DOCSLIB.ORG

A Comparative Evaluation of Semi- Supervised Anomaly Detection Techniques

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Comparative Evaluation of Semi- Supervised Anomaly Detection Techniques DEGREE PROJECT IN COMPUTER ENGINEERING, FIRST CYCLE, 15 CREDITS STOCKHOLM, SWEDEN 2020 A Comparative Evaluation Of Semi- supervised Anomaly Detection Techniques REBWAR BAJALLAN BURHAN HASHI KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE A Comparative Evaluation Of Semi-supervised Anomaly Detection Techniques REBWAR BAJALLAN BURHAN HASHI Degree Project in Computer Science Date: June 9, 2020 Supervisor: Pawel Herman Examiner: Pawel Herman School of Electrical Engineering and Computer Science Swedish title: En jämförande utvärdering av semi-övervakade tekniker för identifiering av uteliggande datapunkter iii Abstract As we are entering the information age and the amount of data is rapidly in- creasing, the task of detecting anomalies has become a necessity in many orga- nizations as anomalies often reveal useful information which in many cases can be critical to save lives or to catch imposters. The semi-supervised approach to anomaly detection which is based on the fact that the user has no infor- mation about anomalies has become widely popular since it’s easier to model the normal state of systems than to obtain information about every anomalous behavior. Therefore, in this study we choose to conduct a comparative evalua- tion of the semi-supervised anomaly detection techniques; Autoencoder, Local outlier factor algorithm, and one class support vector machine, to simplify the process of selecting the right technique when faced with similar anomaly de- tection problems of semi-supervised nature. We found that the local outlier factor algorithm was superior in performance given the Electrocardiograms dataset (ECG5000), achieving a high precision and perfect recall. The autoencoder achieved the best performance given the credit card fraud dataset, even though the remaining models also achieved a relatively high performance that didn’t differ much from that of the autoen- coder. However, it should be noted that the definition of performance differs as the characteristics of anomaly detection problems are different, as specific problems might put a higher weight on detecting all anomalies for an increase in falsely identified normal data points. iv Sammanfattning Vi befinner oss i informationsåldern och samtidigt som mängden data snabbt ökar har problemet med att upptäcka avvikelser blivit allt mer nödvändigt i många organisationer. Då avvikelserna ofta avslöjar viktig information, som i många fall kan vara avgörande för att rädda liv eller för att upptäcka bedra- gare. Den semi-övervakade metoden för upptäcka av avvikelser är baserad på det faktum att användaren inte har någon information om avvikelser. Denna metod har blivit allmänt populärt eftersom det är lättare att modellera syste- mets normala tillstånd än att erhålla information om alla avvikande tillstånd. Därför väljer vi i denna studie att göra en jämförande utvärdering av de semi- övervakade avikelse-detektions metoderna; Autoencoder, Local outlier factor algorithm, och One class support vector machine, för att förenkla processen att välja rätt algoritm när man står inför liknande avikelse-detektionsproblem av semi-övervakad natur. Vi fann att den Local outlier factor algoritmen presterade bäst på datasät- tet Electrocardiograms (ECG5000), då den uppnådde en hög precision och perfekt återkallelse. Autoencodern var bäst med avseende på datasättet kre- ditkortsbedrägeri. Men även de andra modellerna presterade relativt nära det Autoencodern presterade. Det bör även noteras att definitionen av prestation kan skilja sig då kraven för avikelse-detekteringsproblem är olika, eftersom specifika problem kan lägga högre vikt vid att upptäcka alla avvikelser med en ökning av falskt identifierade normala datapunkter. Contents 1 Introduction 1 1.1 Problem Definition . .2 1.1.1 Scope . .2 1.1.2 Thesis Outline . .2 2 Background 3 2.1 Anomalies . .3 2.1.1 Anomaly Detection . .3 2.1.2 Anomaly Score . .4 2.1.3 Semi-supervised anomaly detection . .4 2.2 Support Vector Machine . .5 2.2.1 One-Class Support Vector Machine . .5 2.3 Local Outlier Factor Algorithm . .6 2.4 Artificial Neural Networks . .7 2.4.1 Feed-forward neural networks . .7 2.5 Autoencoders . .8 2.5.1 Reconstruction Error . .9 2.5.2 Training Autoencoders . .9 2.5.3 Autoencoders and Anomaly detection . .9 2.6 Related Work . 10 3 Method 11 3.1 Datasets . 11 3.1.1 ECG5000 . 11 3.1.2 Credit Card dataset . 12 3.2 Models . 12 3.2.1 OC-SVM . 12 3.2.2 LOF algorithm . 12 3.2.3 Autoencoder . 13 v vi CONTENTS 3.3 Evaluation Metrics . 15 4 Results 16 4.1 Autoencoder . 16 4.1.1 Training reconstruction error . 16 4.1.2 Error threshold selection . 17 4.1.3 Testing reconstruction errors . 17 4.1.4 Autoencoder testing results . 19 4.2 OC-SVM . 19 4.2.1 OC-SVM testing results . 19 4.3 LOF algorithm . 20 4.3.1 Testing outlier factors . 20 4.3.2 LOF algorithm testing results . 21 4.4 Results summary . 