Introduction to anomaly detection methods
AssemMahmoud16
29 views
17 slides
Aug 24, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
Introduction to the anomaly detection algorithms
Slide Content
Introduction to
Anomaly Detection
Introduction to
Anomaly Detection
LinghaoChen
HOMEPAGE: https://lhchen.top
[email protected]
School of Computer Science and Technology, XidianUniversity, Xi'an, ShaanXi, P.R.China
Anomaly Detection
Introduction to
Anomaly Detection
LinghaoChen
HOMEPAGE: https://lhchen.top
[email protected]
School of Computer Science and Technology, XidianUniversity, Xi'an, ShaanXi, P.R.China
Anomaly Detection
What is it?
[1]: Liu, Fei Tony, Kai Ming Ting, and Zhi-Hua Zhou. "Isolation forest."2008 eighth ieeeinternational conference on data mining. IEEE, 2008.
[2]: Eswaran, Dhivya, et al. "Spotlight: Detecting anomalies in streaming graphs."Proceedings of the 24th ACM SIGKDD International
Conference on Knowledge Discovery & Data Mining. 2018.
What is it?
[1]: Liu, Fei Tony, Kai Ming Ting, and Zhi-Hua Zhou. "Isolation forest."2008 eighth ieeeinternational conference on data mining. IEEE, 2008.
[2]: Eswaran, Dhivya, et al. "Spotlight: Detecting anomalies in streaming graphs."Proceedings of the 24th ACM SIGKDD International
Conference on Knowledge Discovery & Data Mining. 2018.
Problems
Why so hard to detect anomaly?
✓Unsupervisedlearning in most cases;
✓The data is extremely unbalanced;
✓It often involves density estimation, which requires a large amount of
distance or similarity calculations, and computationally expensive;
✓Real-timedetection;
✓Interpretabilityof methods.
Why so hard to detect anomaly?
✓Unsupervisedlearning in most cases;
✓The data is extremely unbalanced;
✓It often involves density estimation, which requires a large amount of
distance or similarity calculations, and computationally expensive;
✓Real-timedetection;
✓Interpretabilityof methods.
Methods
Classic Methods:
➢kNN(K-Nearest Neighbor)
➢LOF(Local Outlier Factor)
➢PCA(Principal Component Analysis)
➢HBOS(Histogram-based Outlier Score)
➢Isolation Forest
➢AE(Auto Encoder)
Classic Methods:
➢kNN(K-Nearest Neighbor)
➢LOF(Local Outlier Factor)
➢PCA(Principal Component Analysis)
➢HBOS(Histogram-based Outlier Score)
➢Isolation Forest
➢AE(Auto Encoder)
kNN(K-Nearest Neighbor)
[1]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from large data sets. ACM Sigmod
Record, 29(2), pp. 427-438.
�??????��,�=
�=1
�
�
�−�
�
??????
1
??????
Choose Top K-thDstance
Simple but expensive!
[1]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from large data sets. ACM Sigmod
Record, 29(2), pp. 427-438.
�??????��,�=
�=1
�
�
�−�
�
??????
1
??????
Choose Top K-thDstance
Simple but expensive!
LOF(Local Outlier Factor)
[1]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local outliers. ACM SigmodRecord,
29(2), pp. 93-104.
K-distance of an object p
5-distance
[1]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local outliers. ACM SigmodRecord,
29(2), pp. 93-104.
K-distance of an object p
5-distance
LOF(Local Outlier Factor)
[1]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local outliers. ACM SigmodRecord,
29(2), pp. 93-104.
K-distance neighborhood of an object p
�
��=�
′
∈�{�|??????�,�
′
≤??????
�(�)}
�
5�={�
1,�
2,�
3,�
4,�
5,�
6}
5-distance
�
6
�
5
Reachability distance of an object P w.r.t.object O
??????
��=
|�
�(�)|
σ
�∈�
??????(�)
??????_??????(�,�)
??????�??????
��=
σ
�∈�
??????(�)
??????
��
??????
��
|�
�(�)|
[1]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local outliers. ACM SigmodRecord,
29(2), pp. 93-104.
K-distance neighborhood of an object p
�
��=�
′
∈�{�|??????�,�
′
≤??????
�(�)}
�
5�={�
1,�
2,�
3,�
4,�
5,�
6}
5-distance
�
6
�
5
Reachability distance of an object P w.r.t.object O
??????
��=
|�
�(�)|
σ
�∈�
??????(�)
??????_??????(�,�)
??????�??????
��=
σ
�∈�
??????(�)
??????
��
??????
��
|�
�(�)|
PCA(Principal Component Analysis)
[1]: Shyu, Mei-Ling, et al.A novel anomaly detection scheme based on principal component classifier. MIAMI UNIV CORAL GABLES
FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING, 2003.
Input: �∈ℝ
n×??????with ??????samples
Output: �=��∈ℝ
n×??????′
Algorithm
Normalization:�
�=�
�−
1
??????
σ
�=1
??????
�
�
Covariance matrix: �=
1
??????
��
??????
