Searching for Anomalies Over Composite Hypotheses

The problem of detecting anomalies in multiple processes is considered. We consider a composite hypothesis case, in which the measurements drawn when observing a process follow a common distribution with an unknown parameter (vector), whose value lies in normal or abnormal parameter spaces, depending on its state. The objective is a sequential search strategy that minimizes the expected detection time subject to an error probability constraint. We develop a deterministic search algorithm with the following desired properties. First, when no additional side information on the process states is known, the proposed algorithm is asymptotically optimal in terms of minimizing the detection delay as the error probability approaches zero. Second, when the parameter value under the null hypothesis is known and equal for all normal processes, the proposed algorithm is asymptotically optimal as well, with better detection time determined by the true null state. Third, when the parameter value under the null hypothesis is unknown, but is known to be equal for all normal processes, the proposed algorithm is consistent in terms of achieving error probability that decays to zero with the detection delay. Finally, an explicit upper bound on the error probability under the proposed algorithm is established for the finite sample regime. Extensive experiments on synthetic dataset and DARPA intrusion detection dataset are conducted, demonstrating strong performance of the proposed algorithm over existing methods.

[1]  Rajesh Sundaresan,et al.  Learning to Detect an Oddball Target , 2015, IEEE Transactions on Information Theory.

[2]  David A. Castañón Optimal search strategies in dynamic hypothesis testing , 1995, IEEE Trans. Syst. Man Cybern..

[3]  Leonardo S. Cardoso,et al.  Fast initialization of cognitive radio systems , 2017, 2017 IEEE 18th International Workshop on Signal Processing Advances in Wireless Communications (SPAWC).

[4]  Mac Schwager,et al.  Always choose second best: Tracking a moving target on a graph with a noisy binary sensor , 2016, 2016 European Control Conference (ECC).

[5]  Vladimir Dragalin A simple and effective scanning rule for a multi-channel system , 1996 .

[6]  Georgios Fellouris,et al.  Sequential multiple testing with generalized error control: An asymptotic optimality theory , 2016, The Annals of Statistics.

[7]  Sirin Nitinawarat,et al.  Controlled Sensing for Sequential Multihypothesis Testing with Controlled Markovian Observations and Non-Uniform Control Cost , 2013 .

[8]  Kobi Cohen,et al.  Active Hypothesis Testing for Anomaly Detection , 2015, IEEE Transactions on Information Theory.

[9]  Venugopal V. Veeravalli,et al.  Multihypothesis sequential probability ratio tests - Part I: Asymptotic optimality , 1999, IEEE Trans. Inf. Theory.

[10]  I. Pavlov Sequential Procedure of Testing Composite Hypotheses with Applications to the Kiefer–Weiss Problem , 1991 .

[11]  Tara Javidi,et al.  Active Sequential Hypothesis Testing , 2012, ArXiv.

[12]  Walter T. Federer,et al.  Sequential Design of Experiments , 1967 .

[13]  J. Andel Sequential Analysis , 2022, The SAGE Encyclopedia of Research Design.

[14]  Kobi Cohen,et al.  Sequential Anomaly Detection Under a Nonlinear System Cost , 2019, IEEE Transactions on Signal Processing.

[15]  Qing Zhao,et al.  Dynamic search under false alarms , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[16]  A. Albert The Sequential Design of Experiments for Infinitely Many States of Nature , 1961 .

[17]  Lawrence D. Stone,et al.  Optimal Search Using Uninterrupted Contact Investigation , 1971 .

[18]  H. Vincent Poor,et al.  Quickest Search Over Multiple Sequences , 2011, IEEE Transactions on Information Theory.

[19]  Ananthram Swami,et al.  Optimal Index Policies for Anomaly Localization in Resource-Constrained Cyber Systems , 2014, IEEE Transactions on Signal Processing.

[20]  H. Robbins,et al.  The Expected Sample Size of Some Tests of Power One , 1974 .

[21]  Matthew Malloy,et al.  Sequential Testing for Sparse Recovery , 2012, IEEE Transactions on Information Theory.

[22]  Gang Li,et al.  On large deviation expansion of distribution of maximum likelihood estimator and its application in large sample estimation , 1993 .

[23]  Urbashi Mitra,et al.  Parametric Methods for Anomaly Detection in Aggregate Traffic , 2011, IEEE/ACM Transactions on Networking.

[24]  Kobi Cohen,et al.  Energy-Efficient Detection in Wireless Sensor Networks Using Likelihood Ratio and Channel State Information , 2011, IEEE Journal on Selected Areas in Communications.

[25]  H. Robbins,et al.  A Class of Stopping Rules for Testing Parametric Hypotheses , 1985 .

[26]  G. Schwarz Asymptotic Shapes of Bayes Sequential Testing Regions , 1962 .

[27]  K. Sh. Zigangirov,et al.  On a Problem in Optimal Scanning , 1966 .

[28]  Qing Zhao,et al.  Quickest Detection in Multiple On–Off Processes , 2010, IEEE Transactions on Signal Processing.

[29]  George Atia,et al.  Controlled Sensing for Multihypothesis Testing , 2012, IEEE Transactions on Automatic Control.

[30]  Josep Font-Segura,et al.  GLRT-Based Spectrum Sensing for Cognitive Radio with Prior Information , 2010, IEEE Transactions on Communications.

[31]  James Yackel,et al.  Optimal search strategies for Wienér processes , 1975 .

[32]  Srikrishna Bhashyam,et al.  Sequential controlled sensing for composite multihypothesis testing , 2019, Sequential Analysis.

[33]  Rick S. Blum,et al.  Energy Efficient Signal Detection in Sensor Networks Using Ordered Transmissions , 2008, IEEE Transactions on Signal Processing.

[34]  H. Vincent Poor,et al.  Quickest detection of Markov networks , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[35]  Tara Javidi,et al.  Sequentiality and Adaptivity Gains in Active Hypothesis Testing , 2012, IEEE Journal of Selected Topics in Signal Processing.

[36]  Ali Tajer,et al.  Quickest Linear Search over Correlated Sequences , 2016, IEEE Transactions on Information Theory.

[37]  T. Lai Nearly Optimal Sequential Tests of Composite Hypotheses , 1988 .

[38]  H. Vincent Poor,et al.  Quick Search for Rare Events , 2012, IEEE Transactions on Information Theory.

[39]  Joseph B. Kadane,et al.  Optimal Whereabouts Search , 1971, Oper. Res..

[40]  Matthew Malloy,et al.  Quickest search for a rare distribution , 2012, 2012 46th Annual Conference on Information Sciences and Systems (CISS).

[41]  Georgios Fellouris,et al.  Asymptotically optimal, sequential, multiple testing procedures with prior information on the number of signals , 2016, 1603.02791.

[42]  Husheng Li,et al.  Restless Watchdog: Selective Quickest Spectrum Sensing in Multichannel Cognitive Radio Systems , 2009, EURASIP J. Adv. Signal Process..

[43]  George Atia,et al.  Controlled sensing for hypothesis testing , 2012, 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[44]  T. Lai,et al.  NEARLY OPTIMAL GENERALIZED SEQUENTIAL LIKELIHOOD RATIO TESTS IN MULTIVARIATE EXPONENTIAL FAMILIES , 1994 .

[45]  H. Vincent Poor,et al.  Active Sampling for the Quickest Detection of Markov Networks , 2017 .

[46]  A. Tartakovsky An efficient adaptive sequential procedure for detecting targets , 2002, Proceedings, IEEE Aerospace Conference.

[47]  Sirin Nitinawarat,et al.  Universal scheme for optimal search and stop , 2014, 2015 Information Theory and Applications Workshop (ITA).

[48]  Yan Xin,et al.  Fast Multiband Spectrum Scanning for Cognitive Radio Systems , 2013, IEEE Transactions on Communications.

[49]  Keith P. Tognetti,et al.  Letter to the Editor - An Optimal Strategy for a Whereabouts Search , 1968, Oper. Res..

[50]  Kobi Cohen,et al.  Asymptotically Optimal Anomaly Detection via Sequential Testing , 2014, IEEE Transactions on Signal Processing.

[51]  Kobi Cohen,et al.  Active Anomaly Detection in Heterogeneous Processes , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[52]  Kobi Cohen,et al.  Asymptotically optimal search of unknown anomalies , 2016, 2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).