A Collective Anomaly Detection Approach for Multidimensional Streams in Mobile Service Security

Anomaly detection in many applications is becoming more and more important, especially for security and privacy in mobile service computing domains with the development of mobile internet and mobile cloud computing, in which data are typical multidimensional time series data. However, the collective anomaly detection for multidimensional streams exists lots of problems, owing to the differences between the anomaly detection in multidimensional time series and univariate time series data. For example, the temporal continuity of multidimensional time series is much weaker than univariate time series and it is unreasonable to judge the entire multidimensional data as an anomaly if a certain dimension is abnormal. In this paper, we consider the statistical features of the subsequence of streams, proposing a novel collective anomaly detection algorithm for multidimensional streams based on iForest in a cloud environment, namely iForestFS. When using different features about mobile cloud services' metrics suggested by domain knowledge, iForestFS could detect different kinds of anomalies for mobile service security. Furthermore, we implement a distributed iForestFS using spark framework in order to improve time performance and scalability. The experimental results performed on three datasets (mainly about network security) derived from the UCI repository demonstrate that the proposed algorithm can effectively detect a collective anomaly of multidimensional streams in the security domain.