Toward supervised anomaly detection

Publikation: Beiträge in ZeitschriftenZeitschriftenaufsätzeForschungbegutachtet

Standard

Toward supervised anomaly detection. / Görnitz, Nico; Kloft, Marius; Rieck, Konrad et al.
in: Journal of Artificial Intelligence Research, Jahrgang 46, 20.02.2013, S. 235-262.

Publikation: Beiträge in ZeitschriftenZeitschriftenaufsätzeForschungbegutachtet

Harvard

APA

Vancouver

Görnitz N, Kloft M, Rieck K, Brefeld U. Toward supervised anomaly detection. Journal of Artificial Intelligence Research. 2013 Feb 20;46:235-262. doi: 10.1613/jair.3623

Bibtex

@article{a8f717d595bd41368cab4a7c7732ac50,
title = "Toward supervised anomaly detection",
abstract = "Anomaly detection is being regarded as an unsupervised learning task as anomalies stem from adversarial or unlikely events with unknown distributions. However, the predictive performance of purely unsupervised anomaly detection often fails to match the required detection rates in many tasks and there exists a need for labeled data to guide the model generation. Our first contribution shows that classical semi-supervised approaches, originating from a supervised classifier, are inappropriate and hardly detect new and unknown anomalies. We argue that semi-supervised anomaly detection needs to ground on the unsupervised learning paradigm and devise a novel algorithm that meets this requirement. Although being intrinsically non-convex, we further show that the optimization problem has a convex equivalent under relatively mild assumptions. Additionally, we propose an active learning strategy to automatically filter candidates for labeling. In an empirical study on network intrusion detection data, we observe that the proposed learning methodology requires much less labeled data than the state-of-the-art, while achieving higher detection accuracies.",
keywords = "Informatics, learning strategies, Detection accuracy, Empirical studies, Network intrusion detection, Optimization problems, redictive performance, Supervised classifiers, Unsupervised anomaly detection, Business informatics",
author = "Nico G{\"o}rnitz and Marius Kloft and Konrad Rieck and Ulf Brefeld",
year = "2013",
month = feb,
day = "20",
doi = "10.1613/jair.3623",
language = "English",
volume = "46",
pages = "235--262",
journal = "Journal of Artificial Intelligence Research",
issn = "1076-9757",
publisher = "Morgan Kaufmann Publishers, Inc.",

}

RIS

TY - JOUR

T1 - Toward supervised anomaly detection

AU - Görnitz, Nico

AU - Kloft, Marius

AU - Rieck, Konrad

AU - Brefeld, Ulf

PY - 2013/2/20

Y1 - 2013/2/20

N2 - Anomaly detection is being regarded as an unsupervised learning task as anomalies stem from adversarial or unlikely events with unknown distributions. However, the predictive performance of purely unsupervised anomaly detection often fails to match the required detection rates in many tasks and there exists a need for labeled data to guide the model generation. Our first contribution shows that classical semi-supervised approaches, originating from a supervised classifier, are inappropriate and hardly detect new and unknown anomalies. We argue that semi-supervised anomaly detection needs to ground on the unsupervised learning paradigm and devise a novel algorithm that meets this requirement. Although being intrinsically non-convex, we further show that the optimization problem has a convex equivalent under relatively mild assumptions. Additionally, we propose an active learning strategy to automatically filter candidates for labeling. In an empirical study on network intrusion detection data, we observe that the proposed learning methodology requires much less labeled data than the state-of-the-art, while achieving higher detection accuracies.

AB - Anomaly detection is being regarded as an unsupervised learning task as anomalies stem from adversarial or unlikely events with unknown distributions. However, the predictive performance of purely unsupervised anomaly detection often fails to match the required detection rates in many tasks and there exists a need for labeled data to guide the model generation. Our first contribution shows that classical semi-supervised approaches, originating from a supervised classifier, are inappropriate and hardly detect new and unknown anomalies. We argue that semi-supervised anomaly detection needs to ground on the unsupervised learning paradigm and devise a novel algorithm that meets this requirement. Although being intrinsically non-convex, we further show that the optimization problem has a convex equivalent under relatively mild assumptions. Additionally, we propose an active learning strategy to automatically filter candidates for labeling. In an empirical study on network intrusion detection data, we observe that the proposed learning methodology requires much less labeled data than the state-of-the-art, while achieving higher detection accuracies.

KW - Informatics

KW - learning strategies

KW - Detection accuracy

KW - Empirical studies

KW - Network intrusion detection

KW - Optimization problems

KW - redictive performance

KW - Supervised classifiers

KW - Unsupervised anomaly detection

KW - Business informatics

UR - http://www.scopus.com/inward/record.url?scp=84875512265&partnerID=8YFLogxK

UR - https://www.mendeley.com/catalogue/5182cca1-961d-3f09-a144-35dd9cc37f97/

U2 - 10.1613/jair.3623

DO - 10.1613/jair.3623

M3 - Journal articles

AN - SCOPUS:84875512265

VL - 46

SP - 235

EP - 262

JO - Journal of Artificial Intelligence Research

JF - Journal of Artificial Intelligence Research

SN - 1076-9757

ER -

DOI

Zuletzt angesehen

Publikationen

  1. Age and gender effects of workforce composition on productivity and profits
  2. Asset Backed Securities
  3. Der RADIUS eines Verlages
  4. Offshoring and firm performance
  5. Beyond National Policymaking
  6. Fragenbox Mathematik
  7. Values and Corruption
  8. New evidence for vegetation development and timing of Upper Middle Pleistocene interglacials in Northern Germany and tentative correlations
  9. Friction model selection in FEM simulations of aluminium extrusion
  10. Kleinknecht, Alfred and Bain, Donald (eds.): New concepts in innovation output measurement, Basingstoke/London: Macmillan, 1993.204 pp. f 45.00. ISBN 0-333-58818-5
  11. Fazit
  12. Alcohol myopia and goal commitment
  13. Vergleich von Polaritätsprofilen durch Neuheitsfilter
  14. Barrier effects in real-world compared to virtual reality macro-environments
  15. Auditory emotion word primes influence emotional face categorization in children and adults, but not vice versa
  16. Hochschule neu denken
  17. Qu'est-ce que la "stakeholder value"?
  18. Fallstatistik Stand 2009
  19. Wir müssen reden!
  20. Where the Negative Holds Court
  21. Whistle-Blowing heißt nicht: "verpfeifen"
  22. Charity and finance in the university
  23. The Arts as a Value-Creating Ecology in Singapore
  24. Jenseits des Kopftuchs
  25. "Wissenschaftsgeschichte 3mal anders"
  26. Christianity
  27. Bildungssprache mikroskopisch
  28. Pathogen induced disturbance and succession in temperate forests
  29. Ein neuer Klassenkampf?
  30. Article 3 Universal Application
  31. Tree species richness modulates water supply in the local tree neighbourhood
  32. Gründungsberatung
  33. Klassengröße
  34. Perk or Peril? Making Sense of Member Differences When Interorganizational Collaboration Begins
  35. Spread of Non-Native Plant Species into Mountains
  36. Moorfinger
  37. The Star Pattern
  38. Widerruf des Testaments (§ 2253–2258 BGB),