共查询到4条相似文献,搜索用时 62 毫秒
1.
The discussion points on the inadequacy of the ARL as an index of efficiency of a detection procedure for change points. It is shown that the FAR=1/ARL might be small, while the probability of false alarm (PFA) is at the same time considerable. This is illustrated with simulation runs, using the Shiryayev–Roberts detection procedure. The need to develop procedures based on continuous monitoring is also mentioned. 相似文献
2.
3.
4.
Alexander G. Tartakovsky Boris L. Rozovskii Rudolf B. Blaek Hongjoong Kim 《Statistical Methodology》2006,3(3):252-293
Sequential multi-chart detection procedures for detecting changes in multichannel sensor systems are developed. In the case of complete information on pre-change and post-change distributions, the detection algorithm represents a likelihood ratio-based multichannel generalization of Page’s cumulative sum (CUSUM) test that is applied to general stochastic models that may include correlated and nonstationary observations. There are many potential application areas where it is necessary to consider multichannel generalizations and general statistical models. In this paper our main motivation for doing so is network security: rapid anomaly detection for an early detection of attacks in computer networks that lead to changes in network traffic. Moreover, this kind of application encourages the development of a nonparametric multichannel detection test that does not use exact pre-change (legitimate) and post-change (attack) traffic models. The proposed nonparametric method can be effectively applied to detect a wide variety of attacks such as denial-of-service attacks, worm-based attacks, port-scanning, and man-in-the-middle attacks. In addition, we propose a multichannel CUSUM procedure that is based on binary quantized data; this procedure turns out to be more efficient than the previous two algorithms in certain scenarios. All proposed detection algorithms are based on the change-point detection theory. They utilize the thresholding of test statistics to achieve a fixed rate of false alarms, while allowing changes in statistical models to be detected “as soon as possible”. Theoretical frameworks for the performance analysis of detection procedures, as well as results of Monte Carlo simulations for a Poisson example and results of detecting real flooding attacks, are presented. 相似文献