Abstract image of a woman sitting on books and studying on a laptop

Here is the anomalow-down!

Download as PPTX, PDF
CSIRO, profile picture
CSIRO

The document discusses anomaly detection methods, highlighting the significance of identifying unusual patterns in various domains like fraud and network intrusions. It introduces 'Lookout,' a low false positive method that uses extreme value theory and allows users to avoid parameter specification, along with 'Dobin,' a dimension reduction technique for effective anomaly detection. Examples demonstrate the efficacy of these methods in maintaining anomaly identification across varying bandwidths.

Data & Analytics
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Here is the anomalow-down! Sevvandi Kandanaarachchi RMIT University Joint work with Rob Hyndman 1
Why anomalies? • They tell a different story • Fraudulent credit card transactions amongst billions of legitimate transactions • Computer network intrusions • Astronomical anomalies – solar flares • Weather anomalies – tsunamis • Stock market anomalies – heralding a crash? 2
Anomaly detection – why? • Take fraud and network intrusions for example • Training a model on certain fraud/intrusions/cyber attacks is not optimal, because there are new types of fraud/attacks, always! • You want to be alerted when weird things happen. • Anomaly detection is used in these applications. 3
Is everything rosy? 4
Some Current Challenges High dimensionality of data • Finding anomalies in high dimensional data is hard • Anomalies and normal points look similar High false positives • Do not want an “alarm factory” – confidence in the system goes down Parameters need to be defined by the user • But expert knowledge is needed 5
Overview lookout – an anomaly detection method Low false positives User does not need to specify parameters lookout – on CRAN dobin – a dimension reduction method for anomaly detection Addresses the high dimensionality challenge dobin – on CRAN 6
dobin – dimension reduction for outlier detection Sevvandi Kandanaarachchi, Rob Hyndman JCGS, (2021) 30:1, 204-219 7
What is it? Original anomalies are still anomalies in the reduced dimensional space It is a preprocessing technique Not an anomaly detection method 8
What does it do? Find a set of new axes (basis vectors), which preserves anomalies First basis vector in the direction of most anomalousness (largest knn distances), second basis vector in the direction of second largest knn distances 9
Example • Uniform distribution in 20 dimensions, • one point at (0.9, 0.9, 0.9, . . .) • This is the outlier • In R • > dobin(X) 10
Sevvandi Kandanaarachchi, Rob Hyndman Preprint - https://bit.ly/lookoutliers lookout – leave one out kde for outlier detection 11
lookout Outlier detection method • Because of Extreme Value Theory (EVT) • EVT is used to model 100-year floods • Use a Generalized Pareto Distribution Low false positives Not an “alarm factory” 12
lookout User does not need to specify parameters • Use Kernel Density Estimates – need a bandwidth parameter • But general bandwidth is not appropriate for anomaly detection • Select bandwidth using topological data analysis • bw(TDA) → KDE → EVT → outliers Anomaly persistence • Which anomalies are consistently identified, with changing bandwidth? • Visual representation of anomaly persistence 13
Example 1 2D normal distribution, with outliers at the far end. The outlying indices are 501 - 505 The persistence diagram. The outliers get identified for a large range of bandwidth values. 14
Example 2 2D bimodal distribution, with outliers in the trough. The outliers have indices 1001 - 1005 The persistence diagram. Again, the outliers get identified for a large range of bandwidth values. 15
Example 3 Points in 3 normally distributed clusters, with anomalies away from them. Anomalies have indices 701 - 703. The persistence diagram. Anomalies get identified for a broad range of bandwidth values. 16
Example 4 Points in an annulus with anomalies in the middle. Anomalies have indices 1001 - 1010 The persistence diagram. 17
Summary • dobin - a dimension reduction method for anomaly detection • lookout - a EVT based method to find anomalies • Both paper/preprint available • https://doi.org/10.1080/10618600.2020.1807353 • https://bit.ly/lookoutliers • Both packages on CRAN 18
Thank you! 19

More Related Content

PPTX
Mathematics of anomalies
CSIRO
 
PDF
Rapid Diagnostics Device
CharlesJohn11
 
PPTX
Safe and Easy Tips to Electrical Fault Finding
Electric Works London
 
PPT
Technotoy 7
ralexander1938
 
PDF
Turck sensors
jbhgnbjhmnkhjn
 
PPTX
Testing strategies for electronic components
DepEd-Bataan
 
PDF
An Introduction to Anomaly Detection
Kenneth Graham
 
PPTX
Anomaly detection
Dr. Stylianos Kampakis
 
Mathematics of anomalies
CSIRO
 
Rapid Diagnostics Device
CharlesJohn11
 
Safe and Easy Tips to Electrical Fault Finding
Electric Works London
 
Technotoy 7
ralexander1938
 
Turck sensors
jbhgnbjhmnkhjn
 
Testing strategies for electronic components
DepEd-Bataan
 
An Introduction to Anomaly Detection
Kenneth Graham
 
Anomaly detection
Dr. Stylianos Kampakis
 

Similar to Here is the anomalow-down! (20)

