Tomas Singliar, Denver Dash
We present Cluster Onset Detection (COD), a novel algorithm to aid in detection of epidemic outbreaks. COD employs unsupervised learning techniques in an online setting to partition the population into subgroups, thus increasing the ability to make a detection over the population as a whole by decreasing the signal-to-noise ratio. The method is adaptive and able to alter its clustering in real-time without the need for detailed background knowledge of the population. COD attempts to detect a cluster made up primarily of infected hosts. We argue that this technique is largely complementary to the existing methods for outbreak detection and can generally be combined with one or more of them. We show empirical results applying COD to the problem of detecting a worm attack on a system of networked computers, and show that this method results in approximately 40% lower infection rate at a false positive rate of 1 per week than the best previously reported results on this data set achieved using an HMM model customized for the outbreak detection task.
Subjects: 12. Machine Learning and Discovery; 3.6 Temporal Reasoning
Submitted: Apr 24, 2007