22 5 Discussion 23 5.1 Limitations . 25 6 Conclusions 26 6.1 Further research . 26 Bibliography 27 Chapter 1 Introduction As the world is getting data-driven the field of anomaly detection is on the rise and is starting to play a big role in many organizations. Anomaly detection is the process of detecting anomalies which are observations that deviates from the other observations so that they become suspicious of being the result of errors or fraud [1]. To detect and analyse anomalies is therefore an important task because it reveals useful information which in many cases can be critical to catch imposters or save lives. In the banking sector anomaly detection has become an extremely important task to detect and analyze fraudulent credit card transactions that assist in the disclosure of impostors [1]. Anomaly de- tection has also become frequently used in hospitals when processing medical diagnosis, where the anomalies, for example, could help to detect cancerous cells when investigating medical images [1]. There are many techniques used in anomaly detection tasks, but one of the techniques that have been on the rise the recent years is the use of artificial neural networks. These techniques come to great advantage because they have proven to be good at modeling the complexity of real-world data [1]. In recent years, artificial neural network anomaly detection techniques have become increasingly popular and have proven to outperform the traditional machine learning techniques as the scale of data increases [1]. The semi-supervised anomaly detection approach which is based on the fact that the user has no information about possible anomalies has become widely applicable. This approach has risen in popularity since it’s easier to model the normal state of the system rather than obtaining information about every possible anomalous behavior that can occur [2] . An example is the detection 1 2 CHAPTER 1. INTRODUCTION of spacecraft faults [3] , where faults may result in spacecraft incidents. These incidents hardly occur, it is therefore, easier to obtain data that reflects how the spacecraft operates in a normal state and with the semi-supervised approach detect abnormal spacecraft activities. 1.1 Problem Definition This study aims to present a comparative evaluation of different semi-supervised anomaly detection techniques. The evaluation investigates which model per- forms best in predicting anomalies from a set of different datasets, to draw a generalizable conclusion about which model that is preferable to use in prob- lems using similar datasets. 1.1.1 Scope The question is investigated by evaluating the performance of the semi-supervised anomaly detection techniques: Autoencoder, Local outlier factor, and One- class support vector machine. The datasets used in the evaluation are the ECG5000 (electrocardiogram) dataset along with the credit card dataset. The purpose of this study is to simplify the process of choosing the right tech- niques to use when people in the industries of credit card fraud analytics and healthcare are faced with similar anomaly detection problems that is of semi- supervised nature. 1.1.2 Thesis Outline The first chapter contains a basic introduction to the subject of this study to- gether with the problem definition and the scope. The second chapter explores the field of anomalies and anomaly detection. It further discloses an explana- tion of the methods Autoencoder, Local outlier factor, and One-class support vector machines. This chapter ends with a presentation with the relevant lit- erature. Chapter three covers the method of the study, the dataset used, the implementation of the models, and the evaluation. The fifth chapter presents the result together with relevant figures and chapter six contains a critical dis- cussion about the results and method, from different perspectives. The study ends with a conclusion and remarks about potential future work. Chapter 2 Background 2.1 Anomalies Anomalies or outliers are observations that deviates significantly from the other observations so that they become suspicious of being generated by a different mechanism, sometimes being the result of errors or fraud [1]. This could be for example fraudulent credit card transactions that are the results of a stolen credit card [1]. Two important characteristics of anomalies are that they are different from the norm with respect to their features and that they are rare in the dataset in contrast to the normal instances [4]. Anomalies arise for different reasons depending on the type of context. Some reasons are failures in systems, fraudulent behavior or malicious actions [1]. It is important to remember that not every anomaly is considered as being the result of error or fraud, because there are situations where data points natu- rally are different. For example if you take the height of every student in your school, there will for sure be anomalies in that dataset which of course isn’t the result of any error. But the study of anomalies usually reveals exiting insights and conveys valuable information about the data [1].
