Abstract:
In this thesis, we focus on distance approximation methods between high and multi-dimensional structures and their applications. Two novel methods using distance approximations are proposed and they are applied to anomaly detection in cyber security (Distributed Denial of Service -DDoS- attack and attacker detection) and tensor decomposition in object retrieval (image and video classi cation on scarce data). At rst, we consider an autonomous cyber security system that consists of two components: A monitor for detection of DDoS attacks and a discriminator for detection of users in the system with malicious intents. A novel adaptive real time change-point detection model that tracks the changes in the Mahalanobis distances between sampled feature vectors in the monitored system accounts for possible DDoS attacks. A clustering model that runs over the similarity scores of behavioral patterns between the users is used for segregating the malicious from the innocent. Secondly, we propose a discriminative tensor decomposition with large margin (LMTD), which is a distance based model that nds the projection directions where the nearest neighbor classi - cation accuracy is improved over the projected instances. We experiment the cyber security system in a simulated SIP communication environment. Both the attack and attacker detection components are compared with some competitors in the literature. The tensor decomposition is applied to the image and video retrieval problem, where the data is scarce, and its performance also is compared with other decomposition methods. The experimental results are reported for both applications. It is shown that the proposed methods perform higher accuracy rates than their competitors.