Adaptive CUSUM for Anomaly Detection and Its Application to Detect Shared Congestion

It is a major challenge for a detection algorithm to maintain high detection probability and low false alarms simultaneously. In this paper, we propose an adaptive CUSUM algorithm (ACS) to robustly detect an anomaly, which is defined as system behavior that deviates from its expected values. By embedding a sliding model control (SMC) controller into a CUSUM detector, ACS effectively prevents unlimited build-up of the accumulator, i.e., the yn variable in CUSUM, during the anomaly period. This way, ACS effectively detects change points at on-set and termination of an anomaly period, while satisfying the requirements of detection and false alarm time. For general performance evaluation, we found that ACS is more stable than the Neyman-Pearson detector, and also overcomes the tardy detection of anomaly termination of the CUSUM algorithm. We further reduce the problem of shared congestion to that of anomaly detection, where shared congestion is regarded as anomaly and independent congestion as normality, using the delay correlation of two probing streams as metric. Existing solutions employed accumulated samples to detect shared congestion. We proposed a sliding window scheme to capture the change of congestion states. The simulation results showed that window scheme with ACS can detect the switch of the shared vs. independent congestion for each detection instance.