Unsupervised Anomaly Detection in Receipt Data

Total Page:16

File Type:pdf, Size:1020Kb

Unsupervised Anomaly Detection in Receipt Data DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2017 Unsupervised Anomaly Detection in Receipt Data ANDREAS FORSTÉN KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF COMPUTER SCIENCE AND COMMUNICATION Unsupervised anomaly detection in receipt data ANDREAS FORSTÉN Master in Computer Science Date: September 17, 2017 Supervisor: Professor Örjan Ekeberg Examiner: Associate Professor Mårten Björkman Swedish title: Oövervakad anomalidetektion i kvittodata School of Computer Science and Communication iii Abstract With the progress of data handling methods and computing power comes the possibility of automating tasks that are not necessarily han- dled by humans. This study was done in cooperation with a company that digitalizes receipts for companies. We investigate the possibility of automating the task of finding anomalous receipt data, which could automate the work of receipt auditors. We study both anomalous user behaviour and individual receipts. The results indicate that automa- tion is possible, which may reduce the necessity of human inspection of receipts. Keywords: Anomaly detection, receipt, receipt digitalization, au- tomatization iv Sammanfattning Med de framsteg inom datahantering och datorkraft som gjorts så kommer också möjligheten att automatisera uppgifter som ej nödvän- digtvis utförs av människor. Denna studie gjordes i samarbete med ett företag som digitaliserar företags kvitton. Vi undersöker möjligheten att automatisera sökandet av avvikande kvittodata, vilket kan avlas- ta revisorer. Vti studerar både avvikande användarbeteenden och in- dividuella kvitton. Resultaten indikerar att automatisering är möjligt, vilket kan reducera behovet av mänsklig inspektion av kvitton. Nyckelord: Anomalidetektion, kvitto, kvittodigitalisering, automa- tisering Contents 1 Introduction 1 1.1 Problem description . .1 1.2 Ethical considerations . .4 1.3 Related Work . .5 2 Background 7 2.1 Anomaly detection . .7 2.1.1 Evaluation . .9 2.1.2 Summary . 11 2.2 Methods for anomaly detection . 12 2.2.1 Temporal anomaly detection . 12 2.2.2 Global anomaly detection . 14 2.2.3 Local anomaly detection . 15 3 Method 17 3.1 Data . 17 3.1.1 Data selection . 18 3.1.2 Data description . 18 3.2 Automatic auditing . 24 3.2.1 User characterization . 24 3.2.2 Temporal analysis . 30 3.3 Evaluation . 38 3.4 Implementation . 39 4 Results 40 4.1 User characterization . 40 4.2 Time series analysis . 41 v vi CONTENTS 5 Discussion 44 5.1 User characterization . 44 5.2 Time series analysis . 45 5.3 Further work . 46 Chapter 1 Introduction Anomaly detection, also commonly referred to as outlier detection, is the process of finding data points that deviate from some measure of normality. The problem has been intensely studied and the methods generated are used in everything from credit card fraud detection to monitoring of patient medical data (Chandola, Banerjee, and Kumar 2009). The origin of anomalies naturally varies with the field of study. They may arise from e.g. fraud attempts, sensor faults or user mistakes in a data input interface. A thorough understanding of the ’black box’ be- tween the mechanism generating the data and the data itself is there- fore usually very helpful, or even necessary, for finding interesting outliers, which is one of the reasons why domain-specialized studies are common in the field of anomaly detection. This thesis is such a domain-specialized study, with the focus being on receipt data. 1.1 Problem description This work is done in cooperation with a company that provides a ser- vice for digitally handling receipts. The common customers are com- panies in need of a service that lets employees easily structure and re- port expenses made on behalf of the company in order to be refunded. The user fills in a form for each receipt, where he or she may choose to either manually enter fields such as total cost, date of expense, VAT cost etc., or let the system suggest completed field based on an OCR reading of the receipt. 1 2 CHAPTER 1. INTRODUCTION After completing the form, the user sends the data to the person or persons responsible for handling receipts at the company (henceforth referred to as auditors). The user’s request is either accepted or rejected, where a reason for rejection may be e.g. that the auditor considers the expense to be of personal nature. Figure 1.1: Receipt digitalization system. The expenses reported through this system has been stored in a dataset that is henceforth referred to as the Expense dataset. All data is anonymized to avoid identification of individuals. The original Expense dataset consists of approximately one million data points. In this study we use a subset of the dataset which only contains data from paying users with at least 500 receipts in the dataset. The leaves about 155; 000 data points from 