PDF
Anomaly detection (Unsupervised Learning) in Machine Learning
Kuppusamy P
 
PDF
Term_Paper_Shengzhe_Wang
Shengzhe Wang
 
PDF
Anomly and fraud detection using AI - Artivatic.ai
Artivatic.ai
 
PDF
Fraud detection- Retail, Banking, Finance & FMCG
Artivatic.ai
 
PDF
Anomaly detection Workshop slides
QuantUniversity
 
PDF
Pattern recognition at scale anomaly detection in banking on stream data
NUS-ISS
 
PDF
AI in anomaly detection - An Overview.pdf
StephenAmell4
 
PDF
Outlier analysis for Temporal Datasets
QuantUniversity
 
PDF
AI in anomaly detection.pdf
StephenAmell4
 
PDF
anomalydetection-191104083630.pdf
hanadi40
 
PPTX
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
Impetus Technologies
 
PPTX
Anomaly Detection Technique
Chakrit Phain
 
PPTX
Looking out for anomalies
CSIRO
 
PDF
Anomaly detection : QuantUniversity Workshop
QuantUniversity
 
PDF
Anomaly Detection
Carol Hargreaves
 
PDF
Anomaly Detection: A Survey
Konkuk University, Korea
 
PPTX
Anomalies and events keep us on our toes
CSIRO
 
PPTX
Traffic anomaly detection and attack
Qrator Labs
 
PDF
Anomaly detection Meetup Slides
QuantUniversity
 
PDF
Annommaly detection techniques and approaches
Jay Sahoo
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Kuppusamy P
 
Term_Paper_Shengzhe_Wang
Shengzhe Wang
 
Anomly and fraud detection using AI - Artivatic.ai
Artivatic.ai
 
Fraud detection- Retail, Banking, Finance & FMCG
Artivatic.ai
 
Anomaly detection Workshop slides
QuantUniversity
 
Pattern recognition at scale anomaly detection in banking on stream data
NUS-ISS
 
AI in anomaly detection - An Overview.pdf
StephenAmell4
 
Outlier analysis for Temporal Datasets
QuantUniversity
 
AI in anomaly detection.pdf
StephenAmell4
 
anomalydetection-191104083630.pdf
hanadi40
 
Anomaly Detection and Spark Implementation - Meetup Presentation.pptx
Impetus Technologies
 
Anomaly Detection Technique
Chakrit Phain
 
Looking out for anomalies
CSIRO
 
Anomaly detection : QuantUniversity Workshop
QuantUniversity
 
Anomaly Detection
Carol Hargreaves
 
Anomaly Detection: A Survey
Konkuk University, Korea
 
Anomalies and events keep us on our toes
CSIRO
 
Traffic anomaly detection and attack
Qrator Labs
 
Anomaly detection Meetup Slides
QuantUniversity
 
Annommaly detection techniques and approaches
Jay Sahoo
 
Ad

More from CSIRO (20)

PPTX
Extreme value modelling of feature residuals for anomaly detection in dynamic...
CSIRO
 
PPTX
Graphons of Line Graphs Talk at Uni Sydney
CSIRO
 
PDF
Graphons of line graphs Talk WIMSIG 2024
CSIRO
 
PDF
Forecasting graphs using time series and flux balance analysis
CSIRO
 
PPTX
Predicting the Structure of Dynamic Networks
CSIRO
 
PPTX
GECCO 2024 Tutorial on Algorithm Evaluation using Item Response Theory
CSIRO
 
PPTX
The painful removal of tiling artefacts in hypersprectral data
CSIRO
 
PDF
Explainable insights on algorithm performance
CSIRO
 
PPTX
The painful removal of tiling artefacts in ToF-SIMS data
CSIRO
 
PPTX
Sophisticated tools for spatio-temporal data exploration
CSIRO
 
PPTX
Explainable algorithm evaluation from lessons in education
CSIRO
 
PPTX
A time series of networks. Is everything OK? Are there anomalies?
CSIRO
 
PPTX
Explainable algorithm evaluation.pptx
CSIRO
 
PDF
Anomalous Networks
CSIRO
 
PDF
Four, fast geostatistical methods - a comparison
CSIRO
 
PPTX
Comparison of geostatistical methods for spatial data
CSIRO
 
PPTX
From ensembles to computer networks
CSIRO
 
PPTX
Algorithm evaluation using Item Response Theory
CSIRO
 
PPTX
Getting better at detecting anomalies by using ensembles
CSIRO
 
PPTX
Evaluating algorithms using Item Response Theory
CSIRO
 
Extreme value modelling of feature residuals for anomaly detection in dynamic...
CSIRO
 
Graphons of Line Graphs Talk at Uni Sydney
CSIRO
 
Graphons of line graphs Talk WIMSIG 2024
CSIRO
 
Forecasting graphs using time series and flux balance analysis
CSIRO
 
Predicting the Structure of Dynamic Networks
CSIRO
 
GECCO 2024 Tutorial on Algorithm Evaluation using Item Response Theory
CSIRO
 
The painful removal of tiling artefacts in hypersprectral data
CSIRO
 
Explainable insights on algorithm performance
CSIRO
 
The painful removal of tiling artefacts in ToF-SIMS data
CSIRO
 
Sophisticated tools for spatio-temporal data exploration
CSIRO
 
Explainable algorithm evaluation from lessons in education
CSIRO
 
A time series of networks. Is everything OK? Are there anomalies?
CSIRO
 
Explainable algorithm evaluation.pptx
CSIRO
 
Anomalous Networks
CSIRO
 
Four, fast geostatistical methods - a comparison
CSIRO
 
Comparison of geostatistical methods for spatial data
CSIRO
 
From ensembles to computer networks
CSIRO
 
Algorithm evaluation using Item Response Theory
CSIRO
 
Getting better at detecting anomalies by using ensembles
CSIRO
 
Evaluating algorithms using Item Response Theory
CSIRO
 
Ad

Recently uploaded (20)

PDF
2025-08 San Francisco FinOps Meetup: Tiering, Intelligently.
RTylerCroy
 
PPTX
langchainpptforbeginners_easy_explanation.pptx
attherat00e
 
PPTX
Capstone Presentation a.pptx on data sci
anukritijs
 
PPT
What is life? We never know the answer exactly
ademustafa3
 
PPTX
Stats annual compiled ipd opd ot br 2024
nigamvertika
 
PDF
Mcdonald's : a half century growth . pdf
sainikeshbi
 
PDF
9 FinOps Tools That Simplify Cloud Cost Reporting.pdf
Amnic
 
PPTX
inbound2857676998455010149.pptxmmmmmmmmm
hacheldelrosario
 
PPTX
Chapter security of computer_8_v8.1.pptx
78linux78
 
PPTX
GPS sensor used agriculture land for automation
masanimasani2020
 
PDF
technical specifications solar ear 2025.
ViniciusLira30
 
PPTX
ch20 Database System Architecture by Rizvee
AbirHasan121147
 
PDF
Nucleic-Acids_-Structure-Typ...-1.pdf 011
jeniecaellahebcasnam
 
PDF
book-34714 (2).pdfhjkkljgfdssawtjiiiiiujj
TawfekReda1
 
PPTX
indiraparyavaranbhavan-240418134200-31d840b3.pptx
janbenijami
 
PDF
Teal Blue Futuristic Metaverse Presentation.pdf
DaNialPanjang
 
PPT
2011 HCRP presentation-final.pptjrirrififfi
SauravAggarwal12
 
PPTX
cp-and-safeguarding-training-2018-2019-mmfv2-230818062456-767bc1a7.pptx
rachellegalit2
 
PDF
Concepts of Database Management, 10th Edition by Lisa Friedrichsen Test Bank.pdf
solutions manual team
 
PPTX
lung disease detection using transfer learning approach.pptx
abhaychaudhary35
 
