anomalies in data
play

Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, - PowerPoint PPT Presentation

Nov 08, 2023 •545 likes •1.39k views

www.tugraz.at Anomalies in Data SCIENCE PASSION TECHNOLOGY Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center > www.tugraz.at 1 KDDM2 www.tugraz.at Anomalies in Data Recall from earlier Maximilian Toller,

  1. www.tugraz.at Anomalies in Data SCIENCE PASSION TECHNOLOGY Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center > www.tugraz.at 1 KDDM2

  2. www.tugraz.at Anomalies in Data Recall from earlier Maximilian Toller, Know-Center 2 KDDM2

  3. www.tugraz.at What are Outliers ? A recap from KDDM1 Maximilian Toller, Know-Center 3 KDDM2

  4. www.tugraz.at What are Outliers ? Definitions An observation that appears to deviate markedly from other members of the sample in which it occurs . (Grubbs, 1969) An observation (or subset of observations) which appears to be inconsistent with the remainder of that set of data. (Barnett and Lewis, 1974) An observation, which deviates so much from other observations as to arouse suspicions that it was generated by a different mechanism . (Hawkins, 1980) Maximilian Toller, Know-Center 4 KDDM2

  5. www.tugraz.at What are Outliers ? Examples (easy) 8 6 Inliers 4 2 Outliers Y 0 (Grubb, Barnett) −2 −4 Outliers −6 (Grubb, Barnett, −8 −6 −4 −2 0 2 4 6 X Hawkins) Maximilian Toller, Know-Center 5 KDDM2

  6. www.tugraz.at What are Outliers ? Examples (more difficult) 1.0 0.8 0.6 y 0.4 0.2 0.0 0.0 0.2 0.4 0.6 0.8 x Maximilian Toller, Know-Center 6 KDDM2

  7. www.tugraz.at What are Outliers ? Examples (more difficult) 1.0 110 0.8 100 0.6 90 y y 0.4 80 0.2 70 0.0 0.0 0.2 0.4 0.6 0.8 0 20 40 60 80 x x Maximilian Toller, Know-Center 6 KDDM2

  8. www.tugraz.at What are Outliers ? Examples (more difficult) 1000 800 y 600 400 200 −50 0 50 100 150 x Maximilian Toller, Know-Center 7 KDDM2

  9. www.tugraz.at What are Outliers ? Examples (more difficult) 1.0 1000 0.8 800 0.6 y 600 y 0.4 400 0.2 200 0.0 −50 0 50 100 150 0.3 0.4 0.5 0.6 x x Maximilian Toller, Know-Center 7 KDDM2

  10. www.tugraz.at What are Outliers ? Methods: Preview There are many outlier detection methods: Local outlier factor Angle-based outlier degree Artificial neural networks . . . Why are there so many? Maximilian Toller, Know-Center 8 KDDM2

  11. www.tugraz.at What are Anomalies ? Maximilian Toller, Know-Center 9 KDDM2

  12. www.tugraz.at What are Anomalies ? Difference from Outliers In literature, outlier and anomaly are used interchangeably For both, only vague definitions exist that are very similar However, the terms have different origins and different typical use: Outliers typically. . . Anomalies typically. . . . . . are motivated by statistics. . . . require context. . . . are unusual data. . . . are abnormal events. . . . are investigated by traditional . . . are investigated by data analysts researches and statisticians. and data scientists. Maximilian Toller, Know-Center 10 KDDM2

  13. www.tugraz.at What are Anomalies ? Example: Credit card fraud Billions of dollars lost every year Fraudulent transactions often significantly different Difficult to disguise fraud s.t. it is not visible on any scale Maximilian Toller, Know-Center 11 KDDM2

  14. www.tugraz.at What are Anomalies ? Example: Cancer One of the most common causes of human death Disease with abnormal cell growth Cancer has abnormal gene expression signature Maximilian Toller, Know-Center (Quinn et al., 2019) 12 KDDM2

  15. www.tugraz.at What are Anomalies ? The role of context Abnormality is context-dependent Discordant data problem (credit card fraud example) Many normal observations Rare outlying data Anomaly class problem (cancer example) Normal data class Anomaly classes Can data define abnormality? Maximilian Toller, Know-Center 13 KDDM2

  16. www.tugraz.at Unlikely, Discordant and Contaminated Data How to interpret suspicious data Maximilian Toller, Know-Center 14 KDDM2

