PADUA Parallel Architecture to Detect Unexplained Activities
There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most related past work has been domain-dependent (e.g., video surveillance, cybersecurity) and has focused on the valuable class of statistical anomalie...
Saved in:
| Published in | ACM transactions on Internet technology Vol. 14; no. 1; pp. 1 - 28 |
|---|---|
| Main Authors | , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
01.07.2014
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 1533-5399 1557-6051 |
| DOI | 10.1145/2633685 |
Cover
Loading…
| Abstract | There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most related past work has been domain-dependent (e.g., video surveillance, cybersecurity) and has focused on the valuable class of statistical anomalies in which statistically unusual events are considered. In contrast, suppose there is a set A of known activity models (both harmless and harmful) and a log L of time-stamped observations. We define a part L '⊆ L of the log to represent an unexplained situation when none of the known activity models can explain L ' with a score exceeding a user-specified threshold. We represent activities via probabilistic penalty graphs (PPGs) and show how a set of PPGs can be combined into one Super-PPG for which we define an index structure. Given a compute cluster of ( K + 1) nodes (one of which is a master node), we show how to split a Super-PPG into K subgraphs, each of which can be independently processed by a compute node. We provide algorithms for the individual compute nodes to ensure seamless handoffs that maximally leverage parallelism. PADUA is domain-independent and can be applied to many domains (perhaps with some specialization). We conducted detailed experiments with PADUA on two real-world datasets—the ITEA CANDELA video surveillance dataset and a network traffic dataset appropriate for cybersecurity applications. PADUA scales extremely well with the number of processors and significantly outperforms past work both in accuracy and time. Thus, PADUA represents the first parallel architecture and algorithm for identifying unexplained situations in observation data, offering both scalability and accuracy. |
|---|---|
| AbstractList | There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most related past work has been domain-dependent (e.g., video surveillance, cybersecurity) and has focused on the valuable class of statistical anomalies in which statistically unusual events are considered. In contrast, suppose there is a set A of known activity models (both harmless and harmful) and a log L of time-stamped observations. We define a part L '⊆ L of the log to represent an unexplained situation when none of the known activity models can explain L ' with a score exceeding a user-specified threshold. We represent activities via probabilistic penalty graphs (PPGs) and show how a set of PPGs can be combined into one Super-PPG for which we define an index structure. Given a compute cluster of ( K + 1) nodes (one of which is a master node), we show how to split a Super-PPG into K subgraphs, each of which can be independently processed by a compute node. We provide algorithms for the individual compute nodes to ensure seamless handoffs that maximally leverage parallelism. PADUA is domain-independent and can be applied to many domains (perhaps with some specialization). We conducted detailed experiments with PADUA on two real-world datasets—the ITEA CANDELA video surveillance dataset and a network traffic dataset appropriate for cybersecurity applications. PADUA scales extremely well with the number of processors and significantly outperforms past work both in accuracy and time. Thus, PADUA represents the first parallel architecture and algorithm for identifying unexplained situations in observation data, offering