One-Class Conditional Random Fields for Sequential Anomaly Detection

Sequential anomaly detection is a challenging problem due to the one-class nature of the data (i.e., data is collected from only one class) and the temporal dependence in sequential data. We present One-Class Conditional Random Fields (OCCRF) for sequential anomaly detection that learn from a one-class dataset and capture the temporal dependence structure, in an unsupervised fashion. We propose a hinge loss in a regularized risk minimization framework that maximizes the margin between each sequence being classified as "normal" and "abnormal." This allows our model to accept most (but not all) of the training data as normal, yet keeps the solution space tight. Experimental results on a number of real-world datasets show our model outperforming several baselines. We also report an exploratory study on detecting abnormal organizational behavior in enterprise social networks.

[1]  Lei Shi,et al.  Social Network Analysis in Enterprise , 2012, Proceedings of the IEEE.

[2]  Varun Chandola,et al.  Anomaly detection for symbolic sequences and time series data , 2009 .

[3]  Thorsten Joachims,et al.  Learning structural SVMs with latent variables , 2009, ICML '09.

[4]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[5]  Xin Xu,et al.  Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies , 2010, Appl. Soft Comput..

[6]  Sanjay Chawla,et al.  Mining for Outliers in Sequential Databases , 2006, SDM.

[7]  Kate Saenko,et al.  AN ASYNCHRONOUS DBN FOR AUDIO-VISUAL SPEECH RECOGNITION , 2006, 2006 IEEE Spoken Language Technology Workshop.

[8]  E. Parzen On Estimation of a Probability Density Function and Mode , 1962 .

[9]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[10]  Haibo He,et al.  Learning from Imbalanced Data , 2009, IEEE Transactions on Knowledge and Data Engineering.

[11]  Trevor Darrell,et al.  Hidden Conditional Random Fields , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[12]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..

[13]  Thierry Artières,et al.  Regularized bundle methods for convex and non-convex risks , 2012, J. Mach. Learn. Res..

[14]  Judea Pearl,et al.  Reverend Bayes on Inference Engines: A Distributed Hierarchical Approach , 1982, AAAI.

[15]  Yizhou Yu,et al.  Anomaly detection in GPS data based on visual analytics , 2010, 2010 IEEE Symposium on Visual Analytics Science and Technology.

[16]  R. Lathe Phd by thesis , 1988, Nature.

[17]  M. V. Rossum,et al.  In Neural Computation , 2022 .

[18]  Yale Song,et al.  Tracking body and hands for gesture recognition: NATOPS aircraft handling signals database , 2011, Face and Gesture 2011.

[19]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[20]  Zhiyuan Liu,et al.  PLDA+: Parallel latent dirichlet allocation with data placement and pipeline processing , 2011, TIST.

[21]  J.N. Gowdy,et al.  CUAVE: A new audio-visual database for multimodal human-computer interface research , 2002, 2002 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[22]  Bianca Zadrozny,et al.  Outlier detection by active learning , 2006, KDD '06.

[23]  Kai Ming Ting,et al.  Fast Anomaly Detection for Streaming Data , 2011, IJCAI.

[24]  Pang-Ning Tan,et al.  Detection and Characterization of Anomalies in Multivariate Time Series , 2009, SDM.

[25]  Xiaojin Zhu,et al.  Kernel conditional random fields: representation and clique selection , 2004, ICML.

[26]  Hamid R. Rabiee,et al.  A Bayesian Approach to the Data Description Problem , 2012, AAAI.

[27]  Alexander J. Smola,et al.  Bundle Methods for Regularized Risk Minimization , 2010, J. Mach. Learn. Res..

[28]  Andrew McCallum,et al.  Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data , 2001, ICML.

[29]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[30]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[31]  Chandan Srivastava,et al.  Support Vector Data Description , 2011 .

[32]  Jian Peng,et al.  Conditional Neural Fields , 2009, NIPS.

[33]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.