Load more

Recommended publications
  • Fastlof: an Expectation-Maximization Based Local Outlier Detection Algorithm
    FastLOF: An Expectation-Maximization based Local Outlier Detection Algorithm Markus Goldstein German Research Center for Artificial Intelligence (DFKI), Kaiserslautern www.dfki.de [email protected] Introduction Performance Improvement Attempts Anomaly detection finds outliers in data sets which Space partitioning algorithms (e.g. search trees): Require time to build the tree • • – only occur very rarely in the data and structure and can be slow when having many dimensions – their features significantly deviate from the normal data Locality Sensitive Hashing (LSH): Approximates neighbors well in dense areas but • Three different anomaly detection setups exist [4]: performs poor for outliers • 1. Supervised anomaly detection (labeled training and test set) FastLOF Idea: Estimate the nearest neighbors for dense areas approximately and compute • 2. Semi-supervised anomaly detection exact neighbors for sparse areas (training with normal data only and labeled test set) Expectation step: Find some (approximately correct) neighbors and estimate • LRD/LOF based on them Maximization step: For promising candidates (LOF > θ ), find better neighbors • 3. Unsupervised anomaly detection (one data set without any labels) Algorithm 1 The FastLOF algorithm 1: Input 2: D = d1,...,dn: data set with N instances 3: c: chunk size (e.g. √N) 4: θ: threshold for LOF In this work, we present an unsupervised algorithm which scores instances in a 5: k: number of nearest neighbors • Output given data set according to their outlierliness 6: 7: LOF = lof1,...,lofn:
    [Show full text]
  • Incremental Local Outlier Detection for Data Streams
    IEEE Symposium on Computational Intelligence and Data Mining (CIDM), April 2007 Incremental Local Outlier Detection for Data Streams Dragoljub Pokrajac Aleksandar Lazarevic Longin Jan Latecki CIS Dept. and AMRC United Tech. Research Center CIS Department. Delaware State University 411 Silver Lane, MS 129-15 Temple University Dover DE 19901 East Hartford, CT 06108, USA Philadelphia, PA 19122 Abstract. Outlier detection has recently become an important have labeled data, which can be extremely time consuming for problem in many industrial and financial applications. This real life applications, and (2) inability to detect new types of problem is further complicated by the fact that in many cases, rare events. In contrast, unsupervised learning methods outliers have to be detected from data streams that arrive at an typically do not require labeled data and detect outliers as data enormous pace. In this paper, an incremental LOF (Local Outlier points that are very different from the normal (majority) data Factor) algorithm, appropriate for detecting outliers in data streams, is proposed. The proposed incremental LOF algorithm based on some measure [3]. These methods are typically provides equivalent detection performance as the iterated static called outlier/anomaly detection techniques, and their success LOF algorithm (applied after insertion of each data record), depends on the choice of similarity measures, feature selection while requiring significantly less computational time. In addition, and weighting, etc. They have the advantage of detecting new the incremental LOF algorithm also dynamically updates the types of rare events as deviations from normal behavior, but profiles of data points. This is a very important property, since on the other hand they suffer from a possible high rate of false data profiles may change over time.
