data mining ii anomaly detection
play

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection - PowerPoint PPT Presentation

Jan 14, 2023 •252 likes •984 views

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

  1. Data Mining II Anomaly Detection Heiko Paulheim

  2. Anomaly Detection • Also known as “Outlier Detection” • Automatically identify data points that are somehow different from the rest • Working assumption: – There are considerably more “normal” observations than “abnormal” observations (outliers/anomalies) in the data • Challenges – How many outliers are there in the data? – What do they look like? – Method is unsupervised • Validation can be quite challenging (just like for clustering) 03/04/19 Heiko Paulheim 2

  3. Recap: Errors in Data • Sources – malfunctioning sensors – errors in manual data processing (e.g., twisted digits) – storage/transmission errors – encoding problems, misinterpreted file formats – bugs in processing code – ... Image: http://www.flickr.com/photos/16854395@N05/3032208925/ 03/04/19 Heiko Paulheim 3

  4. Recap: Errors in Data • Simple remedy – remove data points outside a given interval • this requires some domain knowledge • Advanced remedies – automatically find suspicious data points 03/04/19 Heiko Paulheim 4

  5. Applications: Data Preprocessing • Data preprocessing – removing erroneous data – removing true, but useless deviations • Example: tracking people down using their GPS data – GPS values might be wrong – person may be on holidays in Hawaii • what would be the result of a kNN classifier? 03/04/19 Heiko Paulheim 5

  6. Applications: Credit Card Fraud Detection • Data: transactions for one customer – €15.10 Amazon – €12.30 Deutsche Bahn tickets, Mannheim central station – €18.28 Edeka Mannheim – $500.00 Cash withdrawal. Dubai Intl. Airport – €48.51 Gas station Heidelberg – €21.50 Book store Mannheim • Goal: identify unusual transactions – possible attributes: location, amount, currency, ... 03/04/19 Heiko Paulheim 6

  7. Applications: Hardware Failure Detection Thomas Weible: An Optic's Life (2010). 03/04/19 Heiko Paulheim 7

  8. Applications: Stock Monitoring • Stock market prediction • Computer trading http://blogs.reuters.com/reuters-investigates/2010/10/15/flash-crash-fallout/ 03/04/19 Heiko Paulheim 8

  9. Errors vs. Natural Outliers Ozone Depletion History In 1985 three researchers (Farman,  Gardinar and Shanklin) were puzzled by data gathered by the British Antarctic Survey showing that ozone levels for Antarctica had dropped 10% below normal levels Why did the Nimbus 7 satellite,  which had instruments aboard for recording ozone levels, not record similarly low ozone concentrations? The ozone concentrations recorded  by the satellite were so low they were being treated as outliers by a Sources: computer program and discarded! http://exploringdata.cqu.edu.au/ozone.html http://www.epa.gov/ozone/science/hole/size.html 03/04/19 Heiko Paulheim 9

  10. Anomaly Detection Schemes  General Steps – Build a profile of the “normal” behavior  Profile can be patterns or summary statistics for the overall population – Use the “normal” profile to detect anomalies  Anomalies are observations whose characteristics differ significantly from the normal profile  Types of anomaly detection schemes – Graphical & Statistical-based – Distance-based – Model-based 03/04/19 Heiko Paulheim 10

  11. Graphical Approaches  Boxplot (1-D), Scatter plot (2-D), Spin plot (3-D)  Limitations – Time consuming – Subjective 03/04/19 Heiko Paulheim 11

  12. Convex Hull Method  Extreme points are assumed to be outliers  Use convex hull method to detect extreme values  What if the outlier occurs in the middle of the data? 03/04/19 Heiko Paulheim 12

  13. Interpretation: What is an Outlier? 03/04/19 Heiko Paulheim 13

  14. Statistical Approaches  Assume a parametric model describing the distribution of the data (e.g., normal distribution)  Apply a statistical test that depends on – Data distribution – Parameter of distribution (e.g., mean, variance) – Number of expected outliers (confidence limit) 03/04/19 Heiko Paulheim 14

  15. Interquartile Range • Divides data in quartiles • Definitions: – Q1: x ≥ Q1 holds for 75% of all x – Q3: x ≥ Q3 holds for 25% of all x – IQR = Q3-Q1 • Outlier detection: – All values outside [median-1.5*IQR ; median+1.5*IQR] • Example: – 0,1,1,3,3,5,7,42 → median=3, Q1=1, Q3=7 → IQR = 6 – Allowed interval: [3-1.5*6 ; 3+1.5*6] = [-6 ; 12] – Thus, 42 is an outlier 03/04/19 Heiko Paulheim 15