  17. www.tugraz.at Unlikely, Discordant and Contaminated Data The Case of Hadlum vs Hadlum Mr Hadlum accuses Mrs Hadlum of adultery Sole evidence: Birth of child 349 days after Mr Hadlum left the country Average human gestation period: 280 days Maximilian Toller, Know-Center 15 KDDM2 (Barnett and Lewis, 1974)

  18. www.tugraz.at Unlikely, Discordant and Contaminated Data The Case of Hadlum vs Hadlum Mr Hadlum conjectured different distribution (red) Judges did not find Mrs Hadlum guilty, since 349 days unlikely, but not impossible (blue) (Modern research showed that more than 340 days is impossible) Maximilian Toller, Know-Center (Zimek and Filzmoser, 2018) 16 KDDM2

  19. www.tugraz.at Unlikely, Discordant and Contaminated Data The Antarctic Ozone Hole Ozone layer protects Earth from solar radiation Damaged by human emissions of chlorofuorocarbons High depletion (hole) above poles https://de.wikipedia.org/wiki/Datei:Ozone_layer.jpg Maximilian Toller, Know-Center 17 KDDM2

  20. www.tugraz.at Unlikely, Discordant and Contaminated Data The (Ant)Arctic Ozone Hole Farman et al. (1985) discover hole in field study Authors hesitant to publish Nimbus satellite data showed no drop Problem: Largely deviating values discarded as NASA/JPL-Caltech measurement errors Maximilian Toller, Know-Center 18 KDDM2

  21. www.tugraz.at Unlikely, Discordant and Contaminated Data Definition Unlikely data Discordant data Contamination Position of judges Position of Mr "Wrong day of Hadlum birth?” "Random drop of ozone not caused Ozone field study by Satellite by humans" Farman et al. (1985) measurement error Data unlikely but still Data too unlikely to Data incorrect or normal be normal misleading No correction Correction of model Correction of data Action: none Action: investigate Action: remove Maximilian Toller, Know-Center 19 KDDM2

  22. www.tugraz.at Unlikely, Discordant and Contaminated Data Implications It is hard to classify data as unlikely , discordant or contaminated No universal decision criterion Domain knowledge as remedy Ultimately subjective Maximilian Toller, Know-Center 20 KDDM2

  23. www.tugraz.at Unlikely, Discordant and Contaminated Data Strategies 1. Try to ignore anomalies (Not interesting) 2. Find anomalies for investigation or removal (Interesting) Maximilian Toller, Know-Center 21 KDDM2

  24. www.tugraz.at Robust Statistics Data Analysis in Presence of Anomalies Maximilian Toller, Know-Center 22 KDDM2

  25. www.tugraz.at Robust Statistics Introduction I Setting Potentially contaminated dataset Majority uncontaminated Cannot find or remove contamination, e.g. inserted by attacker Task: Analyze data in spite of contamination, understand what is normal Maximilian Toller, Know-Center 23 KDDM2

  26. www.tugraz.at Robust Statistics Introduction II Challenges No prior information about data Contamination may be arbitrarily “bad” (adversarial) Question: Which methods are suitable? Maximilian Toller, Know-Center 24 KDDM2

  27. www.tugraz.at Robust Statistics Example: Mean and variance Two common estimators � n x = 1 Sample mean ¯ j = 1 x j n � n 1 σ 2 j = 1 ( x j − ¯ x ) 2 Sample variance ˆ x = n − 1 Mean and variance are influenced by contamination σ 2 Original x = [ 1 , 3 , 2 , 1 , 9 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] x ≈ 2 . 58 ¯ x ≈ 4 . 63 ˆ ¯ σ 2 Clean y = [ 1 , 3 , 2 , 1 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] y = 2 y = 0 . 6 ˆ Maximilian Toller, Know-Center 25 KDDM2

  28. www.tugraz.at Robust Statistics Example: Mean and variance What happens when attacker corrupts data unfavorably? Maximilian Toller, Know-Center 26 KDDM2

  29. www.tugraz.at Robust Statistics Example: Mean and variance What happens when attacker corrupts data unfavorably? Attack #1 a 1 = [ 1 , 3 , 2 , 1 , 900 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 1 ≈ 76 . 83 ˆ a 1 ≈ 67200 . 88 Maximilian Toller, Know-Center 26 KDDM2

  30. www.tugraz.at Robust Statistics Example: Mean and variance What happens when attacker corrupts data unfavorably? Attack #1 a 1 = [ 1 , 3 , 2 , 1 , 900 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 1 ≈ 76 . 83 ˆ a 1 ≈ 67200 . 88 Attack #2 a 2 = [ 1 , 3 , 2 , 1 , 900000000 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] a 2 ≈ 7 . 5 × 10 7 ¯ σ 2 a 2 ≈ 6 . 75 × 10 16 ˆ Maximilian Toller, Know-Center 26 KDDM2

