Distributed Network Monitoring and Anomaly Detection as a Grid Application

In this paper an anomaly detection system based on Grid middleware that supports the efficient, scalable and secure monitoring of multiple instruments and sensors, is proposed and investigated. The Grid provides the means to control the sensors and gather information with security and reliability. The system includes a Decision Support Service that fuses multi-metric data from heterogeneous sensors to produce a view of the network state. The proposed fusion algorithm is based on the application of Principal Component Analysis on multi-metric data, and provides an efficient way of taking into account the combined effect of the correlated observed data, for anomaly detection purposes. The performance and operational effectiveness of our proposed anomaly detection approach is evaluated via modeling and simulation, and is compared against the corresponding techniques that are based on the singlemetric analysis.