> You might have something interesting going on with your own research finding, if you have not published it I would encourage you to do so.
'Information Sciences', 1999, "... Anomaly Detector". So look
for 'zero day' problems in server farms and networks. Get
a multidimensional, distribution-free hypothesis test
where know false alarm rate in advance and can adjust it
exactly in small steps over a wide range.
What is novel is the 'applied probability' that permits
the results with false alarm rate.
The assumptions about the input data are realistic and,
thus, do not permit doing as well as the Neyman-Pearson
result, but, still, intuitively, the detection rate
should be relatively high. There is a weaker sense,
not in the paper, where the detection rate is
as high as possible. I.e., essentially, for the
selected false alarm rate, the 'critical region'
where null hypothesis (a healthy system) is accepted
has least possible Lebesgue measure.
It appears that the input data can have dimensions
10, 100, 1000, etc. I have an algorithm that makes
the computations fast, but it's not in the paper.
The computing needed was a bit much when I published
the paper, but that computing is quite reasonable
now. For a system where really care a lot about
reliability, performance, security, etc., it could
be worthwhile to deploy what I cooked up.
My current project is quite different but does need
a server farm, and I might deploy my detector there.
Then with that demo, if people like my detector,
I might let people buy it.
'Information Sciences', 1999, "... Anomaly Detector". So look for 'zero day' problems in server farms and networks. Get a multidimensional, distribution-free hypothesis test where know false alarm rate in advance and can adjust it exactly in small steps over a wide range.
What is novel is the 'applied probability' that permits the results with false alarm rate.
The assumptions about the input data are realistic and, thus, do not permit doing as well as the Neyman-Pearson result, but, still, intuitively, the detection rate should be relatively high. There is a weaker sense, not in the paper, where the detection rate is as high as possible. I.e., essentially, for the selected false alarm rate, the 'critical region' where null hypothesis (a healthy system) is accepted has least possible Lebesgue measure.
It appears that the input data can have dimensions 10, 100, 1000, etc. I have an algorithm that makes the computations fast, but it's not in the paper.
The computing needed was a bit much when I published the paper, but that computing is quite reasonable now. For a system where really care a lot about reliability, performance, security, etc., it could be worthwhile to deploy what I cooked up.
My current project is quite different but does need a server farm, and I might deploy my detector there. Then with that demo, if people like my detector, I might let people buy it.