  31. www.tugraz.at Robust Statistics Example: Mean and variance What happens when attacker corrupts data unfavorably? Attack #1 a 1 = [ 1 , 3 , 2 , 1 , 900 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 1 ≈ 76 . 83 ˆ a 1 ≈ 67200 . 88 Attack #2 a 2 = [ 1 , 3 , 2 , 1 , 900000000 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] a 2 ≈ 7 . 5 × 10 7 ¯ σ 2 a 2 ≈ 6 . 75 × 10 16 ˆ Attack #3 a 3 = [ 1 , 3 , 2 , 1 , ∞ , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 3 = ∞ ˆ a 3 = ∞ Maximilian Toller, Know-Center 26 KDDM2

  32. www.tugraz.at Robust Statistics Example: Mean and variance What happens when attacker corrupts data unfavorably? Attack #1 a 1 = [ 1 , 3 , 2 , 1 , 900 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 1 ≈ 76 . 83 ˆ a 1 ≈ 67200 . 88 Attack #2 a 2 = [ 1 , 3 , 2 , 1 , 900000000 , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] a 2 ≈ 7 . 5 × 10 7 ¯ σ 2 a 2 ≈ 6 . 75 × 10 16 ˆ Attack #3 a 3 = [ 1 , 3 , 2 , 1 , ∞ , 2 , 3 , 2 , 3 , 2 , 2 , 1 ] σ 2 ¯ a 3 = ∞ ˆ a 3 = ∞ → Mean and variance are not robust . Maximilian Toller, Know-Center 26 KDDM2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies .

Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies .

Motivation Both human- and computer-generated programs sometimes contain data-flow anomalies . These anomalies result in the program being worse, in some sense, than it was intended to be. Data-flow analysis is useful in locating, and sometimes

409 views • 40 slides
Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? How can we make programs more

Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? How can we make programs more

Mining Anomalies Andrzej Wasylkowski 1 Why Mine Anomalies? How can we make programs more reliable? Testing, code inspection, etc. Mining anomalies, etc. In general: automatic defect detection 2 Overview Automatic Defect

446 views • 19 slides
Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li,

Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li,

Mining Approximate Top-K Subspace Anomalies in Multi-Dimensional Time-Series Data Xiaolei Li, Jiawei Han University of Illinois at Urbana-Champaign VLDB 2007 1 Time Series Data Many applications produce time series data Intel stock 2

888 views • 60 slides
b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments

b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments

b s b c anomalies anomalies Found by LHCb (and perhaps Found by several experiments hinted by Belle) (LHCb, BaBar and Belle) Many observables: global pattern Two observables: R(D) and R(D*) Neutral current Charged current 1-loop

342 views • 19 slides
Griffon: Reasoning about Job Anomalies with Unlabeled Data in Cloud-based Platforms Liqun Shao,

Griffon: Reasoning about Job Anomalies with Unlabeled Data in Cloud-based Platforms Liqun Shao,

Griffon: Reasoning about Job Anomalies with Unlabeled Data in Cloud-based Platforms Liqun Shao, Yiwen Zhu , Siqi Liu*, Abhiram Eswaran, Kristin Lieber, Janhavi Mahajan, Minsoo Thigpen, Sudhir Darbha, Subru Krishnan, Soundar Srinivasan, Carlo

560 views • 29 slides
Is this normal? Finding anomalies in real-time data. Who am I? Im Theo (@postwait on Twitter)

Is this normal? Finding anomalies in real-time data. Who am I? Im Theo (@postwait on Twitter)

Is this normal? Finding anomalies in real-time data. Who am I? Im Theo (@postwait on Twitter) I write a lot of code 50+ open source projects several commercial code bases I wrote Scalable Internet Architectures I sit on the ACM

327 views • 18 slides
What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same risk-adjusted returns. Lecture 2: Anomalies and Market o Therefore, observable stock characteristics such as size, PE ratio, or price-book value

248 views • 9 slides
Geomagnetic Activity and GPS Anomalies at High Latitudes Adam Jacobs Mentor: Rob Steenburgh

Geomagnetic Activity and GPS Anomalies at High Latitudes Adam Jacobs Mentor: Rob Steenburgh

Geomagnetic Activity and GPS Anomalies at High Latitudes Adam Jacobs Mentor: Rob Steenburgh NOAA SWPC OUTLINE Motivation Motivation Background Data Details Alaskas citizens use GPS for many daily activities Data Processing