2025-08 San Francisco FinOps Meetup: Tiering, Intelligently.
RTylerCroy
 
langchainpptforbeginners_easy_explanation.pptx
attherat00e
 
Capstone Presentation a.pptx on data sci
anukritijs
 
What is life? We never know the answer exactly
ademustafa3
 
Stats annual compiled ipd opd ot br 2024
nigamvertika
 
Mcdonald's : a half century growth . pdf
sainikeshbi
 
9 FinOps Tools That Simplify Cloud Cost Reporting.pdf
Amnic
 
inbound2857676998455010149.pptxmmmmmmmmm
hacheldelrosario
 
Chapter security of computer_8_v8.1.pptx
78linux78
 
GPS sensor used agriculture land for automation
masanimasani2020
 
technical specifications solar ear 2025.
ViniciusLira30
 
ch20 Database System Architecture by Rizvee
AbirHasan121147
 
Nucleic-Acids_-Structure-Typ...-1.pdf 011
jeniecaellahebcasnam
 
book-34714 (2).pdfhjkkljgfdssawtjiiiiiujj
TawfekReda1
 
indiraparyavaranbhavan-240418134200-31d840b3.pptx
janbenijami
 
Teal Blue Futuristic Metaverse Presentation.pdf
DaNialPanjang
 
2011 HCRP presentation-final.pptjrirrififfi
SauravAggarwal12
 
cp-and-safeguarding-training-2018-2019-mmfv2-230818062456-767bc1a7.pptx
rachellegalit2
 
Concepts of Database Management, 10th Edition by Lisa Friedrichsen Test Bank.pdf
solutions manual team
 
lung disease detection using transfer learning approach.pptx
abhaychaudhary35
 

Here is the anomalow-down!

  • 1. Here is the anomalow-down! Sevvandi Kandanaarachchi RMIT University Joint work with Rob Hyndman 1
  • 2. Why anomalies? • They tell a different story • Fraudulent credit card transactions amongst billions of legitimate transactions • Computer network intrusions • Astronomical anomalies – solar flares • Weather anomalies – tsunamis • Stock market anomalies – heralding a crash? 2
  • 3. Anomaly detection – why? • Take fraud and network intrusions for example • Training a model on certain fraud/intrusions/cyber attacks is not optimal, because there are new types of fraud/attacks, always! • You want to be alerted when weird things happen. • Anomaly detection is used in these applications. 3
  • 5. Some Current Challenges High dimensionality of data • Finding anomalies in high dimensional data is hard • Anomalies and normal points look similar High false positives • Do not want an “alarm factory” – confidence in the system goes down Parameters need to be defined by the user • But expert knowledge is needed 5
  • 6. Overview lookout – an anomaly detection method Low false positives User does not need to specify parameters lookout – on CRAN dobin – a dimension reduction method for anomaly detection Addresses the high dimensionality challenge dobin – on CRAN 6
  • 7. dobin – dimension reduction for outlier detection Sevvandi Kandanaarachchi, Rob Hyndman JCGS, (2021) 30:1, 204-219 7
  • 8. What is it? Original anomalies are still anomalies in the reduced dimensional space It is a preprocessing technique Not an anomaly detection method 8
  • 9. What does it do? Find a set of new axes (basis vectors), which preserves anomalies First basis vector in the direction of most anomalousness (largest knn distances), second basis vector in the direction of second largest knn distances 9
  • 10. Example • Uniform distribution in 20 dimensions, • one point at (0.9, 0.9, 0.9, . . .) • This is the outlier • In R • > dobin(X) 10
  • 11. Sevvandi Kandanaarachchi, Rob Hyndman Preprint - https://bit.ly/lookoutliers lookout – leave one out kde for outlier detection 11
  • 12. lookout Outlier detection method • Because of Extreme Value Theory (EVT) • EVT is used to model 100-year floods • Use a Generalized Pareto Distribution Low false positives Not an “alarm factory” 12
  • 13. lookout User does not need to specify parameters • Use Kernel Density Estimates – need a bandwidth parameter • But general bandwidth is not appropriate for anomaly detection • Select bandwidth using topological data analysis • bw(TDA) → KDE → EVT → outliers Anomaly persistence • Which anomalies are consistently identified, with changing bandwidth? • Visual representation of anomaly persistence 13
  • 14. Example 1 2D normal distribution, with outliers at the far end. The outlying indices are 501 - 505 The persistence diagram. The outliers get identified for a large range of bandwidth values. 14
  • 15. Example 2 2D bimodal distribution, with outliers in the trough. The outliers have indices 1001 - 1005 The persistence diagram. Again, the outliers get identified for a large range of bandwidth values. 15
  • 16. Example 3 Points in 3 normally distributed clusters, with anomalies away from them. Anomalies have indices 701 - 703. The persistence diagram. Anomalies get identified for a broad range of bandwidth values. 16
  • 17. Example 4 Points in an annulus with anomalies in the middle. Anomalies have indices 1001 - 1010 The persistence diagram. 17
  • 18. Summary • dobin - a dimension reduction method for anomaly detection • lookout - a EVT based method to find anomalies • Both paper/preprint available • https://doi.org/10.1080/10618600.2020.1807353 • https://bit.ly/lookoutliers • Both packages on CRAN 18