197 users. This reduction was done to 1) remove all data from users that merely test the system, 2) be able to draw conclusions about user behaviour, which is difficult if too few data points are avail- able. The features of the dataset are: CHAPTER 1. INTRODUCTION 3 • Transaction ID. Works as a primary key; it does not provide any information. • User ID. Used to identify the user that the receipt belongs to. • Company ID. Used to identify the company which the user be- longs to. • The date of the expense, that is, when the purchase was made. • The exchange rate to SEK at the date of purchase. • The Value Added Tax (VAT) cost. • Total cost of the expense (that is, including VAT). • The country of the expense. • The currency of the expense. This may be different from the cur- rency of the country feature, e.g. if someone buys something with euros in a country outside the eurozone. • Number of attendees. • An image url, which provides a link to the image of the receipt. • An ID that identifies a category of the transaction. • Zero or more class tags of the transaction. Most features are self-explanatory, but the last four warrant further explanation. The number of attendees is an integer that is used in restaurant receipts where several people were present. This allows us to normalize the total cost of the restaurant visit by simply dividing by this number, as visits with a large number of attendees would other- wise appear as very large expenses. The image url provides a link to the receipt which the expense re- ported is based upon. This provides us with a ground truth for the expense report, and based on inspection of the image we may e.g. de- termine if an error in the data input has been made. For purposes of bookkeeping, receipts are stored in different categories, 4 CHAPTER 1. INTRODUCTION such as software or transport, which is found in the dataset by the cat- egory ID. The categories used may vary with the company, thus all companies have the possibility of defining their own. This posed a problem when a classification mechanism based on the OCR reading was added to the system. To solve this, a set of 26 class tags such as advertising, aviation, restau- rant or car maintenance, which the classification algorithm could use, was introduced. The tags are designed to be non-overlapping and to encompass almost every reported receipt. Companies can then define their own categories, and associate class tags with every category. For example, a company may have transport as a category and associate the tags taxi, aviation, bus, boat, train, parking, rental car with it. A data point classified in one of the tags would then be categorized as trans- port. It would be useful if the web service offered a way for subscribing companies to automate the task of auditing receipts. This study inves- tigates the possibility of this in the context of the reduced Expense dataset. Thus, the following questions are evaluated in this study: • How may we construct an automatic auditor that flags individ- ual receipts and users for inspection in such a way that the flag- ging agrees well with human conceptions? • How may such an automatic auditor’s performance be evalu- ated? • Which existing anomaly detection methods may be used for this task? 1.2 Ethical considerations The obvious ethical issue of this study is that which is common to all big data studies, which is privacy invasion. It quickly becomes easy to monitor and study the behaviour of users, which makes surveillance of employees much easier for companies and for those in possession of the data. While the data set we worked with was anonymized in terms CHAPTER 1. INTRODUCTION 5 of the user id etc., it was still possible sometimes to identify individ- uals by name in the receipt images. A leak of such data could make it easy to study the patterns of persons or organizations by unwanted individuals. Another potential problem with receipt digitalization could perhaps be the appearance of new types of forgeries. Currently, receipts must be kept in physical form, but if this demand is removed and perhaps only an image is necessary, then image manipulation could become a real problem. 1.3 Related Work To the author’s knowledge, no previous study has been done on re- ceipt data. The field that has been extensively studied and which is probably in some sense closest to this problem is credit card fraud de- tection. However, as the data generating mechanism is still different, in that private consumers have a different spending pattern from em- ployees, insights from that field can not be directly applied without modifications. Credit card fraud detection was one of the early applications of data mining and machine learning techniques to outlier detection, and many designs have been conceived. One approach is the construction of user profiles made of credit card transaction features, where new data points may be tested against this profile of normality.