    [Show full text]
  • A Two-Level Approach Based on Integration of Bagging and Voting for Outlier Detection
    Research Paper A Two-Level Approach based on Integration of Bagging and Voting for Outlier Detection Alican Dogan1, Derya Birant2† 1The Graduate School of Natural and Applied Sciences, Dokuz Eylul University, Izmir, Turkey 2Department of Computer Engineering, Dokuz Eylul University, Izmir, Turkey Citation: Dogan, Alican and Derya Birant. “A two- level approach based on Abstract integration of bagging and voting for outlier Purpose: The main aim of this study is to build a robust novel approach that is able to detect detection.” Journal of outliers in the datasets accurately. To serve this purpose, a novel approach is introduced to Data and Information determine the likelihood of an object to be extremely different from the general behavior of Science, vol. 5, no. 2, 2020, pp. 111–135. the entire dataset. https://doi.org/10.2478/ Design/methodology/approach: This paper proposes a novel two-level approach based jdis-2020-0014 on the integration of bagging and voting techniques for anomaly detection problems. The Received: Dec. 13, 2019 proposed approach, named Bagged and Voted Local Outlier Detection (BV-LOF), benefits Revised: Apr. 27, 2020 Accepted: Apr. 29, 2020 from the Local Outlier Factor (LOF) as the base algorithm and improves its detection rate by using ensemble methods. Findings: Several experiments have been performed on ten benchmark outlier detection datasets to demonstrate the effectiveness of the BV-LOF method. According to the results, the BV-LOF approach significantly outperformed LOF on 9 datasets of 10 ones on average. Research limitations: In the BV-LOF approach, the base algorithm is applied to each subset data multiple times with different neighborhood sizes (k) in each case and with different ensemble sizes (T).
    [Show full text]
  • Accelerating the Local Outlier Factor Algorithm on a GPU for Intrusion Detection Systems
    Accelerating the Local Outlier Factor Algorithm on a GPU for Intrusion Detection Systems Malak Alshawabkeh Byunghyun Jang David Kaeli Dept of Electrical and Dept. of Electrical and Dept. of Electrical and Computer Engineering Computer Engineering Computer Engineering Northeastern University Northeastern University Northeastern University Boston, MA Boston, MA Boston, MA [email protected] [email protected] [email protected] ABSTRACT 1. INTRODUCTION The Local Outlier Factor (LOF) is a very powerful anomaly The Local Outlier Factor (LOF) [3] algorithm is a powerful detection method available in machine learning and classifi- outlier detection technique that has been widely applied to cation. The algorithm defines the notion of local outlier in anomaly detection and intrusion detection systems. LOF which the degree to which an object is outlying is dependent has been applied in a number of practical applications such on the density of its local neighborhood, and each object can as credit card fraud detection [5], product marketing [16], be assigned an LOF which represents the likelihood of that and wireless sensor network security [6]. object being an outlier. Although this concept of a local out- lier is a useful one, the computation of LOF values for every data object requires a large number of k-nearest neighbor The LOF algorithm utilizes the concept of a local outlier that queries – this overhead can limit the use of LOF due to the captures the degree to which an object is an outlier based computational overhead involved. on the density of its local neighborhood. Each object can be assigned an LOF value which represents the likelihood of that object being an outlier.
    [Show full text]
  • Arxiv:1904.06034V1 [Stat.ML] 12 Apr 2019 Sity Exactly for a Test Instance
    Supervised Anomaly Detection based on Deep Autoregressive Density Estimators Tomoharu Iwata Yuki Yamanaka NTT Communication Science Laboratories NTT Secure Platform Laboratories Abstract autoencoders (VAE) (Kingma and Welling 2013), flow- based generative models (Dinh, Krueger, and Bengio 2014; We propose a supervised anomaly detection method based Dinh, Sohl-Dickstein, and Bengio 2016; Kingma and Dhari- on neural density estimators, where the negative log likeli- wal 2018), and autoregressive models (Uria, Murray, and hood is used for the anomaly score. Density estimators have been widely used for unsupervised anomaly detection. By Larochelle 2013; Raiko et al. 2014; Germain et al. 2015; the recent advance of deep learning, the density estimation Uria et al. 2016). The VAE has been used for anomaly de- performance has been greatly improved. However, the neural tection (An and Cho 2015; Suh et al. 2016; Xu et al. 2018). density estimators cannot exploit anomaly label information, In some situations, the label information, which indicates which would be valuable for improving the anomaly detec- whether each instance is anomalous or normal, is avail- tion performance. The proposed method effectively utilizes able (Gornitz¨ et al. 2013). The label information is valuable the anomaly label information by training the neural density for improving the anomaly detection performance. How- estimator so that the likelihood of normal instances is max- ever, the existing neural network based density estimation imized and the likelihood of anomalous instances is lower methods cannot exploit the label information. To use the than that of the normal instances. We employ an autoregres- sive model for the neural density estimator, which enables anomaly label information, supervised classifiers, such as us to calculate the likelihood exactly.
