Online anomaly detection in case of limited feedback with accurate distribution learning

Abstract

We propose a high-performance algorithm for sequential anomaly detection. The proposed algorithm sequentially runs over data streams, accurately estimates the nominal distribution using exponential family and then declares an anomaly when the assigned likelihood of the current observation is less than a threshold. We use the estimated nominal distribution to assign a likelihood to the current observation and employ limited feedback from the end user to adjust the threshold. The high performance of our algorithm is due to accurate estimation of the nominal distribution, where we achieve this by preventing anomalous data to corrupt the update process. Our method is generic in the sense that it can operate successfully over a wide range of data distributions. We demonstrate the performance of our algorithm with respect to the state-of-the-art over time varying distributions.