Recommended publications
  • A Review on Outlier/Anomaly Detection in Time Series Data
    A review on outlier/anomaly detection in time series data ANE BLÁZQUEZ-GARCÍA and ANGEL CONDE, Ikerlan Technology Research Centre, Basque Research and Technology Alliance (BRTA), Spain USUE MORI, Intelligent Systems Group (ISG), Department of Computer Science and Artificial Intelligence, University of the Basque Country (UPV/EHU), Spain JOSE A. LOZANO, Intelligent Systems Group (ISG), Department of Computer Science and Artificial Intelligence, University of the Basque Country (UPV/EHU), Spain and Basque Center for Applied Mathematics (BCAM), Spain Recent advances in technology have brought major breakthroughs in data collection, enabling a large amount of data to be gathered over time and thus generating time series. Mining this data has become an important task for researchers and practitioners in the past few years, including the detection of outliers or anomalies that may represent errors or events of interest. This review aims to provide a structured and comprehensive state-of-the-art on outlier detection techniques in the context of time series. To this end, a taxonomy is presented based on the main aspects that characterize an outlier detection technique. Additional Key Words and Phrases: Outlier detection, anomaly detection, time series, data mining, taxonomy, software 1 INTRODUCTION Recent advances in technology allow us to collect a large amount of data over time in diverse research areas. Observations that have been recorded in an orderly fashion and which are correlated in time constitute a time series. Time series data mining aims to extract all meaningful knowledge from this data, and several mining tasks (e.g., classification, clustering, forecasting, and outlier detection) have been considered in the literature [Esling and Agon 2012; Fu 2011; Ratanamahatana et al.
    [Show full text]
  • Image Anomaly Detection Using Normal Data Only by Latent Space Resampling
    applied sciences Article Image Anomaly Detection Using Normal Data Only by Latent Space Resampling Lu Wang 1 , Dongkai Zhang 1 , Jiahao Guo 1 and Yuexing Han 1,2,* 1 School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China; [email protected] (L.W.); [email protected] (D.Z.); [email protected] (J.G.) 2 Shanghai Institute for Advanced Communication and Data Science, Shanghai University, 99 Shangda Road, Shanghai 200444, China * Correspondence: [email protected] Received: 29 September 2020; Accepted: 30 November 2020; Published: 3 December 2020 Abstract: Detecting image anomalies automatically in industrial scenarios can improve economic efficiency, but the scarcity of anomalous samples increases the challenge of the task. Recently, autoencoder has been widely used in image anomaly detection without using anomalous images during training. However, it is hard to determine the proper dimensionality of the latent space, and it often leads to unwanted reconstructions of the anomalous parts. To solve this problem, we propose a novel method based on the autoencoder. In this method, the latent space of the autoencoder is estimated using a discrete probability model. With the estimated probability model, the anomalous components in the latent space can be well excluded and undesirable reconstruction of the anomalous parts can be avoided. Specifically, we first adopt VQ-VAE as the reconstruction model to get a discrete latent space of normal samples. Then, PixelSail, a deep autoregressive model, is used to estimate the probability model of the discrete latent space. In the detection stage, the autoregressive model will determine the parts that deviate from the normal distribution in the input latent space.
    [Show full text]
  • Unsupervised Network Anomaly Detection Johan Mazel
    Unsupervised network anomaly detection Johan Mazel To cite this version: Johan Mazel. Unsupervised network anomaly detection. Networking and Internet Architecture [cs.NI]. INSA de Toulouse, 2011. English. tel-00667654 HAL Id: tel-00667654 https://tel.archives-ouvertes.fr/tel-00667654 Submitted on 8 Feb 2012 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. 5)µ4& &OWVFEFMPCUFOUJPOEV %0$503"5%&-6/*7&34*5²%&506-064& %ÏMJWSÏQBS Institut National des Sciences Appliquées de Toulouse (INSA de Toulouse) $PUVUFMMFJOUFSOBUJPOBMFBWFD 1SÏTFOUÏFFUTPVUFOVFQBS Mazel Johan -F lundi 19 décembre 2011 5J tre : Unsupervised network anomaly detection ED MITT : Domaine STIC : Réseaux, Télécoms, Systèmes et Architecture 6OJUÏEFSFDIFSDIF LAAS-CNRS %JSFDUFVS T EFʾÒTF Owezarski Philippe Labit Yann 3BQQPSUFVST Festor Olivier Leduc Guy Fukuda Kensuke "VUSF T NFNCSF T EVKVSZ Chassot Christophe Vaton Sandrine Acknowledgements I would like to first thank my PhD advisors for their help, support and for letting me lead my research toward my own direction. Their inputs and comments along the stages of this thesis have been highly valuable. I want to especially thank them for having been able to dive into my work without drowning, and then, provide me useful remarks.
