data mining ii anomaly detection
play

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection - PowerPoint PPT Presentation

Mar 31, 2024 •164 likes •905 views

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

  1. Data Mining II Anomaly Detection Heiko Paulheim

  2. Anomaly Detection • Also known as “Outlier Detection” • Automatically identify data points that are somehow different from the rest • Working assumption: – There are considerably more “normal” observations than “abnormal” observations (outliers/anomalies) in the data • Challenges – How many outliers are there in the data? – What do they look like? – Method is unsupervised • Validation can be quite challenging (just like for clustering) 3/31/20 Heiko Paulheim 2

  3. Recap: Errors in Data • Sources – malfunctioning sensors – errors in manual data processing (e.g., twisted digits) – storage/transmission errors – encoding problems, misinterpreted file formats – bugs in processing code – ... Image: http://www.flickr.com/photos/16854395@N05/3032208925/ 3/31/20 Heiko Paulheim 3

  4. Recap: Errors in Data • Simple remedy – remove data points outside a given interval • this requires some domain knowledge • Advanced remedies – automatically find suspicious data points 3/31/20 Heiko Paulheim 4

  5. Applications: Data Preprocessing • Data preprocessing – removing erroneous data – removing true, but useless deviations • Example: tracking people down using their GPS data – GPS values might be wrong – person may be on holidays in Hawaii • what would be the result of a kNN classifier? 3/31/20 Heiko Paulheim 5

  6. Applications: Credit Card Fraud Detection • Data: transactions for one customer – €15.10 Amazon – €12.30 Deutsche Bahn tickets, Mannheim central station – €18.28 Edeka Mannheim – $500.00 Cash withdrawal. Dubai Intl. Airport – €48.51 Gas station Heidelberg – €21.50 Book store Mannheim • Goal: identify unusual transactions – possible attributes: location, amount, currency, ... 3/31/20 Heiko Paulheim 6

  7. Applications: Hardware Failure Detection Thomas Weible: An Optic's Life (2010). 3/31/20 Heiko Paulheim 7

  8. Applications: Stock Monitoring • Stock market prediction • Computer trading http://blogs.reuters.com/reuters-investigates/2010/10/15/flash-crash-fallout/ 3/31/20 Heiko Paulheim 8

  9. Errors vs. Natural Outliers Ozone Depletion History In 1985 three researchers (Farman,  Gardinar and Shanklin) were puzzled by data gathered by the British Antarctic Survey showing that ozone levels for Antarctica had dropped 10% below normal levels Why did the Nimbus 7 satellite,  which had instruments aboard for recording ozone levels, not record similarly low ozone concentrations? The ozone concentrations recorded  by the satellite were so low they were being treated as outliers by a Sources: computer program and discarded! http://exploringdata.cqu.edu.au/ozone.html http://www.epa.gov/ozone/science/hole/size.html 3/31/20 Heiko Paulheim 9

  10. Errors, Outliers, Anomalies, Novelties... • What are we looking for? – Wrong data values (errors) – Unusual observations (outliers or anomalies) – Observations not in line with previous observations (novelties) • Unsupervised Setting: – Data contains both normal and outlier points – Task: compute outlier score for each data point • Supervised setting: – Training data is considered normal – Train a model to identify outliers in test dataset 3/31/20 Heiko Paulheim 10

  11. Methods for Anomaly Detection • Graphical – Look at data, identify suspicious observations • Statistic – Identify statistical characteristics of the data • e.g., mean, standard deviation – Find data points which do not follow those characteristics • Density-based – Consider distributions of data – Dense regions are considered the “normal” behavior • Model-based – Fit an explicit model to the data – Identify points which do not behave according to that model 3/31/20 Heiko Paulheim 11

  12. Anomaly Detection Schemes  General Steps – Build a profile of the “normal” behavior  Profile can be patterns or summary statistics for the overall population – Use the “normal” profile to detect anomalies  Anomalies are observations whose characteristics differ significantly from the normal profile  Types of anomaly detection schemes – Graphical & Statistical-based – Distance-based – Model-based 3/31/20 Heiko Paulheim 12

  13. Graphical Approaches  Boxplot (1-D), Scatter plot (2-D), Spin plot (3-D)  Limitations – Time consuming – Subjective 3/31/20 Heiko Paulheim 13

  14. Convex Hull Method  Extreme points are assumed to be outliers  Use convex hull method to detect extreme values  What if the outlier occurs in the middle of the data? 3/31/20 Heiko Paulheim 14

  15. Interpretation: What is an Outlier? 3/31/20 Heiko Paulheim 15

  16. Statistical Approaches  Assume a parametric model describing the distribution of the data (e.g., normal distribution)  Apply a statistical test that depends on – Data distribution – Parameter of distribution (e.g., mean, variance) – Number of expected outliers (confidence limit) 3/31/20 Heiko Paulheim 16

