Issue No.05 - May (2007 vol.19)
Sanjay Ranka , IEEE
When anomaly detection software is used as a data analysis tool, finding the hardest-to-detect anomalies is not the most critical task. Rather, it is often more important to make sure that those anomalies that are reported to the user are in fact interesting. If too many unremarkable data points are returned to the user labeled as candidate anomalies, the software will soon fall into disuse. One way to ensure that returned anomalies are useful is to make use of domain knowledge provided by the user. Often, the data in question includes a set of environmental attributes whose values a user would never consider to be directly indicative of an anomaly. However, such attributes cannot be ignored because they have a direct effect on the expected distribution of the result attributes whose values can indicate an anomalous observation. This paper describes a general purpose method called conditional anomaly detection for taking such differences among attributes into account, and proposes three different expectation-maximization algorithms for learning the model that is used in conditional anomaly detection. Experiments with more than 13 different data sets compare our algorithms with several other more standard methods for outlier or anomaly detection.
Data mining, mining methods and algorithms.
Mingxi Wu, Christopher Jermaine, Sanjay Ranka, "Conditional Anomaly Detection", IEEE Transactions on Knowledge & Data Engineering, vol.19, no. 5, pp. 631-645, May 2007, doi:10.1109/TKDE.2007.1009