Statistical Anomaly Detection via Composite Hypothesis Testing for Markov Models

Under Markovian assumptions we leverage a Central Limit Theorem (CLT) related to the test statistic in the composite hypothesis Hoeffding test so as to derive a new estimator for the threshold needed by the test. We first show the advantages of our estimator over an existing estimator by conducting extensive numerical experiments. We then apply the Hoeffding test with our threshold estimator to detecting anomalies in both communication and transportation networks. The former application seeks to enhance cyber security and the latter aims at building smarter transportation systems in cities.