hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Context Discovery for Anomaly Detection
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-6249-4144
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-7796-5201
Halmstad University, School of Information Technology.
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Contextual anomaly detection aims at identifying objects that are anomalous only within specific contexts. Most existing methods are limited to a single context defined by user-specified features. While identifying the right context is not trivial in practice, there is often more than just one context in real-world systems under which different anomalies naturally occur. In this work, we introduce ConQuest, a new unsupervised contextual anomaly detection approach that automatically discovers and incorporates multiple contexts useful for revealing contextual anomalies. In ConQuest, we search for relevant contexts by optimizing an unsupervised multi-objective function, where each objective is derived from desired properties of contextual anomaly detection. To effectively balance such (often competing) properties, we use a multi-objective genetic algorithm that returns a Pareto front comprising diverse, non-dominated solutions. Through experiments on various datasets, we show ConQuest outperforms state-of-the-art methods. Further, we showcase the advantage of using multiple objectives over single-objective context discovery strategies and demonstrate the interpretability aspect of ConQuest.

Keywords [en]
anomaly detection, contextual anomaly detection
National Category
Computer Sciences
Research subject
Smart Cities and Communities
Identifiers
URN: urn:nbn:se:hh:diva-46402OAI: oai:DiVA.org:hh-46402DiVA, id: diva2:1639851
Funder
Knowledge Foundation, 20160103
Note

Som manuskript i avhandling / As manuscript in thesis

Available from: 2022-02-22 Created: 2022-02-22 Last updated: 2023-02-27Bibliographically approved
In thesis
1. Together We Learn More: Algorithms and Applications for User-Centric Anomaly Detection
Open this publication in new window or tab >>Together We Learn More: Algorithms and Applications for User-Centric Anomaly Detection
2022 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Anomaly detection is the problem of identifying data points or patterns that do not conform to normal behavior. Anomalies in data often correspond to important and actionable information such as frauds in financial applications, faults in production units, intrusions in computer systems, and serious diseases in patient records. One of the fundamental challenges of anomaly detection is that the exact notion of anomaly is subjective and varies greatly in different applications and domains. This makes distinguishing anomalies that match with the end-user's expectations from other observations difficult. As a result, anomaly detectors produce many false alarms that do not correspond to semantically meaningful anomalies for the analyst. 

Humans can help, in different ways, to bridge this gap between detected anomalies and ''anomalies-of-interest'': by giving clues on features more likely to reveal interesting anomalies or providing feedback to separate them from irrelevant ones. However, it is not realistic to assume a human to easily provide feedback without explaining why the algorithm classifies a certain sample as an anomaly. Interpretability of results is crucial for an analyst to be able to investigate the candidate anomaly and decide whether it is actually interesting or not. 

In this thesis, we take a step forward to improve the practical use of anomaly detection in real-life by leveraging human-algorithm collaboration. This thesis and appended papers study the problem of formulating and implementing algorithms for user-centric anomaly detection-- a setting in which people analyze, interpret, and learn from the detector's results, as well as provide domain knowledge or feedback. Throughout this thesis, we have described a number of diverse approaches, each addressing different challenges and needs of user-centric anomaly detection in the real world, and combined these methods into a coherent framework. By conducting different studies, this thesis finds that a comprehensive approach incorporating human knowledge and providing interpretable results can lead to more effective and practical anomaly detection and more successful real-world applications. The major contributions that result from the studies included in this work and led the above conclusion can be summarized into five categories: (1) exploring different data representations that are suitable for anomaly detection based on data characteristics and domain knowledge, (2) discovering patterns and groups in data that describe normal behavior in the current application, (3) implementing a generic and extensible framework enabling use-case-specific detectors suitable for different scenarios, (4) incorporating domain knowledge and expert feedback into anomaly detection, and (5) producing interpretable detection results that support end-users in understanding and validating the anomalies. 

Place, publisher, year, edition, pages
Halmstad University Press, 2022. p. 211
Series
Halmstad University Dissertations ; 9
Keywords
data mining, machine learning, anomaly detection
National Category
Computer Sciences
Research subject
Smart Cities and Communities
Identifiers
urn:nbn:se:hh:diva-46404 (URN)978-91-88749-87-1 (ISBN)978-91-88749-88-8 (ISBN)
Public defence
2022-03-22, Visionen (Halda), Kristian IV:s väg 3, Halmstad, 13:00 (English)
Opponent
Supervisors
Available from: 2022-02-25 Created: 2022-02-22 Last updated: 2022-02-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Calikus, EceNowaczyk, SławomirDikmen, Onur

Search in DiVA

By author/editor
Calikus, EceNowaczyk, SławomirDikmen, Onur
By organisation
School of Information Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 517 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf