Anomaly Detection Methods

Currently there is support for two anomaly detection methods, standard deviation detection and wavelet anomaly detection. These two methods are independent of each other and can be used on any of the traffic features. The first step is to use the methods to generate deviation scores and then use these deviation scores with a specified threshold to generate alarms. The higher the threshold, the greater the number of false negatives. The lower the threshold, the greater the number of false positives. Deviation scores for each method and metric can be cached in the INTERVAL_STATS table.

Each detection method has its own page of information detailing the method and the available scripts for it.

• Standard Deviation Detection

• Wavelet Detection