anomaly detection lecture notes for chapter 9
play

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data - PowerPoint PPT Presentation

Aug 26, 2022 •134 likes •470 views

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1 Anomaly/ Outlier Detection What are anomalies/outliers?

  1. Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1

  2. Anomaly/ Outlier Detection  What are anomalies/outliers? – The set of data points that are considerably different than the remainder of the data  Natural implication is that anomalies are relatively rare – One in a thousand occurs often if you have lots of data – Context is important, e.g., freezing temps in July  Can be important or a nuisance – 10 foot tall 2 year old – Unusually high blood pressure 4/14/2019 Introduction to Data Mining, 2nd Edition 2

  3. I mportance of Anomaly Detection Ozone Depletion History In 1985 three researchers (Farman,  Gardinar and Shanklin) were puzzled by data gathered by the British Antarctic Survey showing that ozone levels for Antarctica had dropped 10% below normal levels Why did the Nimbus 7 satellite,  which had instruments aboard for recording ozone levels, not record similarly low ozone concentrations? The ozone concentrations recorded  by the satellite were so low they were being treated as outliers by a Sources: computer program and discarded! http://exploringdata.cqu.edu.au/ozone.html http://www.epa.gov/ozone/science/hole/size.html 4/14/2019 Introduction to Data Mining, 2nd Edition 3

  4. Causes of Anomalies  Data from different classes – Measuring the weights of oranges, but a few grapefruit are mixed in  Natural variation – Unusually tall people  Data errors – 200 pound 2 year old 4/14/2019 Introduction to Data Mining, 2nd Edition 4

  5. Distinction Between Noise and Anomalies  Noise is erroneous, perhaps random, values or contaminating objects – Weight recorded incorrectly – Grapefruit mixed in with the oranges  Noise doesn’t necessarily produce unusual values or objects  Noise is not interesting  Anomalies may be interesting if they are not a result of noise  Noise and anomalies are related but distinct concepts 4/14/2019 Introduction to Data Mining, 2nd Edition 5

  6. General I ssues: Number of Attributes  Many anomalies are defined in terms of a single attribute – Height – Shape – Color  Can be hard to find an anomaly using all attributes – Noisy or irrelevant attributes – Object is only anomalous with respect to some attributes  However, an object may not be anomalous in any one attribute 4/14/2019 Introduction to Data Mining, 2nd Edition 6

  7. General I ssues: Anomaly Scoring  Many anomaly detection techniques provide only a binary categorization – An object is an anomaly or it isn’t – This is especially true of classification-based approaches  Other approaches assign a score to all points – This score measures the degree to which an object is an anomaly – This allows objects to be ranked  In the end, you often need a binary decision – Should this credit card transaction be flagged? – Still useful to have a score  How many anomalies are there? 4/14/2019 Introduction to Data Mining, 2nd Edition 7

  8. Other I ssues for Anomaly Detection  Find all anomalies at once or one at a time – Swamping – Masking  Evaluation – How do you measure performance? – Supervised vs. unsupervised situations  Efficiency  Context – Professional basketball team 4/14/2019 Introduction to Data Mining, 2nd Edition 8

  9. Variants of Anomaly Detection Problems  Given a data set D, find all data points x ∈ D with anomaly scores greater than some threshold t  Given a data set D, find all data points x ∈ D having the top-n largest anomaly scores  Given a data set D, containing mostly normal (but unlabeled) data points, and a test point x , compute the anomaly score of x with respect to D 4/14/2019 Introduction to Data Mining, 2nd Edition 9

  10. Model-Based Anomaly Detection  Build a model for the data and see – Unsupervised  Anomalies are those points that don’t fit well  Anomalies are those points that distort the model  Examples: – Statistical distribution – Clusters – Regression – Geometric – Graph – Supervised  Anomalies are regarded as a rare class  Need to have training data 4/14/2019 Introduction to Data Mining, 2nd Edition 10

  11. Additional Anomaly Detection Techniques  Proximity-based – Anomalies are points far away from other points – Can detect this graphically in some cases  Density-based – Low density points are outliers  Pattern matching – Create profiles or templates of atypical but important events or objects – Algorithms to detect these patterns are usually simple and efficient 4/14/2019 Introduction to Data Mining, 2nd Edition 11

  12. Visual Approaches  Boxplots or scatter plots  Limitations – Not automatic – Subjective 4/14/2019 Introduction to Data Mining, 2nd Edition 12

