data mining ii anomaly detection
play

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection - PowerPoint PPT Presentation

Jan 14, 2023 •252 likes •984 views

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

  1. Data Mining II Anomaly Detection Heiko Paulheim

  2. Anomaly Detection • Also known as “Outlier Detection” • Automatically identify data points that are somehow different from the rest • Working assumption: – There are considerably more “normal” observations than “abnormal” observations (outliers/anomalies) in the data • Challenges – How many outliers are there in the data? – What do they look like? – Method is unsupervised • Validation can be quite challenging (just like for clustering) 03/04/19 Heiko Paulheim 2

  3. Recap: Errors in Data • Sources – malfunctioning sensors – errors in manual data processing (e.g., twisted digits) – storage/transmission errors – encoding problems, misinterpreted file formats – bugs in processing code – ... Image: http://www.flickr.com/photos/16854395@N05/3032208925/ 03/04/19 Heiko Paulheim 3

  4. Recap: Errors in Data • Simple remedy – remove data points outside a given interval • this requires some domain knowledge • Advanced remedies – automatically find suspicious data points 03/04/19 Heiko Paulheim 4

  5. Applications: Data Preprocessing • Data preprocessing – removing erroneous data – removing true, but useless deviations • Example: tracking people down using their GPS data – GPS values might be wrong – person may be on holidays in Hawaii • what would be the result of a kNN classifier? 03/04/19 Heiko Paulheim 5

  6. Applications: Credit Card Fraud Detection • Data: transactions for one customer – €15.10 Amazon – €12.30 Deutsche Bahn tickets, Mannheim central station – €18.28 Edeka Mannheim – $500.00 Cash withdrawal. Dubai Intl. Airport – €48.51 Gas station Heidelberg – €21.50 Book store Mannheim • Goal: identify unusual transactions – possible attributes: location, amount, currency, ... 03/04/19 Heiko Paulheim 6

  7. Applications: Hardware Failure Detection Thomas Weible: An Optic's Life (2010). 03/04/19 Heiko Paulheim 7

  8. Applications: Stock Monitoring • Stock market prediction • Computer trading http://blogs.reuters.com/reuters-investigates/2010/10/15/flash-crash-fallout/ 03/04/19 Heiko Paulheim 8

  9. Errors vs. Natural Outliers Ozone Depletion History In 1985 three researchers (Farman,  Gardinar and Shanklin) were puzzled by data gathered by the British Antarctic Survey showing that ozone levels for Antarctica had dropped 10% below normal levels Why did the Nimbus 7 satellite,  which had instruments aboard for recording ozone levels, not record similarly low ozone concentrations? The ozone concentrations recorded  by the satellite were so low they were being treated as outliers by a Sources: computer program and discarded! http://exploringdata.cqu.edu.au/ozone.html http://www.epa.gov/ozone/science/hole/size.html 03/04/19 Heiko Paulheim 9

  10. Anomaly Detection Schemes  General Steps – Build a profile of the “normal” behavior  Profile can be patterns or summary statistics for the overall population – Use the “normal” profile to detect anomalies  Anomalies are observations whose characteristics differ significantly from the normal profile  Types of anomaly detection schemes – Graphical & Statistical-based – Distance-based – Model-based 03/04/19 Heiko Paulheim 10

  11. Graphical Approaches  Boxplot (1-D), Scatter plot (2-D), Spin plot (3-D)  Limitations – Time consuming – Subjective 03/04/19 Heiko Paulheim 11

  12. Convex Hull Method  Extreme points are assumed to be outliers  Use convex hull method to detect extreme values  What if the outlier occurs in the middle of the data? 03/04/19 Heiko Paulheim 12

  13. Interpretation: What is an Outlier? 03/04/19 Heiko Paulheim 13

  14. Statistical Approaches  Assume a parametric model describing the distribution of the data (e.g., normal distribution)  Apply a statistical test that depends on – Data distribution – Parameter of distribution (e.g., mean, variance) – Number of expected outliers (confidence limit) 03/04/19 Heiko Paulheim 14