    [Show full text]
  • Machine Learning and Extremes for Anomaly Detection — Apprentissage Automatique Et Extrêmes Pour La Détection D’Anomalies
    École Doctorale ED130 “Informatique, télécommunications et électronique de Paris” Machine Learning and Extremes for Anomaly Detection — Apprentissage Automatique et Extrêmes pour la Détection d’Anomalies Thèse pour obtenir le grade de docteur délivré par TELECOM PARISTECH Spécialité “Signal et Images” présentée et soutenue publiquement par Nicolas GOIX le 28 Novembre 2016 LTCI, CNRS, Télécom ParisTech, Université Paris-Saclay, 75013, Paris, France Jury : Gérard Biau Professeur, Université Pierre et Marie Curie Examinateur Stéphane Boucheron Professeur, Université Paris Diderot Rapporteur Stéphan Clémençon Professeur, Télécom ParisTech Directeur Stéphane Girard Directeur de Recherche, Inria Grenoble Rhône-Alpes Rapporteur Alexandre Gramfort Maitre de Conférence, Télécom ParisTech Examinateur Anne Sabourin Maitre de Conférence, Télécom ParisTech Co-directeur Jean-Philippe Vert Directeur de Recherche, Mines ParisTech Examinateur List of Contributions Journal Sparse Representation of Multivariate Extremes with Applications to Anomaly Detection. (Un- • der review for Journal of Multivariate Analysis). Authors: Goix, Sabourin, and Clémençon. Conferences On Anomaly Ranking and Excess-Mass Curves. (AISTATS 2015). • Authors: Goix, Sabourin, and Clémençon. Learning the dependence structure of rare events: a non-asymptotic study. (COLT 2015). • Authors: Goix, Sabourin, and Clémençon. Sparse Representation of Multivariate Extremes with Applications to Anomaly Ranking. (AIS- • TATS 2016). Authors: Goix, Sabourin, and Clémençon. How to Evaluate the Quality of Unsupervised Anomaly Detection Algorithms? (to be submit- • ted). Authors: Goix and Thomas. One-Class Splitting Criteria for Random Forests with Application to Anomaly Detection. (to be • submitted). Authors: Goix, Brault, Drougard and Chiapino. Workshops Sparse Representation of Multivariate Extremes with Applications to Anomaly Ranking. (NIPS • 2015 Workshop on Nonparametric Methods for Large Scale Representation Learning). Authors: Goix, Sabourin, and Clémençon.
    [Show full text]
  • Machine Learning for Anomaly Detection and Categorization In
    Machine Learning for Anomaly Detection and Categorization in Multi-cloud Environments Tara Salman Deval Bhamare Aiman Erbad Raj Jain Mohammed SamaKa Washington University in St. Louis, Qatar University, Qatar University, Washington University in St. Louis, Qatar University, St. Louis, USA Doha, Qatar Doha, Qatar St. Louis, USA Doha, Qatar [email protected] [email protected] [email protected] [email protected] [email protected] Abstract— Cloud computing has been widely adopted by is getting popular within organizations, clients, and service application service providers (ASPs) and enterprises to reduce providers [2]. Despite this fact, data security is a major concern both capital expenditures (CAPEX) and operational expenditures for the end-users in multi-cloud environments. Protecting such (OPEX). Applications and services previously running on private environments against attacks and intrusions is a major concern data centers are now being migrated to private or public clouds. in both research and industry [3]. Since most of the ASPs and enterprises have globally distributed user bases, their services need to be distributed across multiple Firewalls and other rule-based security approaches have clouds, spread across the globe which can achieve better been used extensively to provide protection against attacks in performance in terms of latency, scalability and load balancing. the data centers and contemporary networks. However, large The shift has eventually led the research community to study distributed multi-cloud environments would require a multi-cloud environments. However, the widespread acceptance significantly large number of complicated rules to be of such environments has been hampered by major security configured, which could be costly, time-consuming and error concerns.