  13. Statistical Approaches Probabilistic definition of an outlier: An outlier is an object that has a low probability with respect to a probability distribution model of the data.  Usually assume a parametric model describing the distribution of the data (e.g., normal distribution)  Apply a statistical test that depends on – Data distribution – Parameters of distribution (e.g., mean, variance) – Number of expected outliers (confidence limit)  Issues – Identifying the distribution of a data set  Heavy tailed distribution – Number of attributes – Is the data a mixture of distributions? 4/14/2019 Introduction to Data Mining, 2nd Edition 13

  14. Normal Distributions One-dimensional Gaussian 8 7 0.1 6 0.09 5 0.08 4 0.07 Two-dimensional 3 0.06 2 Gaussian 0.05 y 1 0.04 0 0.03 -1 -2 0.02 -3 0.01 -4 probability -5 density -4 -3 -2 -1 0 1 2 3 4 5 x 4/14/2019 Introduction to Data Mining, 2nd Edition 14

  15. Statistical-based – Likelihood Approach  Assume the data set D contains samples from a mixture of two probability distributions: – M (majority distribution) – A (anomalous distribution)  General Approach: – Initially, assume all the data points belong to M – Let L t (D) be the log likelihood of D at time t – For each point x t that belongs to M, move it to A  Let L t+1 (D) be the new log likelihood.  Compute the difference, ∆ = L t (D) – L t+1 (D)  If ∆ > c (some threshold), then x t is declared as an anomaly and moved permanently from M to A 4/14/2019 Introduction to Data Mining, 2nd Edition 15

  16. Statistical-based – Likelihood Approach  Data distribution, D = (1 – λ ) M + λ A  M is a probability distribution estimated from data – Can be based on any modeling method (naïve Bayes, maximum entropy, etc)  A is initially assumed to be uniform distribution  Likelihood at time t:     N ∏ ∏ ∏     = = − λ λ | | | | M A ( ) ( ) ( 1 ) ( ) ( ) L D P x P x P x t t     t D i M i A i  t   t  = ∈ ∈ 1 i x M x A i t i t ∑ ∑ = − λ + + λ + ( ) log( 1 ) log ( ) log log ( ) LL D M P x A P x t t M i t A i t t ∈ ∈ x M x A i t i t 4/14/2019 Introduction to Data Mining, 2nd Edition 16

  17. Strengths/ Weaknesses of Statistical Approaches  Firm mathematical foundation  Can be very efficient  Good results if distribution is known  In many cases, data distribution may not be known  For high dimensional data, it may be difficult to estimate the true distribution  Anomalies can distort the parameters of the distribution 4/14/2019 Introduction to Data Mining, 2nd Edition 17

  18. Distance-Based Approaches  Several different techniques  An object is an outlier if a specified fraction of the objects is more than a specified distance away (Knorr, Ng 1998) – Some statistical definitions are special cases of this  The outlier score of an object is the distance to its kth nearest neighbor 4/14/2019 Introduction to Data Mining, 2nd Edition 18

  19. One Nearest Neighbor - One Outlier D 2 1.8 1.6 1.4 1.2 1 0.8 0.6 0.4 Outlier Score 4/14/2019 Introduction to Data Mining, 2nd Edition 19

  20. One Nearest Neighbor - Two Outliers 0.55 D 0.5 0.45 0.4 0.35 0.3 0.25 0.2 0.15 0.1 0.05 Outlier Score 4/14/2019 Introduction to Data Mining, 2nd Edition 20

  21. Five Nearest Neighbors - Small Cluster 2 D 1.8 1.6 1.4 1.2 1 0.8 0.6 0.4 Outlier Score 4/14/2019 Introduction to Data Mining, 2nd Edition 21

  22. Five Nearest Neighbors - Differing Density D 1.8 1.6 1.4 1.2 1 0.8 0.6 0.4 0.2 Outlier Score 4/14/2019 Introduction to Data Mining, 2nd Edition 22

  23. Strengths/ Weaknesses of Distance-Based Approaches  Simple  Expensive – O(n 2 )  Sensitive to parameters  Sensitive to variations in density  Distance becomes less meaningful in high- dimensional space 4/14/2019 Introduction to Data Mining, 2nd Edition 23