  15. Interquartile Range • Divides data in quartiles • Definitions: – Q1: x ≥ Q1 holds for 75% of all x – Q3: x ≥ Q3 holds for 25% of all x – IQR = Q3-Q1 • Outlier detection: – All values outside [median-1.5*IQR ; median+1.5*IQR] • Example: – 0,1,1,3,3,5,7,42 → median=3, Q1=1, Q3=7 → IQR = 6 – Allowed interval: [3-1.5*6 ; 3+1.5*6] = [-6 ; 12] – Thus, 42 is an outlier 03/04/19 Heiko Paulheim 15

  16. Interquartile Range • Assumes a normal distribution 03/04/19 Heiko Paulheim 16

  17. Interquartile Range • Visualization in box plot using RapidMiner Outliers Q2+1.5*IQR Q3 Median IQR Q1 Q2-1.5*IQR Outliers 03/04/19 Heiko Paulheim 17

  18. Median Absolute Deviation (MAD) • MAD is the median deviation from the median of a sample, i.e. MAD : = median i ( X i − median j ( X j )) • MAD can be used for outlier detection – all values that are k*MAD away from the median are considered to be outliers – e.g., k=3 • Example: – 0,1,1,3,5,7,42 → median = 3 Carl Friedrich Gauss, 1777-1855 – deviations: 3,2,2,0,2,4,39 → MAD = 2 – allowed interval: [3-3*2 ; 3+3*2] = [-3;9] – therefore, 42 is an outlier 03/04/19 Heiko Paulheim 18

  19. Grubbs’ Test • Invented by Frank E. Grubbs (1913-2000) • Detect outliers in univariate data • Assume data comes from normal distribution – H 0 : There is no outlier in data – H A : There is at least one outlier • Grubbs’ test statistic: G = max ∣ X − X ∣ critical t-value • Reject H 0 if: s √ N √ 2 t G >( N − 1 ) ( α / N ,N − 2 ) 2 N − 2 + t ( α / N , N − 2 ) 03/04/19 Heiko Paulheim 19

  20. Grubbs' Test 03/04/19 Heiko Paulheim 20

  21. Grubbs' Test • The test finds out if there is at least one outlier • Practical algorithm: – Perform Grubbs' Test – If there is an outlier, remove the most extreme value • i.e., the farthest away from the mean – repeat until no more outliers are detected 03/04/19 Heiko Paulheim 21

  22. Grubbs' Test • Example: given eight mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 22

  23. Grubbs' Test • Example: given eight mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 • Calculating G: G = max ∣ X − X ∣ = 39.14 15.85 = 2.47 s • Calculating the critical G: √ N √ 2 t 2 G >( N − 1 ) = 7 √ 8 √ 3.71 ( α / N ,N − 2 ) 2 = 2.07 2 N − 2 + t 6 + 3.71 ( α / N , N − 2 ) Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 23

  24. Grubbs' Test • Example: seven remaining mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 • Calculating G: G = max ∣ X − X ∣ = 1.53 1.2 = 1.28 s • Calculating the critical G: √ N √ 2 t 2 G >( N − 1 ) = 6 √ 7 √ 3.49 ( α / N ,N − 2 ) 2 = 1.91 2 N − 2 + t 5 + 3.49 ( α / N , N − 2 ) Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 24

  25. Fitting Elliptic Curves • Multi-dimensional datasets – can be seen as following a normal distribution on each dimension – the intervals in one-dimensional cases become elliptic curves 03/04/19 Heiko Paulheim 25

  26. Limitations of Statistical Approaches • Most of the tests are for a single attribute (called: univariate ) • For high dimensional data, it may be difficult to estimate the true distribution • In many cases, the data distribution may not be known – e.g., Grubbs' Test: expects Gaussian distribution 03/04/19 Heiko Paulheim 26

  27. Examples for Distributions • Normal (gaussian) distribution – e.g., people's height http://www.usablestats.com/images/men_women_height_histogram.jpg 03/04/19 Heiko Paulheim 27

  28. Examples for Distributions • Power law distribution – e.g., city population http://www.jmc2007compendium.com/V2-ATAPE-P-12.php 03/04/19 Heiko Paulheim 28

  29. Examples for Distributions • Pareto distribution – e.g., wealth http://www.ncpa.org/pub/st289?pg=3 03/04/19 Heiko Paulheim 29

