Online anomaly detection with nested trees

dc.citation.epage1871en_US
dc.citation.issueNumber12en_US
dc.citation.spage1867en_US
dc.citation.volumeNumber23en_US
dc.contributor.authorDelibalta, I.en_US
dc.contributor.authorGokcesu, K.en_US
dc.contributor.authorSimsek, M.en_US
dc.contributor.authorBaruh, L.en_US
dc.contributor.authorKozat, S. S.en_US
dc.date.accessioned2018-04-12T10:42:56Z
dc.date.available2018-04-12T10:42:56Z
dc.date.issued2016en_US
dc.departmentDepartment of Electrical and Electronics Engineeringen_US
dc.description.abstractWe introduce an online anomaly detection algorithm that processes data in a sequential manner. At each time, the algorithm makes a new observation, produces a decision, and then adaptively updates all its parameters to enhance its performance. The algorithm mainly works in an unsupervised manner since in most real-life applications labeling the data is costly. Even so, whenever there is a feedback, the algorithm uses it for better adaptation. The algorithm has two stages. In the first stage, it constructs a score function similar to a probability density function to model the underlying nominal distribution (if there is one) or to fit to the observed data. In the second state, this score function is used to evaluate the newly observed data to provide the final decision. The decision is given after the well-known thresholding. We construct the score using a highly versatile and completely adaptive nested decision tree. Nested soft decision trees are used to partition the observation space in a hierarchical manner. We adaptively optimize every component of the tree, i.e., decision regions and probabilistic models at each node as well as the overall structure, based on the sequential performance. This extensive in-time adaptation provides strong modeling capabilities; however, it may cause overfitting. To mitigate the overfitting issues, we first use the intermediate nodes of the tree to produce several subtrees, which constitute all the models from coarser to full extend, and then adaptively combine them. By using a real-life dataset, we show that our algorithm significantly outperforms the state of the art. © 1994-2012 IEEE.en_US
dc.description.provenanceMade available in DSpace on 2018-04-12T10:42:56Z (GMT). No. of bitstreams: 1 bilkent-research-paper.pdf: 179475 bytes, checksum: ea0bedeb05ac9ccfb983c327e155f0c2 (MD5) Previous issue date: 2016en
dc.identifier.doi10.1109/LSP.2016.2623773en_US
dc.identifier.issn1070-9908
dc.identifier.urihttp://hdl.handle.net/11693/36516
dc.language.isoEnglishen_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.isversionofhttp://dx.doi.org/10.1109/LSP.2016.2623773en_US
dc.source.titleIEEE Signal Processing Lettersen_US
dc.subjectIntrusion detectionen_US
dc.subjectSemisupervised learningen_US
dc.subjectStatistical learningen_US
dc.subjectTree data structuresen_US
dc.titleOnline anomaly detection with nested treesen_US
dc.typeArticleen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Online Anomaly Detection With Nested Trees.pdf
Size:
487.69 KB
Format:
Adobe Portable Document Format
Description:
Full printable version