  16. Interquartile Range • Assumes a normal distribution 03/04/19 Heiko Paulheim 16

  17. Interquartile Range • Visualization in box plot using RapidMiner Outliers Q2+1.5*IQR Q3 Median IQR Q1 Q2-1.5*IQR Outliers 03/04/19 Heiko Paulheim 17

  18. Median Absolute Deviation (MAD) • MAD is the median deviation from the median of a sample, i.e. MAD : = median i ( X i − median j ( X j )) • MAD can be used for outlier detection – all values that are k*MAD away from the median are considered to be outliers – e.g., k=3 • Example: – 0,1,1,3,5,7,42 → median = 3 Carl Friedrich Gauss, 1777-1855 – deviations: 3,2,2,0,2,4,39 → MAD = 2 – allowed interval: [3-3*2 ; 3+3*2] = [-3;9] – therefore, 42 is an outlier 03/04/19 Heiko Paulheim 18

  19. Grubbs’ Test • Invented by Frank E. Grubbs (1913-2000) • Detect outliers in univariate data • Assume data comes from normal distribution – H 0 : There is no outlier in data – H A : There is at least one outlier • Grubbs’ test statistic: G = max ∣ X − X ∣ critical t-value • Reject H 0 if: s √ N √ 2 t G >( N − 1 ) ( α / N ,N − 2 ) 2 N − 2 + t ( α / N , N − 2 ) 03/04/19 Heiko Paulheim 19

  20. Grubbs' Test 03/04/19 Heiko Paulheim 20

  21. Grubbs' Test • The test finds out if there is at least one outlier • Practical algorithm: – Perform Grubbs' Test – If there is an outlier, remove the most extreme value • i.e., the farthest away from the mean – repeat until no more outliers are detected 03/04/19 Heiko Paulheim 21

  22. Grubbs' Test • Example: given eight mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 22

  23. Grubbs' Test • Example: given eight mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 • Calculating G: G = max ∣ X − X ∣ = 39.14 15.85 = 2.47 s • Calculating the critical G: √ N √ 2 t 2 G >( N − 1 ) = 7 √ 8 √ 3.71 ( α / N ,N − 2 ) 2 = 2.07 2 N − 2 + t 6 + 3.71 ( α / N , N − 2 ) Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 23

  24. Grubbs' Test • Example: seven remaining mass spectrometer measurements – 199.31, 199.53, 200.19, 200.82, 201.92, 201.95, 202.18, 245.57 • Calculating G: G = max ∣ X − X ∣ = 1.53 1.2 = 1.28 s • Calculating the critical G: √ N √ 2 t 2 G >( N − 1 ) = 6 √ 7 √ 3.49 ( α / N ,N − 2 ) 2 = 1.91 2 N − 2 + t 5 + 3.49 ( α / N , N − 2 ) Example following: http://www.itl.nist.gov/div898/handbook/eda/section3/eda35h1.htm 03/04/19 Heiko Paulheim 24

  25. Fitting Elliptic Curves • Multi-dimensional datasets – can be seen as following a normal distribution on each dimension – the intervals in one-dimensional cases become elliptic curves 03/04/19 Heiko Paulheim 25

  26. Limitations of Statistical Approaches • Most of the tests are for a single attribute (called: univariate ) • For high dimensional data, it may be difficult to estimate the true distribution • In many cases, the data distribution may not be known – e.g., Grubbs' Test: expects Gaussian distribution 03/04/19 Heiko Paulheim 26

  27. Examples for Distributions • Normal (gaussian) distribution – e.g., people's height http://www.usablestats.com/images/men_women_height_histogram.jpg 03/04/19 Heiko Paulheim 27

  28. Examples for Distributions • Power law distribution – e.g., city population http://www.jmc2007compendium.com/V2-ATAPE-P-12.php 03/04/19 Heiko Paulheim 28

  29. Examples for Distributions • Pareto distribution – e.g., wealth http://www.ncpa.org/pub/st289?pg=3 03/04/19 Heiko Paulheim 29

  30. Examples for Distributions • Uniform distribution – e.g., distribution of web server requests across an hour http://www.brighton-webs.co.uk/distributions/uniformc.aspx 03/04/19 Heiko Paulheim 30

  31. Outliers vs. Extreme Values • So far, we have looked at extreme values only – But outliers can occur as non-extremes – In that case, methods like Grubbs' test or IQR fail -1.5 -1 -0.5 0 0.5 1 1.5 03/04/19 Heiko Paulheim 31

  32. Outliers vs. Extreme Values • IQR on the example below: – Q2 (Median) is 0 – Q1 is -1, Q3 is 1 → everything outside [-1.5,+1.5] is an outlier → there are no outliers in this example -1.5 -1 -0.5 0 0.5 1 1.5 03/04/19 Heiko Paulheim 32

  33. Time for a Short Break http://xkcd.com/539/ 03/04/19 Heiko Paulheim 33

  34. Distance-based Approaches  Data is represented as a vector of features  Various approaches – Nearest-neighbor based – Density based – Clustering based – Model based 03/04/19 Heiko Paulheim 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1 Anomaly/ Outlier Detection What are anomalies/outliers?