  30. Examples for Distributions • Uniform distribution – e.g., distribution of web server requests across an hour http://www.brighton-webs.co.uk/distributions/uniformc.aspx 03/04/19 Heiko Paulheim 30

  31. Outliers vs. Extreme Values • So far, we have looked at extreme values only – But outliers can occur as non-extremes – In that case, methods like Grubbs' test or IQR fail -1.5 -1 -0.5 0 0.5 1 1.5 03/04/19 Heiko Paulheim 31

  32. Outliers vs. Extreme Values • IQR on the example below: – Q2 (Median) is 0 – Q1 is -1, Q3 is 1 → everything outside [-1.5,+1.5] is an outlier → there are no outliers in this example -1.5 -1 -0.5 0 0.5 1 1.5 03/04/19 Heiko Paulheim 32

  33. Time for a Short Break http://xkcd.com/539/ 03/04/19 Heiko Paulheim 33

  34. Distance-based Approaches  Data is represented as a vector of features  Various approaches – Nearest-neighbor based – Density based – Clustering based – Model based 03/04/19 Heiko Paulheim 34

Recommend

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1 Anomaly/ Outlier Detection What are anomalies/outliers?

470 views • 32 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center Arindam Banerjee, Varun Chandola, Vipin Kumar, Jaideep Srivastava University of Minnesota Tutorial at the European Conference on Principles and

1.2k views • 116 slides
Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili l@ t d Data Mining Tasks Data Mining Tasks 2 Data Tid Tid Refund Refund Marital Marital Taxable Taxable Cheat Status Income

775 views • 39 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a] Unsupervised Learning Anomaly Detection Overview Frequent itemset and association rule mining Other itemset extensions Clustering Anomaly detection 2

1.01k views • 85 slides
Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi (RIKEN AIP) 8 November 2019 Workshop on Learning and Mining with Industrial Data, Beijing Preprint available at arxiv.org/abs/1909.03495 Background:

585 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018 Networks are ubiquitous! - - - Terrorist Network Food Web Internet Map [Krebs 2002] [2007] [Koren 2009] Social Network Protein Network

1.09k views • 53 slides
Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning Qiu (UT Dallas) Teruhisa Misu (Honda Research Inst.) Carlos Busso (UT Dallas) Motivation Goal: Categorization of driving data for future driver

443 views • 22 slides
Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data? Clustering Anomaly (outlier) detection Forecasting What are the problems with time series data? Noise Concept-drift (trend-shift

122 views • 11 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU Leuven - Department of Computer Science In cooperation with CERN 2018-07-27 0 Outline 1 Context 2 Data 3 Preprocessing 4 Anomaly Detection 5

792 views • 51 slides
Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline

Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline

Outline Related Data Mining Background Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline Typical Dataset in Data Mining Related Data Mining Background Dataset consists of records.

433 views • 8 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Anomaly Detection in Computer Networks Carolina Fortuna, Bla Fortuna, Mihael Mohoric Outline

Anomaly Detection in Computer Networks Carolina Fortuna, Bla Fortuna, Mihael Mohoric Outline

Anomaly Detection in Computer Networks Carolina Fortuna, Bla Fortuna, Mihael Mohoric Outline Intrusion Detection Evaluation Criteria Scenarios Data Acquisition Results Datasets Conclusions Related Work Data

500 views • 29 slides
STAD-HD: Spatial Temporal Anomaly Detection for Heterogeneous Data through Visual Analytics

STAD-HD: Spatial Temporal Anomaly Detection for Heterogeneous Data through Visual Analytics

STAD-HD: Spatial Temporal Anomaly Detection for Heterogeneous Data through Visual Analytics Solution for 2016 VAST Challenge MC2 & MC3 Yu Zhang 1 , Guozheng Li 1 , Chufan Lai 1 , Qiangqiang Liu 1 , Shuai Chen 1 , Lu Feng 1 , Tangzhi Ye 1 ,

430 views • 29 slides
Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin I., Taraban I. IPI RAN

Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin I., Taraban I. IPI RAN

RCDL 2014 Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin I., Taraban I. IPI RAN Outline Introduction Motivation Methods taxonomy Metric Data Oriented Methods Distance-based Data Methods

714 views • 34 slides

More recommend