  17. Interquartile Range • Divides data in quartiles • Definitions: – Q1: x ≥ Q1 holds for 75% of all x – Q3: x ≥ Q3 holds for 25% of all x – IQR = Q3-Q1 • Outlier detection: – All values outside [median-1.5*IQR ; median+1.5*IQR] • Example: – 0,1,1,3,3,5,7,42 → median=3, Q1=1, Q3=7 → IQR = 6 – Allowed interval: [3-1.5*6 ; 3+1.5*6] = [-6 ; 12] – Thus, 42 is an outlier 3/31/20 Heiko Paulheim 17

  18. Interquartile Range • Assumes a normal distribution 3/31/20 Heiko Paulheim 18

  19. Interquartile Range • Visualization in box plot Outliers Q2+1.5*IQR Q3 Median IQR Q1 Q2-1.5*IQR Outliers 3/31/20 Heiko Paulheim 19

  20. Median Absolute Deviation (MAD) • MAD is the median deviation from the median of a sample, i.e. MAD : = median i ( X i − median j ( X j )) • MAD can be used for outlier detection – all values that are k*MAD away from the median are considered to be outliers – e.g., k=3 • Example: – 0,1,1,3,5,7,42 → median = 3 Carl Friedrich Gauss, 1777-1855 – deviations: 3,2,2,0,2,4,39 → MAD = 2 – allowed interval: [3-3*2 ; 3+3*2] = [-3;9] – therefore, 42 is an outlier 3/31/20 Heiko Paulheim 20

  21. Fitting Elliptic Curves • Multi-dimensional datasets – can be seen as following a normal distribution on each dimension – the intervals in one-dimensional cases become elliptic curves 3/31/20 Heiko Paulheim 21

  22. Limitations of Statistical Approaches • Most of the tests are for a single attribute (called: univariate ) • For high dimensional data, it may be difficult to estimate the true distribution • In many cases, the data distribution may not be known – e.g., IQR Test: assumes Gaussian distribution 3/31/20 Heiko Paulheim 22

  23. Examples for Distributions • Normal (gaussian) distribution – e.g., people's height http://www.usablestats.com/images/men_women_height_histogram.jpg 3/31/20 Heiko Paulheim 23

  24. Examples for Distributions • Power law distribution – e.g., city population http://www.jmc2007compendium.com/V2-ATAPE-P-12.php 3/31/20 Heiko Paulheim 24

  25. Examples for Distributions • Pareto distribution – e.g., wealth http://www.ncpa.org/pub/st289?pg=3 3/31/20 Heiko Paulheim 25

  26. Examples for Distributions • Uniform distribution – e.g., distribution of web server requests across an hour http://www.brighton-webs.co.uk/distributions/uniformc.aspx 3/31/20 Heiko Paulheim 26

  27. Outliers vs. Extreme Values • So far, we have looked at extreme values only – But outliers can occur as non-extremes – In that case, methods like IQR fail -1.5 -1 -0.5 0 0.5 1 1.5 3/31/20 Heiko Paulheim 27

  28. Outliers vs. Extreme Values • IQR on the example below: – Q2 (Median) is 0 – Q1 is -1, Q3 is 1 → everything outside [-1.5,+1.5] is an outlier → there are no outliers in this example -1.5 -1 -0.5 0 0.5 1 1.5 3/31/20 Heiko Paulheim 28

  29. Time for a Short Break http://xkcd.com/539/ 3/31/20 Heiko Paulheim 29

  30. Distance-based Approaches  Data is represented as a vector of features  Various approaches – Nearest-neighbor based – Density based – Clustering based – Model based 3/31/20 Heiko Paulheim 30

  31. Nearest-Neighbor Based Approach  Approach: – Compute the distance between every pair of data points – There are various ways to define outliers:  Data points for which there are fewer than p neighboring points within a distance D  The top n data points whose distance to the k th nearest neighbor is greatest RapidMiner  The top n data points whose average distance to the k nearest neighbors is greatest 3/31/20 Heiko Paulheim 31

  32. Density-based: LOF approach  For each point, compute the density of its local neighborhood – if that density is higher than the average density, the point is in a cluster – if that density is lower than the average density, the point is an outlier  Compute local outlier factor (LOF) of a point A – ratio of average density to density of point A  Outliers are points with large LOF value – typical: larger than 1 3/31/20 Heiko Paulheim 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan,

Anomaly Detection Lecture Notes for Chapter 9 Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 4/14/2019 Introduction to Data Mining, 2nd Edition 1 Anomaly/ Outlier Detection What are anomalies/outliers?

