methods for anomaly detection a survey
play

Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin - PowerPoint PPT Presentation

Feb 18, 2023 •357 likes •714 views

RCDL 2014 Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin I., Taraban I. IPI RAN Outline Introduction Motivation Methods taxonomy Metric Data Oriented Methods Distance-based Data Methods

  1. RCDL 2014 Methods for Anomaly Detection: a Survey Kalinichenko L.A., Shanin I., Taraban I. IPI RAN

  2. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  3. Popular anomaly detection applications • Credit Card (and Mobile Phone) Fraud Detection • Suspicious Web Site Detection • Whole-Genome DNA Matching • ECG-Signal Filtering • Suspicious transaction detection • Analysis of Digital Sky Surveys • Social Network Analysis RCDL-2014

  4. Introduction Anomaly Detection • Finding data objects that have suspicious origin. Purposes: 1. Data filtering 2. Finding rare events 3. Finding surprise data patterns RCDL-2014

  5. Motivation Sometimes data has unobvious form RCDL-2014

  6. Motivation • Sometimes anomalies are difficult to interpret RCDL-2014

  7. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  8. Data forms • Definition of the outlier depends on the specific problem and its data representation. The most popular data forms are: • Metric Data (data as objects in a feature space) • Evolving Data (time series and sequences) • Text-based Data (i.e. poll answers) • Graph-based Data (social networks) RCDL-2014

  9. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  10. Metric Data Oriented Methods • Data is a set of objects in the “feature” space There are three main groups of methods • Distance-based and density-based methods (with no additional assumptions) • Methods that assume that the data has a certain probabilistic distribution • Methods that assume that the “feature” space has highly correlated dimensions . RCDL-2014

  11. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  12. Distance-based Data Oriented Methods • Data is represented as a set of objects in a «feature» space with a natural Euclidian metric. • The anomaly can be defined as a data object in this space, that is located far enough from other objects. • If no other assumptions on the data are given, there are two main approaches to detect the anomaly: • k-Nearest-Neighbor based methods • Clustering based methods RCDL-2014

  13. Clustering-based methods • The purpose is to form large clusters of data object that would define «normal» data. • The most popular methods are • k-means • EM-algorithm • Self-organizing map RCDL-2014

  14. K-Nearest Neighbors • These methods use a set of distances from a given object to it’s k closest neighbors. • Assumption: the anomaly object has much larger distances than normal data points. • There are many version of kNN algorithm that consider density of the nighborhood: • kNN with Local Outlier Factor (LOF) • kNN with Local Correlation Integral (LOCI) • kNN-DD (using Kolmogorov-Smirnov test) • etc… RCDL-2014

  15. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  16. Probabilistically distributed data • The data has a natural probabilistic distribution The main approaches: • Extreme value analysis (Markov, Chebychev, Hoeffding inequalities, t-value test, etc...) • Probabilistic distribution estimation (Bayesian methods) • Probabilistic mixture modeling (EM-algorithm) RCDL-2014

  17. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  18. Correlated dimensions data methods • Different dimensions are highly correlated with one another, linear data models can be used • Main assumption: the data is embedded in a lower dimensional subspace. Main approach: • Linear regression modeling • Principal component analysis RCDL-2014

  19. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  20. Evolving Data Oriented Methods • Data is generated by a continuous or discreet temporal process. So there are two main groups of methods: • Discrete sequences oriented methods • Example: Genome sequence analysis • Example: User-action sequence analysis • Time Series oriented methods • Example: Detecting novel events in social media • The data can be presented in a multidimensional form (such as datastreams) RCDL-2014

  21. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  22. Discrete Sequence Oriented Methods • There are several ways to determine an anomaly in discrete sequence: • as a position anomaly (single value is anomaly) • as a combination anomaly (whole sequence is anomaly) • Main approaches to determine a rarity of a value or a combination: • Distance-based • analysis of the pair-wise distance matrix • Frequency-based • Model-based (Hidden Markov Models) RCDL-2014

  23. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

  24. Time Series Oriented Methods • There are several ways to determine an anomaly in time series: • abrupt change in time series • unexpected trend in time series • time series of unusual shape • Main approaches are: • correlation across time or series • time series representation • HMM (Hidden Markov Model) • ARMA (Autoregression Model) • Wavelets • Spectral RCDL-2014

  25. Outline • Introduction • Motivation • Methods taxonomy • Metric Data Oriented Methods • Distance-based Data Methods • Probabilistically Distributed Data Methods • Data with Correlated Features Methods • Evolving Data Oriented Data • Discrete Sequences Data • Time Series • Graph-based Data Oriented Methods • Methods for many small graphs analysis • Methods for large single graph analysis • Text-based Data Oriented Methods • Future work RCDL-2014

Recommend

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
Signal Processing Methods for Network Single Time Series Methods Anomaly Detection

Signal Processing Methods for Network Single Time Series Methods Anomaly Detection

Outline Introduction and Background Signal Processing Methods for Network Single Time Series Methods Anomaly Detection Spectral Analysis Lingsong Zhang Wavelet Analysis Department of Statistics and Operations

424 views • 18 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Change-point methods for anomaly detection in fibrous media joint work with E. Spodarev, C. Re-

Change-point methods for anomaly detection in fibrous media joint work with E. Spodarev, C. Re-

Change-point methods for anomaly detection in fibrous media joint work with E. Spodarev, C. Re- denbach, D. Dresvyanskiy, T. Karaseva Vitalii Makogin | 10.10.2019 | Institute of Stochastics, Ulm University and S. Mitrofanov Seite 2 Problem

451 views • 19 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Exploring Deep Anomaly Detection Methods Based on Capsule Net Xiaoyan Li, Iluju Kiringa, Tet

Exploring Deep Anomaly Detection Methods Based on Capsule Net Xiaoyan Li, Iluju Kiringa, Tet

Exploring Deep Anomaly Detection Methods Based on Capsule Net Xiaoyan Li, Iluju Kiringa, Tet Yeap, Xiaodan Zhu, Yifeng Li Electrical Engineering & Computer Science University of Ottawa xli343@uottawa.ca May 5, 2020 Xiaoyan Li, Iluju

604 views • 26 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research

Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research

Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research Question User-agents Scoring host anomalies Verification Conclusion Anomaly Detection on User-agents 2 Introduction Methods

574 views • 16 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

Introduction Feature Extraction Entropy Calculation Anomaly detection Classification Open Issues On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015

690 views • 24 slides
ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand annual report readability Examine the

1.12k views • 85 slides
An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate April 25, 2010 The 3rd CAIDA-WIDE-CASFI Joint Measurement Workshop @Osaka 1 2010 4 25 Background Anomaly Detection:

331 views • 20 slides
Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection CAMCOS 2009 Introduction ADAPT Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM Algorithm Kalman Filter Maja Derek, Kate Isaacs, Duncan McElfresh, Jennifer Alarm Murguia,

1.4k views • 96 slides
ACCT 420: Topic modeling and anomaly detection Session 9 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 9 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 9 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand the distribution of readability Examine

1.31k views • 82 slides
Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU Leuven - Department of Computer Science In cooperation with CERN 2018-07-27 0 Outline 1 Context 2 Data 3 Preprocessing 4 Anomaly Detection 5

792 views • 51 slides
An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar,

An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar,

An Empirical Evaluation of Entropy- based Traffic Anomaly Detection George Nychis, Vyas Sekar, David Andersen, Hyong Kim, Hui Zhang Carnegie Mellon University Entropy-based Anomaly Detection Goal: detect abnormal behavior scan activity,

447 views • 34 slides
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes from known threats

476 views • 26 slides

More recommend