    [Show full text]
  • Isolation Forest and Local Outlier Factor for Credit Card Fraud Detection System
    International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-9 Issue-4, April 2020 Isolation Forest and Local Outlier Factor for Credit Card Fraud Detection System V. Vijayakumar, Nallam Sri Divya, P. Sarojini, K. Sonika The dataset includes Credit Card purchases made by Abstract: Fraud identification is a crucial issue facing large consumers in Europe during September 2013. Credit card economic institutions, which has caused due to the rise in credit purchases are defined by tracking the conduct of purchases card payments. This paper brings a new approach for the predictive into two classifications: fraudulent and non-fraudulent. identification of credit card payment frauds focused on Isolation Depending on these two groups correlations are generated Forest and Local Outlier Factor. The suggested solution comprises of the corresponding phases: pre-processing of data-sets, training and machine learning algorithms are used to identify and sorting, convergence of decisions and analysis of tests. In this suspicious transactions. Instead, the action of such article, the behavior characteristics of correct and incorrect anomalies can be evaluated using Isolation Forest and transactions are to be taught by two kinds of algorithms local Local Outlier Factor and their final results can be outlier factor and isolation forest. To date, several researchers contrasted to verify which algorithm is better. identified different approaches for identifying and growing such The key problems involved in the identification of frauds. In this paper we suggest analysis of Isolation Forest and credit card fraud are: Immense data is collected on a regular Local Outlier Factor algorithms using python and their basis and the model construct must be quick sufficiently comprehensive experimental results.
    [Show full text]
  • Anomaly Detection Using Signal Segmentation and One-Class Classification in Diffusion Process of Semiconductor Manufacturing
    sensors Article Anomaly Detection Using Signal Segmentation and One-Class Classification in Diffusion Process of Semiconductor Manufacturing Kyuchang Chang 1, Youngji Yoo 2 and Jun-Geol Baek 1,* 1 Department of Industrial and Management Engineering, Korea University, Seoul 02841, Korea; [email protected] 2 Samsung Electronics Co., Ltd., Hwaseong-si 18448, Korea; [email protected] * Correspondence: [email protected]; Tel.: +82-2-3290-3396 Abstract: This paper proposes a new diagnostic method for sensor signals collected during semi- conductor manufacturing. These signals provide important information for predicting the quality and yield of the finished product. Much of the data gathered during this process is time series data for fault detection and classification (FDC) in real time. This means that time series classification (TSC) must be performed during fabrication. With advances in semiconductor manufacturing, the distinction between normal and abnormal data has become increasingly significant as new challenges arise in their identification. One challenge is that an extremely high FDC performance is required, which directly impacts productivity and yield. However, general classification algorithms can have difficulty separating normal and abnormal data because of subtle differences. Another challenge is that the frequency of abnormal data is remarkably low. Hence, engineers can use only normal data to Citation: Chang, K.; Yoo, Y.; Baek, develop their models. This study presents a method that overcomes these problems and improves J.-G. Anomaly Detection Using Signal the FDC performance; it consists of two phases. Phase I has three steps: signal segmentation, feature Segmentation and One-Class extraction based on local outlier factors (LOF), and one-class classification (OCC) modeling using the Classification in Diffusion Process of Semiconductor Manufacturing.
