Distributed PCA-based anomaly detection in telephone networks through legitimate-user profiling

In my thesis I present a distributed mechanism based on Principal Component Analysis (PCA) to profile the behavior of the legitimate users in telephone networks. The idea is to take advantage of probes distributed over the network to obtain a compact snapshot of the users they serve. A collector node collects and effectively combines such information to gather the description of the legitimate-user behavior. Eventually, it distributes the profile to probes, which perform anomaly detection. Experimental results on five weeks of phone data collected by a telecom operator show that the profiling mechanism is stable over time and allows an operator to decentralize the anomaly detection stage directly to its probes. Furthermore, when compared to a centralized-PCA approach, the technique has the advantage of preventing the creation of polluted profiles, since it avoids that widespread anomalies, that are localized within one (or few) probes, enter into the description of the legitimate-user behavior