289 views • 26 slides
A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel

A Big Data Architecture for the Detection of Anomalies within Database Connection Logs Swapneel Mehta, Prasanth Kothuri, Daniel Lanza Garcia European Organisation for Nuclear Research Meyrin, Geneva {swapneel.sundeep.mehta, prasanth.kothuri,

253 views • 6 slides
15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter

15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter

15-388/688 - Practical Data Science: Anomaly detection and mixture of Gaussians J. Zico Kolter Carnegie Mellon University Spring 2018 1 Outline Anomalies and outliers Multivariate Gaussian Mixture of Gaussians 2 Outline Anomalies and

511 views • 34 slides
Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua Kamal Ahmat Verizon City University of New York Introduction Firewalls Types of Anomalies Related

380 views • 21 slides
Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman

Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman

Accounting for the Anomaly Zoo: a Trading Cost Perspective DISCUSSANT Ingrid Tierens, Goldman Sachs ANOMALIES: FACT OR FICTION? Decades of empirical finance research papers suggest anomalies exist However, Data mining Post

489 views • 12 slides
Flavour anomalies at the LHC M. Nardecchia INFN & Sapienza University of Rome 30 May 2019,

Flavour anomalies at the LHC M. Nardecchia INFN & Sapienza University of Rome 30 May 2019,

Flavour anomalies at the LHC M. Nardecchia INFN & Sapienza University of Rome 30 May 2019, ICTP , Trieste Flavour Anomalies b s b c (LHCb from 2013) Babar+Belle+LHCb from 2012 1) Angular observables in B K +

702 views • 48 slides
Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on 1609.06562 (Ann. H. Poincar e) [joint work with A. Schenkel] LQP 41, G ottingen, February 2018 Global anomalies in the path integral Chiral SU p 2

375 views • 11 slides
Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic

Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic

Detection of electromagnetic anomalies Detection of electromagnetic anomalies before volcanic eruptions by before volcanic eruptions by DEMETER micro- -satellite satellite DEMETER micro J. Zlotnicki 1 , F. Li 1 , M. Parrot 2 1: CNRS

407 views • 27 slides
Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey

Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey

Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey Ustyuzhanin HEP/ML Group, Yandex School of Data Analysis, National Research University High School of Economics with incredible help from CMS

401 views • 21 slides
Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik,

Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik,

bla Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik, Potsdam (Albert Einstein Institut) Work based on: K. Meissner and H.N.: arXiv:1607.07312 H. Godazgar, K. Meissner and H.N.: in progress Executive

422 views • 13 slides
Anomalies of the Entanglement Entropy in Chiral Theories Nabil

Anomalies of the Entanglement Entropy in Chiral Theories Nabil

Anomalies of the Entanglement Entropy in Chiral Theories Nabil Iqbal University of Amsterdam 1509.04325 with Aron Wall 1405.2792 with Alejandra Castro, Stephane

579 views • 34 slides
Q406 FINANCIAL RESULTS Investor Community Conference Call KAREN MAIDMENT Chief Financial and

Q406 FINANCIAL RESULTS Investor Community Conference Call KAREN MAIDMENT Chief Financial and

Q406 FINANCIAL RESULTS Investor Community Conference Call KAREN MAIDMENT Chief Financial and Administrative Officer November 28 06 FORWARD-LOOKING STATEMENTS CAUTION REGARDING FORWARD-LOOKING STATEMENTS Bank of Montreals public

635 views • 34 slides
in Latin America in the 2000s Guillermo Cruces Gary S. Fields CEDLAS-FCE-UNLP, CONICET and IZA

in Latin America in the 2000s Guillermo Cruces Gary S. Fields CEDLAS-FCE-UNLP, CONICET and IZA

The Growth-Employment-Poverty Nexus in Latin America in the 2000s Guillermo Cruces Gary S. Fields CEDLAS-FCE-UNLP, CONICET and IZA Cornell University, IZA and WIDER David Jaume Mariana Viollaz Cornell University and CEDLAS-FCE-

856 views • 74 slides
Prt rss t

Prt rss t

trt sr rt Prt rss t sts t Prt rss

953 views • 68 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting

Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting

OTS Technical Advisory Committee Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting Objective The Technical Advisory Committee meeting is intended to provide updates from OTS, and get feedback and

409 views • 20 slides
Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th

Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th

Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th June 2011 Website : www.polyplexthailand.com Contents BOPET Film Industry Polyplex group Polyplex Competitive Strength PTL :

651 views • 42 slides

More recommend