Calculate eigenvectors
Anomaly score: the distance between the abnormal sample and the feature vector
[1]: Shyu, Mei-Ling, et al.A novel anomaly detection scheme based on principal component classifier. MIAMI UNIV CORAL GABLES
FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING, 2003.
Input: �∈ℝ
n×??????with ??????samples
Output: �=��∈ℝ
n×??????′
Algorithm
Normalization:�
�=�
�−
1
??????
σ
�=1
??????
�
�
Covariance matrix: �=
1
??????
��
??????
Calculate eigenvectors
Anomaly score: the distance between the abnormal sample and the feature vector
HBOS(Histogram-based Outlier Score)
[1]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm. In KI-2012:
Poster and Demo Track, pp.59-63.
Methods
Low density area
[1]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm. In KI-2012:
Poster and Demo Track, pp.59-63.
Methods
Low density area
HBOS(Histogram-based Outlier Score)
[1]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm. In KI-2012:
Poster and Demo Track, pp.59-63.
Assumption
Multidimensional data is independentof each dimension.
➢Draw a data histogram
➢Divide the value range into Kbuckets of equal(sometimes can be dynamic)
width, and the frequency of the value falling into each bucket is used as an
estimate of density.
Algorithm
Anomaly Score
??????��????????????=
�=0
??????
log(
1
ℎ??????��
�(??????)
)
[1]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm. In KI-2012:
Poster and Demo Track, pp.59-63.
Assumption
Multidimensional data is independentof each dimension.
➢Draw a data histogram
➢Divide the value range into Kbuckets of equal(sometimes can be dynamic)
width, and the frequency of the value falling into each bucket is used as an
estimate of density.
Algorithm
Anomaly Score
??????��????????????=
�=0
??????
log(
1
ℎ??????��
�(??????)
)
AE(Auto Encoder)
[1]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from large data sets. ACM Sigmod
Record, 29(2), pp. 427-438.
Latent Representation
[1]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from large data sets. ACM Sigmod
Record, 29(2), pp. 427-438.
Latent Representation
Isolation Forest
ICDM'08
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
ICDM'08
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Isolation Forest
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Isolation Forest
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Isolation Forest
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
Anomaly Detection
[1]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on Data Mining (ICDM), pp. 413-
422. IEEE
REFERENCE
[1]: Liu, Fei Tony, Kai Ming Ting, and Zhi-Hua Zhou. "Isolation forest."2008 eighth ieeeinternational
conference on data mining. IEEE, 2008.
[2]: Eswaran, Dhivya, et al. "Spotlight: Detecting anomalies in streaming graphs."Proceedings of the 24th
ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 2018.
[3]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from
large data sets. ACM SigmodRecord, 29(2), pp. 427-438.
[4]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local
outliers. ACM SigmodRecord, 29(2), pp. 93-104.
[5]: Shyu, Mei-Ling, et al.A novel anomaly detection scheme based on principal component classifier.
MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING, 2003.
[6]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly
detection algorithm. In KI-2012: Poster and Demo Track, pp.59-63.
[7]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from
large data sets. ACM SigmodRecord, 29(2), pp. 427-438.
[8]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on
Data Mining (ICDM), pp. 413-422. IEEE
[1]: Liu, Fei Tony, Kai Ming Ting, and Zhi-Hua Zhou. "Isolation forest."2008 eighth ieeeinternational
conference on data mining. IEEE, 2008.
[2]: Eswaran, Dhivya, et al. "Spotlight: Detecting anomalies in streaming graphs."Proceedings of the 24th
ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 2018.
[3]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from
large data sets. ACM SigmodRecord, 29(2), pp. 427-438.
[4]: Breunig, M.M., Kriegel, H.P., Ng, R.T. and Sander, J., 2000, May. LOF: identifying density-based local
outliers. ACM SigmodRecord, 29(2), pp. 93-104.
[5]: Shyu, Mei-Ling, et al.A novel anomaly detection scheme based on principal component classifier.
MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING, 2003.
[6]: Goldstein, M. and Dengel, A., 2012. Histogram-based outlier score (hbos): A fast unsupervised anomaly
detection algorithm. In KI-2012: Poster and Demo Track, pp.59-63.
[7]: Ramaswamy, S., Rastogi, R. and Shim, K., 2000, May. Efficient algorithms for mining outliers from
large data sets. ACM SigmodRecord, 29(2), pp. 427-438.
[8]: Liu, F.T., Ting, K.M. and Zhou, Z.H., 2008, December. Isolation forest. In International Conference on
Data Mining (ICDM), pp. 413-422. IEEE
Q&A
Introduction to
Anomaly Detection
LinghaoChen
HOMEPAGE: https://lhchen.top
[email protected]
School of Computer Science and Technology, XidianUniversity, Xi'an, ShaanXi, P.R.China
Introduction to
Anomaly Detection
LinghaoChen
HOMEPAGE: https://lhchen.top
[email protected]
School of Computer Science and Technology, XidianUniversity, Xi'an, ShaanXi, P.R.China
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 29
- Slides 17
- Age 464 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views