    [Show full text]
  • CSE601 Anomaly Detection
    Anomaly Detection Jing Gao SUNY Buffalo 1 Anomaly Detection • Anomalies – the set of objects are considerably dissimilar from the remainder of the data – occur relatively infrequently – when they do occur, their consequences can be quite dramatic and quite often in a negative sense “Mining needle in a haystack. So much hay and so little time” 2 Definition of Anomalies • Anomaly is a pattern in the data that does not conform to the expected behavior • Also referred to as outliers, exceptions, peculiarities, surprise, etc. • Anomalies translate to significant (often critical) real life entities – Cyber intrusions – Credit card fraud 3 Real World Anomalies • Credit Card Fraud – An abnormally high purchase made on a credit card • Cyber Intrusions – Computer virus spread over Internet 4 Simple Example Y • N1 and N2 are N regions of normal 1 o1 behavior O3 • Points o1 and o2 are anomalies o2 • Points in region O 3 N2 are anomalies X 5 Related problems • Rare Class Mining • Chance discovery • Novelty Detection • Exception Mining • Noise Removal 6 Key Challenges • Defining a representative normal region is challenging • The boundary between normal and outlying behavior is often not precise • The exact notion of an outlier is different for different application domains • Limited availability of labeled data for training/validation • Malicious adversaries • Data might contain noise • Normal behaviour keeps evolving 7 Aspects of Anomaly Detection Problem • Nature of input data • Availability of supervision • Type of anomaly: point, contextual, structural
    [Show full text]
  • Robustbase: Basic Robust Statistics
    Package ‘robustbase’ June 2, 2021 Version 0.93-8 VersionNote Released 0.93-7 on 2021-01-04 to CRAN Date 2021-06-01 Title Basic Robust Statistics URL http://robustbase.r-forge.r-project.org/ Description ``Essential'' Robust Statistics. Tools allowing to analyze data with robust methods. This includes regression methodology including model selections and multivariate statistics where we strive to cover the book ``Robust Statistics, Theory and Methods'' by 'Maronna, Martin and Yohai'; Wiley 2006. Depends R (>= 3.5.0) Imports stats, graphics, utils, methods, DEoptimR Suggests grid, MASS, lattice, boot, cluster, Matrix, robust, fit.models, MPV, xtable, ggplot2, GGally, RColorBrewer, reshape2, sfsmisc, catdata, doParallel, foreach, skewt SuggestsNote mostly only because of vignette graphics and simulation Enhances robustX, rrcov, matrixStats, quantreg, Hmisc EnhancesNote linked to in man/*.Rd LazyData yes NeedsCompilation yes License GPL (>= 2) Author Martin Maechler [aut, cre] (<https://orcid.org/0000-0002-8685-9910>), Peter Rousseeuw [ctb] (Qn and Sn), Christophe Croux [ctb] (Qn and Sn), Valentin Todorov [aut] (most robust Cov), Andreas Ruckstuhl [aut] (nlrob, anova, glmrob), Matias Salibian-Barrera [aut] (lmrob orig.), Tobias Verbeke [ctb, fnd] (mc, adjbox), Manuel Koller [aut] (mc, lmrob, psi-func.), Eduardo L. T. Conceicao [aut] (MM-, tau-, CM-, and MTL- nlrob), Maria Anna di Palma [ctb] (initial version of Comedian) 1 2 R topics documented: Maintainer Martin Maechler <[email protected]> Repository CRAN Date/Publication 2021-06-02 10:20:02 UTC R topics documented: adjbox . .4 adjboxStats . .7 adjOutlyingness . .9 aircraft . 12 airmay . 13 alcohol . 14 ambientNOxCH . 15 Animals2 . 18 anova.glmrob . 19 anova.lmrob .