both scalability and accuracy. There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most related past work has been domain-dependent (e.g., video surveillance, cybersecurity) and has focused on the valuable class of statistical anomalies in which statistically unusual events are considered. In contrast, suppose there is a set A of known activity models (both harmless and harmful) and a log L of time-stamped observations. We define a part L'[subE] L of the log to represent an unexplained situation when none of the known activity models can explain L' with a score exceeding a user-specified threshold. We represent activities via probabilistic penalty graphs (PPGs) and show how a set of PPGs can be combined into one Super-PPG for which we define an index structure. Given a compute cluster of (K 1) nodes (one of which is a master node), we show how to split a Super-PPG into K subgraphs, each of which can be independently processed by a compute node. We provide algorithms for the individual compute nodes to ensure seamless handoffs that maximally leverage parallelism. PADUA is domain-independent and can be applied to many domains (perhaps with some specialization). We conducted detailed experiments with PADUA on two real-world datasets-the ITEA CANDELA video surveillance dataset and a network traffic dataset appropriate for cybersecurity applications. PADUA scales extremely well with the number of processors and significantly outperforms past work both in accuracy and time. Thus, PADUA represents the first parallel architecture and algorithm for identifying unexplained situations in observation data, offering both scalability and accuracy. |
| Author | Pugliese, Andrea Rullo, Antonino Subrahmanian, V. S. Moscato, Vincenzo Picariello, Antonio Molinaro, Cristian |
| Author_xml | – sequence: 1 givenname: Cristian surname: Molinaro fullname: Molinaro, Cristian organization: University of Calabria – sequence: 2 givenname: Vincenzo surname: Moscato fullname: Moscato, Vincenzo organization: University of Naples “Federico II” – sequence: 3 givenname: Antonio surname: Picariello fullname: Picariello, Antonio organization: University of Naples “Federico II” – sequence: 4 givenname: Andrea surname: Pugliese fullname: Pugliese, Andrea organization: University of Calabria – sequence: 5 givenname: Antonino surname: Rullo fullname: Rullo, Antonino organization: University of Calabria – sequence: 6 givenname: V. S. surname: Subrahmanian fullname: Subrahmanian, V. S. organization: University of Maryland |
| BookMark | eNplz0tLAzEUBeAgLdhW8WfoJprMzb2TLEt9QkEXdh3yGhiZztRkuvDf29KudHXO4uPAmbNJP_SJsRsp7qVU-FARAGm8YDOJWHMSKCfHDsARjLlk81K-hJBIEmZs-rF83Cyv2LRxXUnX51ywzfPT5-qVr99f3lbLNQ8V6pETaS0SUIwxgcfkvEAyKgijdfDOa6cohFoLiNHoqk5URfIiIhrygRpYsLvT7i4P3_tURrttS0hd5_o07IuVtVJkag3qQPmJhjyUklNjQzu6sR36Mbu2s1LY4117vnvwt3_8Lrdbl3_-yV_TTlIk |
| CitedBy_id | crossref_primary_10_1145_3117809 crossref_primary_10_1016_j_eswa_2020_114556 crossref_primary_10_14778_3137765_3137829 crossref_primary_10_1007_s12652_020_02021_y crossref_primary_10_1016_j_future_2020_06_054 crossref_primary_10_1016_j_jisa_2024_103724 |
| Cites_doi | 10.1007/978-3-642-35236-2_57 10.5555/872016.872185 10.1109/ICIP.2005.1530123 10.1016/j.comcom.2006.04.001 10.1214/aoms/1177699147 10.5555/2283516.2283667 10.1007/s10618-007-0076-8 10.1109/CVPR.2005.316 10.1145/586110.586144 10.1109/89.861372 10.1109/TPAMI.2007.70825 10.1007/978-3-642-01307-2_27 10.1109/ICPR.2006.273 10.1016/j.cviu.2004.02.005 10.1109/TNN.2005.845141 10.1007/s11416-008-0103-3 10.1109/TPAMI.2007.70731 10.1016/S0019-9958(63)90290-0 10.1109/TIP.2008.916991 10.5555/1894166.1894191 10.1109/TKDE.2007.1042 10.5555/1625275.1625567 10.5555/2477182.2478043 10.1109/TIP.2005.852197 10.1145/234533.234534 10.1109/AHS.2012.6268645 10.5555/794189.794420 10.1109/CVPRW.2003.10039 10.1016/j.cose.2008.08.003 10.1109/CVPR.2009.5206569 10.5555/844380.844743 10.1109/ICMI.2002.1166960 10.5555/1896300.1896418 |
