# Statistical Anomaly Detection via Composite Hypothesis Testing for   Markov Models

**Authors:** Jing Zhang, Ioannis Ch. Paschalidis

arXiv: 1702.08435 · 2018-02-14

## TL;DR

This paper introduces a new threshold estimator for the Hoeffding test under Markov models, improving anomaly detection accuracy in communication and transportation networks by better controlling false alarms.

## Contribution

It develops a novel estimator based on a CLT for the empirical measure, providing theoretical guarantees and demonstrating improved performance over existing methods.

## Key findings

- Our estimator better controls false alarms.
- It maintains high detection probabilities.
- Effective in cyber security and transportation applications.

## Abstract

Under Markovian assumptions, we leverage a Central Limit Theorem (CLT) for the empirical measure in the test statistic of the composite hypothesis Hoeffding test so as to establish weak convergence results for the test statistic, and, thereby, derive a new estimator for the threshold needed by the test. We first show the advantages of our estimator over an existing estimator by conducting extensive numerical experiments. We find that our estimator controls better for false alarms while maintaining satisfactory detection probabilities. We then apply the Hoeffding test with our threshold estimator to detecting anomalies in two distinct applications domains: one in communication networks and the other in transportation networks. The former application seeks to enhance cyber security and the latter aims at building smarter transportation systems in cities.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1702.08435/full.md

## Figures

22 figures with captions in the complete paper: https://tomesphere.com/paper/1702.08435/full.md

## References

29 references — full list in the complete paper: https://tomesphere.com/paper/1702.08435/full.md

---
Source: https://tomesphere.com/paper/1702.08435