    [Show full text]
  • A Practical Guide to Support Predictive Tasks in Data Science
    A Practical Guide to Support Predictive Tasks in Data Science Jose´ Augusto Camaraˆ Filho1, Jose´ Maria Monteiro1,Cesar´ Lincoln Mattos1 and Juvencioˆ Santos Nobre2 1Department of Computing, Federal University of Ceara,´ Fortaleza, Ceara,´ Brazil 2Department of Statistics and Applied Mathematics, Federal University of Ceara,´ Fortaleza, Ceara,´ Brazil Keywords: Practical Guide, Prediction, Data Science. Abstract: Currently, professionals from the most diverse areas of knowledge need to explore their data repositories in order to extract knowledge and create new products or services. Several tools have been proposed in order to facilitate the tasks involved in the Data Science lifecycle. However, such tools require their users to have specific (and deep) knowledge in different areas of Computing and Statistics, making their use practically unfeasible for non-specialist professionals in data science. In this paper, we propose a guideline to support predictive tasks in data science. In addition to being useful for non-experts in Data Science, the proposed guideline can support data scientists, data engineers or programmers which are starting to deal with predic- tive tasks. Besides, we present a tool, called DSAdvisor, which follows the stages of the proposed guideline. DSAdvisor aims to encourage non-expert users to build machine learning models to solve predictive tasks, ex- tracting knowledge from their own data repositories. More specifically, DSAdvisor guides these professionals in predictive tasks involving regression and classification. 1 INTRODUCTION dict the future, and create new services and prod- ucts (Ozdemir, 2016). Data science makes it pos- Due to a large amount of data currently available, sible to identifying patterns hidden and obtain new arises the need for professionals of different areas to insights hidden in these datasets, from complex ma- extract knowledge from their repositories to create chine learning algorithms.
    [Show full text]
  • Anomaly Detection in Data Mining: a Review Jagruti D
    Volume 7, Issue 4, April 2017 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Anomaly Detection in Data Mining: A Review Jagruti D. Parmar Prof. Jalpa T. Patel M.E IT, SVMIT, Bharuch, Gujarat, CSE & IT, SVMIT Bharuch, Gujarat, India India Abstract— Anomaly detection is the new research topic to this new generation researcher in present time. Anomaly detection is a domain i.e., the key for the upcoming data mining. The term ‘data mining’ is referred for methods and algorithms that allow extracting and analyzing data so that find rules and patterns describing the characteristic properties of the information. Techniques of data mining can be applied to any type of data to learn more about hidden structures and connections. In the present world, vast amounts of data are kept and transported from one location to another. The data when transported or kept is informed exposed to attack. Though many techniques or applications are available to secure data, ambiguities exist. As a result to analyze data and to determine different type of attack data mining techniques have occurred to make it less open to attack. Anomaly detection is used the techniques of data mining to detect the surprising or unexpected behaviour hidden within data growing the chances of being intruded or attacked. This paper work focuses on Anomaly Detection in Data mining. The main goal is to detect the anomaly in time series data using machine learning techniques. Keywords— Anomaly Detection; Data Mining; Time Series Data; Machine Learning Techniques.
    [Show full text]
  • Anomaly Detection in Raw Audio Using Deep Autoregressive Networks
    ANOMALY DETECTION IN RAW AUDIO USING DEEP AUTOREGRESSIVE NETWORKS Ellen Rushe, Brian Mac Namee Insight Centre for Data Analytics, University College Dublin ABSTRACT difficulty to parallelize backpropagation though time, which Anomaly detection involves the recognition of patterns out- can slow training, especially over very long sequences. This side of what is considered normal, given a certain set of input drawback has given rise to convolutional autoregressive ar- data. This presents a unique set of challenges for machine chitectures [24]. These models are highly parallelizable in learning, particularly if we assume a semi-supervised sce- the training phase, meaning that larger receptive fields can nario in which anomalous patterns are unavailable at training be utilised and computation made more tractable due to ef- time meaning algorithms must rely on non-anomalous data fective resource utilization. In this paper we adapt WaveNet alone. Anomaly detection in time series adds an additional [24], a robust convolutional autoregressive model originally level of complexity given the contextual nature of anomalies. created for raw audio generation, for anomaly detection in For time series modelling, autoregressive deep learning archi- audio. In experiments using multiple datasets we find that we tectures such as WaveNet have proven to be powerful gener- obtain significant performance gains over deep convolutional ative models, specifically in the field of speech synthesis. In autoencoders. this paper, we propose to extend the use of this type of ar- The remainder of this paper proceeds as follows: Sec- chitecture to anomaly detection in raw audio. In experiments tion 2 surveys recent related work on the use of deep neu- using multiple audio datasets we compare the performance of ral networks for anomaly detection; Section 3 describes the this approach to a baseline autoencoder model and show su- WaveNet architecture and how it has been re-purposed for perior performance in almost all cases.