| ContentType | Journal Article |
| DBID | AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1145/2633685 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | CrossRef Computer and Information Systems Abstracts |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Architecture |
| EISSN | 1557-6051 |
| EndPage | 28 |
| ExternalDocumentID | 10_1145_2633685 |
| GroupedDBID | -DZ -~X .4S .DC 23M 4.4 5GY 5VS 6J9 85S 8US AAKMM AALFJ AAYFX AAYXX ABPPZ ACGFO ACM ADBCU ADL ADMLS AEBYY AEFXT AEGXH AEJOY AENEX AENSD AFWIH AFWXC AIAGR AIKLT AKRVB ALMA_UNASSIGNED_HOLDINGS ARCSS ASPBG AVWKF BDXCO CCLIF CITATION CS3 D0L EBS EDO EJD FEDTE GUFHI HGAVV H~9 I07 LHSKQ P1C P2P PQQKQ RNS ROL TUS U5U UPT ZCA 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c258t-66880e36ddde3b5eab05694c0988cbab8a46cc7803dd9827e62d6b0d5596bc6f3 |
| ISSN | 1533-5399 |
| IngestDate | Fri Jul 11 00:05:34 EDT 2025 Thu Jul 03 08:25:39 EDT 2025 Thu Apr 24 22:59:34 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c258t-66880e36ddde3b5eab05694c0988cbab8a46cc7803dd9827e62d6b0d5596bc6f3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 23 |
| PQID | 1744697834 |
| PQPubID | 23500 |
| PageCount | 28 |
| ParticipantIDs | proquest_miscellaneous_1744697834 crossref_citationtrail_10_1145_2633685 crossref_primary_10_1145_2633685 |
| PublicationCentury | 2000 |
| PublicationDate | 2014-07-01 |
| PublicationDateYYYYMMDD | 2014-07-01 |
| PublicationDate_xml | – month: 07 year: 2014 text: 2014-07-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | ACM transactions on Internet technology |
| PublicationYear | 2014 |
| References | Agrawal Rakesh (e_1_2_1_2_1) 1994 Albanese Massimiliano (e_1_2_1_4_1); 6879 Lancaster Peter (e_1_2_1_25_1) Zhou Yue (e_1_2_1_48_1) Ghallab Malik (e_1_2_1_16_1) 1996 e_1_2_1_42_1 Qin Xinzhou (e_1_2_1_34_1) e_1_2_1_40_1 e_1_2_1_23_1 e_1_2_1_46_1 e_1_2_1_24_1 e_1_2_1_45_1 e_1_2_1_44_1 Bordoni Stefano (e_1_2_1_10_1) 2001 e_1_2_1_22_1 e_1_2_1_43_1 e_1_2_1_27_1 e_1_2_1_28_1 Gary (e_1_2_1_41_1) 1998 e_1_2_1_47_1 e_1_2_1_29_1 Hu Derek Hao (e_1_2_1_19_1) 2009 Mahajan Dhruv (e_1_2_1_26_1) 2004 Artikis Alexander (e_1_2_1_7_1) Jiang Fan (e_1_2_1_21_1) e_1_2_1_31_1 e_1_2_1_8_1 e_1_2_1_30_1 e_1_2_1_5_1 Ghahramani Zoubin (e_1_2_1_15_1) e_1_2_1_6_1 e_1_2_1_3_1 e_1_2_1_12_1 Jiang Fan (e_1_2_1_20_1) e_1_2_1_35_1 e_1_2_1_13_1 e_1_2_1_1_1 e_1_2_1_11_1 e_1_2_1_32_1 e_1_2_1_39_1 e_1_2_1_17_1 e_1_2_1_38_1 e_1_2_1_14_1 e_1_2_1_37_1 e_1_2_1_36_1 e_1_2_1_9_1 e_1_2_1_18_1 |
| References_xml | – ident: e_1_2_1_39_1 doi: 10.1007/978-3-642-35236-2_57 – ident: e_1_2_1_22_1 doi: 10.5555/872016.872185 – volume-title: Proceedings of the 21st International Joint Conference on Artificial Intelligence (IJCAI'09) year: 2009 ident: e_1_2_1_19_1 – ident: e_1_2_1_27_1 doi: 10.1109/ICIP.2005.1530123 – volume-title: Curve and Surface Fitting: An Introduction ident: e_1_2_1_25_1 – volume-title: Weiss and Haym Hirsh year: 1998 ident: e_1_2_1_41_1 – ident: e_1_2_1_40_1 doi: 10.1016/j.comcom.2006.04.001 – ident: e_1_2_1_9_1 doi: 10.1214/aoms/1177699147 – ident: e_1_2_1_5_1 doi: 10.5555/2283516.2283667 – ident: e_1_2_1_32_1 doi: 10.1007/s10618-007-0076-8 – ident: e_1_2_1_45_1 doi: 10.1109/CVPR.2005.316 – ident: e_1_2_1_29_1 doi: 10.1145/586110.586144 – ident: e_1_2_1_36_1 doi: 10.1109/89.861372 – ident: e_1_2_1_1_1 doi: 10.1109/TPAMI.2007.70825 – volume-title: Proceedings of the (VLDB). 