470 views • 32 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center Arindam Banerjee, Varun Chandola, Vipin Kumar, Jaideep Srivastava University of Minnesota Tutorial at the European Conference on Principles and

1.2k views • 116 slides
Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili l@ t d Data Mining Tasks Data Mining Tasks 2 Data Tid Tid Refund Refund Marital Marital Taxable Taxable Cheat Status Income

775 views • 39 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a] Unsupervised Learning Anomaly Detection Overview Frequent itemset and association rule mining Other itemset extensions Clustering Anomaly detection 2

1.01k views • 85 slides
Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi (RIKEN AIP) 8 November 2019 Workshop on Learning and Mining with Industrial Data, Beijing Preprint available at arxiv.org/abs/1909.03495 Background:

585 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018 Networks are ubiquitous! - - - Terrorist Network Food Web Internet Map [Krebs 2002] [2007] [Koren 2009] Social Network Protein Network

1.09k views • 53 slides
Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning Qiu (UT Dallas) Teruhisa Misu (Honda Research Inst.) Carlos Busso (UT Dallas) Motivation Goal: Categorization of driving data for future driver

443 views • 22 slides
Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data? Clustering Anomaly (outlier) detection Forecasting What are the problems with time series data? Noise Concept-drift (trend-shift

122 views • 11 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU Leuven - Department of Computer Science In cooperation with CERN 2018-07-27 0 Outline 1 Context 2 Data 3 Preprocessing 4 Anomaly Detection 5

792 views • 51 slides
Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey

Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey

AccuLoc: Practical Localization of Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey Pang ++ * University of Michigan Ann Arbor ++ AT&T Labs Research Visibility of Device in Cellular Network X X

588 views • 21 slides
The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica

The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica

The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica UAM-CSIC Theoretical Physics Colloquium , Arizona State University , April 8 th , 2020 Outline Introduction Anomalies Theory of

1.24k views • 39 slides
Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge)

Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge)

Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge) Can we directly discover particles from explanations? Third Family Hypercharge Model General SM U (1) model BCA, Gripaios, You,

990 views • 75 slides
Role Inference + Anomaly Detection = Situational Awareness in BACnet networks D. Fauri , M.

Role Inference + Anomaly Detection = Situational Awareness in BACnet networks D. Fauri , M.

Role Inference + Anomaly Detection = Situational Awareness in BACnet networks D. Fauri , M. Kapsalakis, D. R. dos Santos, E.Costante, J. den Hartog, S. Etalle Gothenburg, Sweden DIMVA 2019 - 16th Conference on Detection of Intrusions and

837 views • 15 slides
Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep Learning Lucas May Petry 1 , Amilcar Soares 2 , Vania Bogorny 1 , Bruno Brandoli 2 , Stan Matwin 2 1 Programa de Ps-Graduao em Cincias da

1.26k views • 16 slides
BCNF revisited: 40 Years Normal Forms J.A. Makowsky Faculty of Computer Science Technion - IIT,

BCNF revisited: 40 Years Normal Forms J.A. Makowsky Faculty of Computer Science Technion - IIT,

Full set of slides J.A. Makowsky BCNF revisited: 40 Years Normal Forms J.A. Makowsky Faculty of Computer Science Technion - IIT, Haifa janos@cs.technion.ac.il www.cs.technion.ac.il/ janos 1 Full set of slides J.A. Makowsky

755 views • 32 slides
Automating the Detection of Snapshot Isolation Anomalies Sudhir Jorwekar (IIT Bombay) Alan

Automating the Detection of Snapshot Isolation Anomalies Sudhir Jorwekar (IIT Bombay) Alan

Automating the Detection of Snapshot Isolation Anomalies Sudhir Jorwekar (IIT Bombay) Alan Fekete (Univ. Sydney) Krithi Ramamritham (IIT Bombay) S. Sudarshan (IIT Bombay) Motivation Non-serializable executions are possible in

773 views • 58 slides
Emerging Leaders of Gaming Webinar Series Machine Learning in Practice: Applications for the

Emerging Leaders of Gaming Webinar Series Machine Learning in Practice: Applications for the

Emerging Leaders of Gaming Webinar Series Machine Learning in Practice: Applications for the Gaming Industry Please stand by. Webinar will begin at 1:00 p.m. EST Presented by: Brief Technical Overview Marie Casias Manager, Marketing &

487 views • 31 slides

More recommend