  24. Density-Based Approaches  Density-based Outlier: The outlier score of an object is the inverse of the density around the object. – Can be defined in terms of the k nearest neighbors – One definition: Inverse of distance to kth neighbor – Another definition: Inverse of the average distance to k neighbors – DBSCAN definition  If there are regions of different density, this approach can have problems 4/14/2019 Introduction to Data Mining, 2nd Edition 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Lecture 10 Pulses Chapter 8 and 9 Detection of a Binary Signal Detection of a Binary Wave-

Lecture 10 Pulses Chapter 8 and 9 Detection of a Binary Signal Detection of a Binary Wave-

Lecture 10 Prior and Posterior Distribu- tions Methods of Coded Modulation Nyquist Lecture 10 Pulses Chapter 8 and 9 Detection of a Binary Signal Detection of a Binary Wave- Optics Signal 1 ECE243b Lightwave Communications -

617 views • 25 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

Introduction Feature Extraction Entropy Calculation Anomaly detection Classification Open Issues On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015

690 views • 24 slides
ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand annual report readability Examine the

1.12k views • 85 slides
An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate April 25, 2010 The 3rd CAIDA-WIDE-CASFI Joint Measurement Workshop @Osaka 1 2010 4 25 Background Anomaly Detection:

331 views • 20 slides
STATS 507 Data Analysis in Python Lecture 4: Dictionaries and Tuples Two more fundamental

STATS 507 Data Analysis in Python Lecture 4: Dictionaries and Tuples Two more fundamental

STATS 507 Data Analysis in Python Lecture 4: Dictionaries and Tuples Two more fundamental built-in data structures Dictionaries Python dictionaries generalize lists Allow indexing by arbitrary immutable objects rather than integers Fast

1.19k views • 82 slides
Introduction to Taxonomy : Tagging on the Open Road Ann Greazel John VanDyk Iowa State

Introduction to Taxonomy : Tagging on the Open Road Ann Greazel John VanDyk Iowa State

Introduction to Taxonomy : Tagging on the Open Road Ann Greazel John VanDyk Iowa State University Taxonomy : the categorization of content Ann Greazel John VanDyk beans carrots okra Tagging : associating content with keywords onions

699 views • 45 slides
grapefruit print("grapefruit") C. grapefruit else: - D. grapefruit lemon

grapefruit print("grapefruit") C. grapefruit else: - D. grapefruit lemon

DS 2001 CS Programming Practicum Fall 2020 Felix Muzny mins ! a few we'll start in Practicum 2: Conditionals, For Loops, etc x = 12 if x > 10: What is the output of the given code? print("orange") - xouihftexs # to

339 views • 17 slides
Description Logics Designing Knowledge Bases Enrico Franconi franconi@cs.man.ac.uk

Description Logics Designing Knowledge Bases Enrico Franconi franconi@cs.man.ac.uk

Description Logics Designing Knowledge Bases Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/34) The Royal Family . = Female Male . = Human

538 views • 34 slides
A FCA perspective on Rough Set Theory Bernhard Ganter & Christian Meschke Institut f ur

A FCA perspective on Rough Set Theory Bernhard Ganter & Christian Meschke Institut f ur

Functional and ordinal dependencies Rough Set Theory Generalisations A FCA perspective on Rough Set Theory Bernhard Ganter & Christian Meschke Institut f ur Algebra Technische Universit at Dresden October 20, 2010 Functional and

1.1k views • 74 slides
CSE 158 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms

CSE 158 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms

CSE 158 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms will be in class next Wednesday Well do prep on Monday, and come back to the rest of text mining in week 7 No class the Monday after

676 views • 56 slides
Black Holes Dark Dress The impact of local Dark Matter halos on the mergers of primordial black

Black Holes Dark Dress The impact of local Dark Matter halos on the mergers of primordial black

Black Holes Dark Dress The impact of local Dark Matter halos on the mergers of primordial black hole binaries Bradley J Kavanagh GRAPPA, University of Amsterdam 27th September 2018 DESY Theory Workshop b.j.kavanagh@uva.nl @BradleyKavanagh

1.11k views • 39 slides
Hearing the sirens of the early Universe: Primordial Black Holes & Gravitational Waves

Hearing the sirens of the early Universe: Primordial Black Holes & Gravitational Waves

Hearing the sirens of the early Universe: Primordial Black Holes & Gravitational Waves Bradley J Kavanagh GRAPPA, University of Amsterdam #GW4FP b.j.kavanagh@uva.nl 12 Nov 2019 @BradleyKavanagh github.com/bradkav Disclaimer This talk

625 views • 43 slides

More recommend