 
PPTX
HOTATE (Developers Summit 2012)
Yoshihiro Iwanaga
 
PPTX
WebComponents LT at AQ
Yoshihiro Iwanaga
 
PPTX
20130725 LT at AQ
Yoshihiro Iwanaga
 
Arduino and johnny-five, creating IoT device in easiest way
Yoshihiro Iwanaga
 
Node.js Tutorial at Hiroshima
Yoshihiro Iwanaga
 
Web Technology for Hardware Control (html5 conference 2015)
Yoshihiro Iwanaga
 
Map
Yoshihiro Iwanaga
 
Mongodb World 2014
Yoshihiro Iwanaga
 
http2 最速実装 v2
Yoshihiro Iwanaga
 
JavaScript と Arduino でオリジナルデバイスを作ろう
Yoshihiro Iwanaga
 
Anomaly detection using correlations of load
Yoshihiro Iwanaga
 
HOTATE (Developers Summit 2012)
Yoshihiro Iwanaga
 
WebComponents LT at AQ
Yoshihiro Iwanaga
 
20130725 LT at AQ
Yoshihiro Iwanaga
 

Recently uploaded (20)

PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
A Presentation on Artificial Intelligence
memembruh336
 
Teaching material agriculture food technology
LiaRayya
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

Anomaly Detection by Mean and Standard Deviation (LT at AQ)