487--499 year: 1994 ident: e_1_2_1_2_1 – ident: e_1_2_1_46_1 doi: 10.1007/978-3-642-01307-2_27 – ident: e_1_2_1_8_1 doi: 10.1109/ICPR.2006.273 – volume-title: Proceedings of the 10th IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). IEEE, 1491--1494 year: 2001 ident: e_1_2_1_10_1 – ident: e_1_2_1_18_1 doi: 10.1016/j.cviu.2004.02.005 – volume-title: Proceedings of the 4th Indian Conference on Computer Vision, Graphics & Image Processing (ICVGIP'04) year: 2004 ident: e_1_2_1_26_1 – ident: e_1_2_1_43_1 doi: 10.1109/TNN.2005.845141 – ident: e_1_2_1_3_1 doi: 10.1007/s11416-008-0103-3 – ident: e_1_2_1_42_1 doi: 10.1109/TPAMI.2007.70731 – volume-title: Adaptive Processing of Sequences and Data Structures ident: e_1_2_1_15_1 – volume-title: Proceedings of the 5th International Conference on Principles of Knowledge Representation and Reasoning (KR). 597--606 year: 1996 ident: e_1_2_1_16_1 – ident: e_1_2_1_35_1 doi: 10.1016/S0019-9958(63)90290-0 – ident: e_1_2_1_13_1 doi: 10.1109/TIP.2008.916991 – ident: e_1_2_1_30_1 doi: 10.5555/1894166.1894191 – ident: e_1_2_1_44_1 doi: 10.1109/TKDE.2007.1042 – ident: e_1_2_1_6_1 doi: 10.5555/1625275.1625567 – volume-title: Behaviour recognition using the event calculus ident: e_1_2_1_7_1 – volume-title: Proceedings of the International Conference on Image Processing (ICIP'10) ident: e_1_2_1_21_1 – volume-title: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection ident: e_1_2_1_34_1 – ident: e_1_2_1_12_1 doi: 10.5555/2477182.2478043 – volume-title: Proceedings of the International Conference on Image Processing (ICIP'09) ident: e_1_2_1_20_1 – ident: e_1_2_1_37_1 doi: 10.1109/TIP.2005.852197 – ident: e_1_2_1_23_1 doi: 10.1145/234533.234534 – volume: 6879 volume-title: Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS'11) ident: e_1_2_1_4_1 – ident: e_1_2_1_28_1 doi: 10.1109/AHS.2012.6268645 – ident: e_1_2_1_11_1 doi: 10.5555/794189.794420 – ident: e_1_2_1_17_1 doi: 10.1109/CVPRW.2003.10039 – ident: e_1_2_1_14_1 doi: 10.1016/j.cose.2008.08.003 – ident: e_1_2_1_24_1 doi: 10.1109/CVPR.2009.5206569 – ident: e_1_2_1_38_1 doi: 10.5555/844380.844743 – ident: e_1_2_1_31_1 doi: 10.1109/ICMI.2002.1166960 – ident: e_1_2_1_47_1 doi: 10.5555/1896300.1896418 – volume-title: Proceedings of the IEEE International Conference on Multimedia and Expo (ICME'07) ident: e_1_2_1_48_1 |
| SSID | ssj0015613 |
| Score | 2.0466537 |
| Snippet | There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most... |
| SourceID | proquest crossref |
| SourceType | Aggregation Database Enrichment Source Index Database |
| StartPage | 1 |
| SubjectTerms | Accuracy Algorithms Architecture Clusters Networks Processors Surveillance Traffic flow |
| Subtitle | Parallel Architecture to Detect Unexplained Activities |
| Title | PADUA |
| URI | https://www.proquest.com/docview/1744697834 |
| Volume | 14 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1JS8QwFA7jzEUP4oo7CuJFom2aZtKLUEZFxBFBR7yVZikI0hHtXPz1vjTpMo7gcgklGyRf-pa8vPcQOgQJXmo_ozhQmcSU0AxzpQmOGIgXgR9K4Rt_5-EtuxrR66fwqdM5a71amhTiRH5861fyH1ShDnA1XrJ_QLaeFCrgG_CFEhCG8lcY38Xno7gtXsaDoUn6UGUAL00B9s5PF8fFzC36sMzYYz1dBu5vb9reZVrmWDp-fIaTkX-MazIKwIKG7aw2sclC_Nw0gkBuIk_UryXT9sWCT-tHqA0tDLAJXGtZhasL-xg0IH-KgNKZg2Kpod9iq9YFfJZgUxPbgrDABMJveFJlh__CquoHhNadOkzcwDnUI6AmkC7qxefDm_vajmTUIxsx1y7Fuk2boadu6LQ8Ms2OSxnjYQktOuVgP7ZIL6OOzlfQQitk5CrqlZivodHlxcPgCrtUFliSkBeYMaCTOmAKuEkgQp0KEDwjKr2IcylSwVPKpOxzL1Aq4qSvGVFMeAr0PSYky4J11M3Hud5A-5KrTLOU-EoJSjSNiJdxT2VRKkMVEb6JjqoFJdLFeTfpRl6SL5u2CXNVHV9taJPZLgfVjiRAdowtKc31ePKegCJLmbk2pFs_T7ON5psDtoO6xdtE74IsV4g9B9gnh45Gmg |
| linkProvider | EBSCOhost |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=PADUA&rft.jtitle=ACM+transactions+on+Internet+technology&rft.au=Molinaro%2C+Cristian&rft.au=Moscato%2C+Vincenzo&rft.au=Picariello%2C+Antonio&rft.au=Pugliese%2C+Andrea&rft.date=2014-07-01&rft.issn=1533-5399&rft.eissn=1557-6051&rft.volume=14&rft.issue=1&rft.spage=1&rft.epage=28&rft_id=info:doi/10.1145%2F2633685&rft.externalDBID=n%2Fa&rft.externalDocID=10_1145_2633685 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1533-5399&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1533-5399&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1533-5399&client=summon |