    [Show full text]
  • Detecting Anomalies in System Log Files Using Machine Learning Techniques
    Institute of Software Technology University of Stuttgart Universitätsstraße 38 D–70569 Stuttgart Bachelor’s Thesis 148 Detecting Anomalies in System Log Files using Machine Learning Techniques Tim Zwietasch Course of Study: Computer Science Examiner: Prof. Dr. Lars Grunske Supervisor: M. Sc. Teerat Pitakrat Commenced: 2014/05/28 Completed: 2014/10/02 CR-Classification: B.8.1 Abstract Log files, which are produced in almost all larger computer systems today, contain highly valuable information about the health and behavior of the system and thus they are consulted very often in order to analyze behavioral aspects of the system. Because of the very high number of log entries produced in some systems, it is however extremely difficult to find relevant information in these files. Computer-based log analysis techniques are therefore indispensable for the process of finding relevant data in log files. However, a big problem in finding important events in log files is, that one single event without any context does not always provide enough information to detect the cause of the error, nor enough information to be detected by simple algorithms like the search with regular expressions. In this work, three different data representations for textual information are developed and evaluated, which focus on the contextual relationship between the data in the input. A new position-based anomaly detection algorithm is implemented and compared to various existing algorithms based on the three new representations. The algorithms are executed on a semantically filtered set of a labeled BlueGene/L log file and evaluated by analyzing the correlation between the labels contained in the log file and the anomalous events created by the algorithms.
    [Show full text]
  • Anomaly Detection with Adversarial Dual Autoencoders
    Anomaly Detection with Adversarial Dual Autoencoders Vu Ha Son1, Ueta Daisuke2, Hashimoto Kiyoshi2, Maeno Kazuki3, Sugiri Pranata1, Sheng Mei Shen1 1Panasonic R&D Center Singapore {hason.vu,sugiri.pranata,shengmei.shen}@sg.panasonic.com 2Panasonic CNS – Innovation Center 3Panasonic CETDC {ueta.daisuke,hashimoto.kiyoshi,maeno.kazuki}@jp.panasonic.com Abstract Semi-supervised and unsupervised Generative Adversarial Networks (GAN)-based methods have been gaining popularity in anomaly detection task recently. However, GAN training is somewhat challenging and unstable. Inspired from previous work in GAN-based image generation, we introduce a GAN-based anomaly detection framework – Adversarial Dual Autoencoders (ADAE) - consists of two autoencoders as generator and discriminator to increase training stability. We also employ discriminator reconstruction error as anomaly score for better detection performance. Experiments across different datasets of varying complexity show strong evidence of a robust model that can be used in different scenarios, one of which is brain tumor detection. Keywords: Anomaly Detection, Generative Adversarial Networks, Brain Tumor Detection 1 Introduction The task of anomaly detection is informally defined as follows: given the set of normal behaviors, one must detect whether incoming input exhibits any irregularity. In anomaly detection, semi-supervised and unsupervised approaches have been dominant recently, as the weakness of supervised approaches is that they require monumental effort in labeling data. On the contrary, semi-supervised and unsupervised methods do not require many data labeling, making them desirable, especially for rare/unseen anomalous cases. Out of the common methods for semi and unsupervised anomaly detection such as variational autoencoder (VAE), autoencoder (AE) and GAN, GAN-based methods are among the most popular choices.
    [Show full text]