    [Show full text]
  • Anomaly Detection Using Dictionary Learning
    Anomaly Detection Using Dictionary Learning Mark Eisen,∗ Mengjie Pan,y Zachary Siegelzand Sara Staszakx July 22, 2013 MAXIMA REU Summer 2013 Institute for Mathematics and its Applications University of Minnesota Faculty advisor: Alicia Johnson (Macalester College) Problem poser: Jarvis Haupt (University of Minnesota) Abstract This report applies dictionary learning and sparse coding algorithms to data in the interest of de- veloping a better method of anomaly detection without a priori information about the anomalies them- selves. These methods aim to find a sparse representation of data Y with respect to a learned basis, or dictionary D. Specifically, iterative learning algorithms are used to solve the minimization problem 2 min kY − DXk2 + λkXk0, where X is a set of coefficients and λ controls the sparsity of X. Sparsity X;D helps assign semantic meaning to individual dictionary elements based upon their use in reconstructing data, which in turn highlights natural groupings and relationships among the data points. Thus, though traditional applications of dictionary learning include image denoising, novel methods for identification of anomalous or salient data points can also be derived from such structural features. To this end, we develop sparsity-informed metrics for defining and identifying anomalies with broad applications. Our results are promising and competitive with previous methods for flagging anomalous data in both images and propagating wavefield video. ∗University of Pennsylvania yBryn Mawr College zPomona College xMacalester College 1 Contents 1 Introduction 3 1.1 Anomaly Detection . .3 1.2 Existing Methods . .3 1.3 Proposed Method . .3 2 Methodology 4 2.1 Sparse Coding . .4 2.2 Dictionary Learning .
    [Show full text]
  • A Review of Local Outlier Factor Algorithms for Outlier Detection in Big Data Streams
    big data and cognitive computing Review A Review of Local Outlier Factor Algorithms for Outlier Detection in Big Data Streams Omar Alghushairy 1,2,* , Raed Alsini 1,3 , Terence Soule 1 and Xiaogang Ma 1,* 1 Department of Computer Science, University of Idaho, Moscow, ID 83844, USA; [email protected] (R.A.); [email protected] (T.S.) 2 College of Computer Science and Engineering, University of Jeddah, Jeddah 23890, Saudi Arabia 3 Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia * Correspondence: [email protected] (O.A.); [email protected] (X.M.) Abstract: Outlier detection is a statistical procedure that aims to find suspicious events or items that are different from the normal form of a dataset. It has drawn considerable interest in the field of data mining and machine learning. Outlier detection is important in many applications, including fraud detection in credit card transactions and network intrusion detection. There are two general types of outlier detection: global and local. Global outliers fall outside the normal range for an entire dataset, whereas local outliers may fall within the normal range for the entire dataset, but outside the normal range for the surrounding data points. This paper addresses local outlier detection. The best-known technique for local outlier detection is the Local Outlier Factor (LOF), a density-based technique. There are many LOF algorithms for a static data environment; however, these algorithms cannot be applied directly to data streams, which are an important type of big data. In general, local outlier detection algorithms for data streams are still deficient and better algorithms need to be developed that can effectively analyze the high velocity of data streams to detect local outliers.
    [Show full text]
  • Unsupervised Anomaly Detection Approach for Time-Series in Multi-Domains Using Deep Reconstruction Error
    S S symmetry Article Unsupervised Anomaly Detection Approach for Time-Series in Multi-Domains Using Deep Reconstruction Error Tsatsral Amarbayasgalan 1, Van Huy Pham 2, Nipon Theera-Umpon 3,4 and Keun Ho Ryu 2,4,* 1 Database and Bioinformatics Laboratory, School of Electrical and Computer Engineering, Chungbuk National University, Cheongju 28644, Korea; [email protected] 2 Faculty of Information Technology, Ton Duc Thang University, Ho Chi Minh City 700000, Vietnam; [email protected] 3 Department of Electrical Engineering, Faculty of Engineering, Chiang Mai University, Chiang Mai 50200, Thailand; [email protected] 4 Biomedical Engineering Institute, Chiang Mai University, Chiang Mai 50200, Thailand * Correspondence: [email protected] or [email protected] Received: 16 June 2020; Accepted: 28 July 2020; Published: 29 July 2020 Abstract: Automatic anomaly detection for time-series is critical in a variety of real-world domains such as fraud detection, fault diagnosis, and patient monitoring. Current anomaly detection methods detect the remarkably low proportion of the actual abnormalities correctly. Furthermore, most of the datasets do not provide data labels, and require unsupervised approaches. By focusing on these problems, we propose a novel deep learning-based unsupervised anomaly detection approach (RE-ADTS) for time-series data, which can be applicable to batch and real-time anomaly detections. RE-ADTS consists of two modules including the time-series reconstructor and anomaly detector. The time-series reconstructor module uses the autoregressive (AR) model to find an optimal window width and prepares the subsequences for further analysis according to the width. Then, it uses a deep autoencoder (AE) model to learn the data distribution, which is then used to reconstruct a time-series close to the normal.
