Skip to Main Content
Statistical anomaly detection (SAD) becomes an increasingly important tool for the early recognition of potential threats for security-relevant information systems. SAD systems heavily rely on the probing of potentially very large networks. Our contribution is an analysis of the resource requirements on the information sink which constitutes the bottleneck of Client/Server-based SAD systems. In order to dimension the system appropriately, we investigate the trade-off between accumulated and distributed arrival patterns, and the impact of the processing phase of the information sink.