Pattern Detector: Fast Detection of Suspicious Stream Patterns for Immediate Reaction

摘要

Detecting emerging problems in information and manufacturing systems is the goal of monitoring tools. Good and timely detection of problematic conditions from measured indicators requires efficient and effective detection of critical patterns in a stream of incoming observations.rnWe present Pattern Detector, an interactive system which is capable of immediate detection and signaling of such patterns. Using user-defined query patterns which indicate e.g. low rate denial-of-service attacks in network traffic, this system signals problems fast and transparently.rnThe underlying detection algorithm is based on matching patterns using the Dynamic Time Warping (DTW). Fast query processing is achieved by reliably filtering out candidates via a highly efficient multistep filter-and-refine framework, anticipatory DTW (ADTW). This framework is capable of processing continuous streams such that appropriate action can be taken as soon as suspicious patterns occur.rnWhile our pattern detector system is developed specifically for network traffic by incorporating recent patterns from computer networking, it easily generalizes to many online stream monitoring tasks.