    [Show full text]
  • Open Cheng-Kai Chen Thesis Final.Pdf
    The Pennsylvania State University The Graduate School BIOMARKERS DISCOVERY USING NETWORK BASED ANOMALY DETECTION AThesisin Computer Science and Engineering by Cheng-Kai Chen c 2019 Cheng-Kai Chen Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science August 2019 The thesis of Cheng-Kai Chen was reviewed and approved⇤ by the following: Vasant Honavar Professor of Computer Science and Engineering Professor of Information Sciences and Technology Thesis Advisor Kamesh Madduri Associate Professor of Computer Science and Engineering Chitaranjan R. Das Distinguished Professor of Computer Science and Engineering Head of the Department of Computer Science and Engineering ⇤Signatures are on file in the Graduate School. Abstract Identifying biomarkers is an important step in translating research advances in genomics into clinical practice. From a machine learning perspective, computa- tional biomarker identification can be implemented using a broad range of feature selection methods. In this thesis, we consider an alternative approach, Network- Based Biomarker Discovery (NBBD) framework. As the name suggest, NBBD uses network representations of the input data to identify potential biomarkers (i.e., dis- criminative features for training machine learning classifiers). NBBD consists of two main customizable modules: Network Inference Module and Node Importance Scoring Module. The Network Inference Module creates ecological networks from given dataset. The Node Importance Scoring Module computes a score for each node based on the di↵erence between two ecological networks. However, most of the node scoring methods used in NBBD are based on nodes’ local topological properties. To date, NBBD has been successfully applied to metagenomics data. In this thesis, we extend two aspects of the earlier work on NBBD: i) we pro- pose two novel node important scoring methods based on node anomaly scores and di↵erences in nodes global profiles; ii) we demonstrate the applicability of NBBD for Neuroblastoma biomarker discovery from gene expression data.
    [Show full text]
  • Automatic Hyperparameter Tuning Method for Local Outlier Factor, with Applications to Anomaly Detection
    Automatic Hyperparameter Tuning Method for Local Outlier Factor, with Applications to Anomaly Detection Zekun Xu∗ Deovrat Kakdey Arin Chaudhuriz February 5, 2019 Abstract In recent years, there have been many practical applications of anomaly detection such as in predictive maintenance, detection of credit fraud, network intrusion, and system failure. The goal of anomaly detection is to identify in the test data anomalous behaviors that are either rare or unseen in the training data. This is a common goal in predictive maintenance, which aims to forecast the imminent faults of an appliance given abundant samples of normal behaviors. Local outlier factor (LOF) is one of the state-of-the-art models used for anomaly detection, but the predictive performance of LOF depends greatly on the selection of hyperparameters. In this paper, we propose a novel, heuristic methodology to tune the hyperparameters in LOF. A tuned LOF model that uses the proposed method shows good predictive performance in both simulations and real data sets. Keywords: local outlier factor, anomaly detection, hyperparameter tuning 1 Introduction Anomaly detection has practical importance in a variety of applications such as predictive mainte- nance, intrusion detection in electronic systems (Patcha and Park, 2007; Jyothsna et al., 2011), faults in industrial systems (Wise et al., 1999), and medical diagnosis (Tarassenko et al., 1995; Quinn and Williams, 2007; Clifton et al., 2011). Predictive maintenance setups usually assume that the normal class of data points is well sampled in the training data whereas the anomaly class arXiv:1902.00567v1 [stat.AP] 1 Feb 2019 is rare and underrepresented. This assumption is relevant because large critical systems usually produce abundant data for normal activities, but it is the anomalous behaviors (which are scarce and evolving) that can be used to proactively forecast imminent failures Thus, the challenge in anomaly detection is to be able to identify new types of anomalies in the test data that are rare or unseen in the available training data.
    [Show full text]