Off-campus UMass Amherst users: To download campus access theses, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users: Please talk to your librarian about requesting this thesis through interlibrary loan.

Theses that have an embargo placed on them will not be available to anyone until the embargo expires.

Access Type

Open Access

Degree Program

Electrical & Computer Engineering

Degree Type

Master of Science in Electrical and Computer Engineering (M.S.E.C.E.)

Year Degree Awarded

January 2007

Month Degree Awarded



anomaly, anomaly detection, parallel, detection, multiple, algorithms


The main objective of the thesis is to show that multiple anomaly detection algorithms can be implemented in parallel to effectively characterize the type of traffic causing the abnormal behavior. The logs are obtained by running six anomaly detection algorithms in parallel on the Network Processor. Further, a hierarchical tree representation is defined which illustrates the state of traffic in real-time. The nodes represent a particular subset of traffic and each of the nodes calculate the aggregate for the traffic represented by the node, given the output from all the algorithms. The greater the aggregate, the darker the node indicating an anomaly. The visual representation makes it easy for an operator to distinguish between anomalous and non-anomalous nodes.

First Advisor

Tilman Wolf