Explore chapters and articles related to this topic
Machine Learning Applications
Published in Peter Wlodarczak, Machine Learning and its Applications, 2019
One problem with anomaly detection is that an anomaly might be unseen and there is no historic data available that reflects the anomaly. For instance, there are constantly new security threads detected that have been unknown and, hence, a machine learning algorithm cannot be trained on existing data. A zero-day vulnerability is such an unknown or unaddressed security vulnerability that can be exploited by hackers. Since there is no data yet from unknown vulnerabilities or security breaches, instead of training a machine learning scheme to detect anomalies in network traffic, the learner can be trained to recognize what normal network traffic looks like. If it detects some deviant traffic, it issues an alarm and a security specialist can analyze the suspicious traffic. What deviant traffic is depends on what is transmitted over the network. For instance, if the network is used for financial transactions, an anomaly might be unusually high amounts of money transferred or transfers to an unusual country. When we have a collection of data points from network traffic they typically have a certain distribution, such as a Gaussian distribution. To detect anomalies, we first calculate the probability distribution p(x) from the data points. For every new data point x, the probability that it belongs to the probability distribution is calculated and compared against a threshold. If p(x) is smaller than the threshold, x is considered an anomaly. Normal data points tend to have a large p(x), whereas anomalous data points tend to have a small one.
A Deep Learning-based System for Network Cyber Threat Detection
Published in Brij B. Gupta, Michael Sheng, Machine Learning for Computer and Cyber Security, 2019
Angel Luis Perales Gomez, Lorenzo Fernandez Maimo, Felix J. Garcia Clemente
Anomaly detection is the identification of items, events or observations which do not conform to an expected pattern or behavior. A simple anomaly detection procedure could be to define a region representing normal behavior and label any sample in the data that does not belong to this normal region as an anomaly. According to [17], there are several challenges in this simple approach—difficulty in defining such a normal region; anomalies produced by an adaptive malicious attacker; normal behavior evolution; context dependent definition of anomaly (e.g., in medical domain, a small fluctuation in body temperature can be an anomaly, whereas similar deviation in stock market domain may be normal); or lack of availability of labeled datasets.
Introduction
Published in Imriyas Kamardeen, Preventing Workplace Incidents in Construction, 2019
Anomaly detection is the identification of data points, items or observations in the dataset that do not conform to the expected/normal behaviour pattern of a given group. Anomaly detection is also known as outlier detection and has a wide range of applications, including: fraud detection in credit card use and taxation, intrusion detection in cyber security, diagnosis of cancerous tumours and predictive maintenance of safety critical systems. In the building maintenance field, anomaly detection was used by Araya et al. (2017) to detect anomalous energy consumption patterns in buildings toward reducing energy waste.
Hyperspectral anomaly detection: a performance comparison of existing techniques
Published in International Journal of Digital Earth, 2022
Noman Raza Shah, Abdur Rahman M. Maud, Farrukh Aziz Bhatti, Muhammad Khizer Ali, Khurram Khurshid, Moazam Maqsood, Muhammad Amin
Hyperspectral anomaly detection has attracted a lot of interest in recent years. Despite the advances in anomaly detection algorithms, there are certain limitations, e.g. dataset-specific parameters setting and higher computation time. Parameter setting is one of the crucial steps, and directly influences the detection accuracy of the algorithms. For different types of datasets, a method often has distinct parameter settings for each dataset. Due to this reason, it is necessary to decrease the number of free parameters for future algorithm development to enhance efficiency. Another aspect is the computational cost of algorithms. Approaches such as parallel computation and fast matrix computation may be employed for efficient implementation of these algorithms. In the future, the requirements for hardware implementation may also be considered while designing real-time algorithms.
A Novel Approach for Cyber Threat Detection Based on Angle-Based Subspace Anomaly Detection
Published in Cybernetics and Systems, 2022
In this section, we will discuss the taxonomy related to anomaly detection which is confined to the scope of this work, reviewing the related literature to find the research gap thereby to elucidate the major motivation of this work. Techniques for Anomaly detection can be widely classified as global technique and local technique based on the size of the selected reference set, supervised technique and unsupervised technique based on the raw data islabeled or unlabeled and as full space technique or subspace technique based on attribute count Hernandez-Suarez et al. (2018), Miller (2012), Thelwall and Buckley (2013), Mejova (2009), considered for defining anomalies as shown in Figure 1. Theoritically these techniques of anomaly detection can be classified as statistical method, classification based anomaly detection, nearest neighbor based detection, spectral based detection, clustering based detection etc.
Credit Card Fraud Detection under Extreme Imbalanced Data: A Comparative Study of Data-level Algorithms
Published in Journal of Experimental & Theoretical Artificial Intelligence, 2022
Amit Singh, Ranjeet Kumar Ranjan, Abhishek Tiwari
The class imbalance problem also has a significant impact on the field of anomaly detection. The applications of anomaly detection are many such as; intrusion or malware detection, fault diagnosis, credit card fraud detection, to name a few. In the anomaly detection problems, the goal is to correctly classify the rare class instances as compared to the majority instance. This means the dataset has an imbalanced class distribution (Maurya et al., 2015). The intrusion detection based on the anomaly detection method was first proposed by Denning in 1987. Since then, it has been widely explored by several researchers (Tavallaee et al., 2010). In (Sekar et al., 2002), an approach for the detection of network intrusion based on specification and anomaly has been proposed. The approach uses machine learning to detect intrusions. The anomaly-based approaches have also been used in fault diagnosis and detection in various domains in the past. In (Uk Kim & Hariri, 2007), an anomaly-based approach to detect the fault in a distributed system has been proposed. (Li et al., 2010) have also proposed an anomaly-based approach for detection and diagnosis of fault in spacecraft.