470 views • 32 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center

Data Mining for Anomaly Detection Aleksandar Lazarevic United Technologies Research Center Arindam Banerjee, Varun Chandola, Vipin Kumar, Jaideep Srivastava University of Minnesota Tutorial at the European Conference on Principles and

1.2k views • 116 slides
Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili

Anomaly Detection Qi Liu University of Science and Technology of China qiliuql@ustc.edu.cn ili l@ t d Data Mining Tasks Data Mining Tasks 2 Data Tid Tid Refund Refund Marital Marital Taxable Taxable Cheat Status Income

775 views • 39 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a]

Advanced Analytics in Business [D0S07a] Big Data Platforms & Technologies [D0S06a] Unsupervised Learning Anomaly Detection Overview Frequent itemset and association rule mining Other itemset extensions Clustering Anomaly detection 2

1.01k views • 85 slides
Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection Naoya Takeishi (RIKEN AIP) 8 November 2019 Workshop on Learning and Mining with Industrial Data, Beijing Preprint available at arxiv.org/abs/1909.03495 Background:

585 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018

Mining Rich Graphs Ranking, Classification, and Anomaly Detection Leman Akoglu Feb 9 th 2018 Networks are ubiquitous! - - - Terrorist Network Food Web Internet Map [Krebs 2002] [2007] [Koren 2009] Social Network Protein Network

1.09k views • 53 slides
Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning

Driving Anomaly Detection with Conditional GAN using Physiological Data & CAN-Bus Data Yuning Qiu (UT Dallas) Teruhisa Misu (Honda Research Inst.) Carlos Busso (UT Dallas) Motivation Goal: Categorization of driving data for future driver

443 views • 22 slides
Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data?

Time Series Representations for Better Data Mining What can we do with time series data? Clustering Anomaly (outlier) detection Forecasting What are the problems with time series data? Noise Concept-drift (trend-shift

122 views • 11 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU

Anomaly Detection for the CERN Large Hadron Collider injection magnets Armin Halilovic KU Leuven - Department of Computer Science In cooperation with CERN 2018-07-27 0 Outline 1 Context 2 Data 3 Preprocessing 4 Anomaly Detection 5

792 views • 51 slides
Prt rss t

Prt rss t

trt sr rt Prt rss t sts t Prt rss

953 views • 68 slides
Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on

Global anomalies on Lorentzian space-times Jochen Zahn Universit at Leipzig based on 1609.06562 (Ann. H. Poincar e) [joint work with A. Schenkel] LQP 41, G ottingen, February 2018 Global anomalies in the path integral Chiral SU p 2

375 views • 11 slides
Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center > www.tugraz.at 1

Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center > www.tugraz.at 1

www.tugraz.at Anomalies in Data SCIENCE PASSION TECHNOLOGY Anomalies in Data Maximilian Toller KDDM2 Maximilian Toller, Know-Center > www.tugraz.at 1 KDDM2 www.tugraz.at Anomalies in Data Recall from earlier Maximilian Toller,

1.39k views • 84 slides
Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik,

Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik,

bla Conformal Anomalies and Gravitational Waves Hermann Nicolai MPI f ur Gravitationsphysik, Potsdam (Albert Einstein Institut) Work based on: K. Meissner and H.N.: arXiv:1607.07312 H. Godazgar, K. Meissner and H.N.: in progress Executive

422 views • 13 slides
Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting

Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting

OTS Technical Advisory Committee Meeting March 10, 2015 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting Objective The Technical Advisory Committee meeting is intended to provide updates from OTS, and get feedback and

409 views • 20 slides
Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th

Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th

Polyplex (Thailand) Public Limited Company Presentation at the SET Opportunity Day Tuesday, 7 th June 2011 Website : www.polyplexthailand.com Contents BOPET Film Industry Polyplex group Polyplex Competitive Strength PTL :

651 views • 42 slides
Manulife US REIT Day 2018 24 September 2018 Important Notice This presentation is for

Manulife US REIT Day 2018 24 September 2018 Important Notice This presentation is for

Manulife US REIT Day 2018 24 September 2018 Important Notice This presentation is for information purposes only and does not constitute or form part of an offer, invitation or solicitation of any offer to purchase or subscribe for any securities

238 views • 23 slides
P P O O H H S S K K R R O O W W 2012 2012 24 25 October

P P O O H H S S K K R R O O W W 2012 2012 24 25 October

Special program P P O O H H S S K K R R O O W W 2012 2012 24 25 October www.people.marcegaglia.com THU n o s i v i 25 i d l i o c a i g l a g e c r a M n i , i d a l a P o c i r n E

405 views • 28 slides

More recommend