Publication:
Online anomaly detection with nested trees

Simple item page
dc.contributor.coauthorGökçesu, Kaan
dc.contributor.coauthorŞimşek, Mustafa
dc.contributor.coauthorKozat, Süleyman S.
dc.contributor.departmentN/A
dc.contributor.departmentDepartment of Media and Visual Arts
dc.contributor.kuauthorDelibalta, İbrahim
dc.contributor.kuauthorBaruh, Lemi
dc.contributor.kuprofilePhD Student
dc.contributor.kuprofileFaculty Member
dc.contributor.otherDepartment of Media and Visual Arts
dc.contributor.schoolcollegeinstituteGraduate School of Social Sciences and Humanities
dc.contributor.schoolcollegeinstituteCollege of Social Sciences and Humanities
dc.contributor.yokidN/A
dc.contributor.yokid36113
dc.date.accessioned2024-11-09T23:58:16Z
dc.date.issued2016
dc.description.abstractWe introduce an online anomaly detection algorithm that processes data in a sequential manner. At each time, the algorithm makes a new observation, produces a decision, and then adaptively updates all its parameters to enhance its performance. The algorithm mainly works in an unsupervised manner since in most real-life applications labeling the data is costly. Even so, whenever there is a feedback, the algorithm uses it for better adaptation. The algorithm has two stages. In the first stage, it constructs a score function similar to a probability density function to model the underlying nominal distribution (if there is one) or to fit to the observed data. In the second state, this score function is used to evaluate the newly observed data to provide the final decision. The decision is given after the well-known thresholding. We construct the score using a highly versatile and completely adaptive nested decision tree. Nested soft decision trees are used to partition the observation space in a hierarchical manner. We adaptively optimize every component of the tree, i.e., decision regions and probabilistic models at each node as well as the overall structure, based on the sequential performance. This extensive in-time adaptation provides strong modeling capabilities; however, it may cause overfitting. To mitigate the overfitting issues, we first use the intermediate nodes of the tree to produce several subtrees, which constitute all the models from coarser to full extend, and then adaptively combine them. By using a real-life dataset, we show that our algorithm significantly outperforms the state of the art.
dc.description.indexedbyWoS
dc.description.indexedbyScopus
dc.description.issue12
dc.description.openaccessYES
dc.description.publisherscopeInternational
dc.description.sponsorshipTurkish Academy of Sciences Outstanding Researcher Programme This work was supported in part by the Turkish Academy of Sciences Outstanding Researcher Programme. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Antonio Paiva.
dc.description.volume23
dc.identifier.doi10.1109/LSP.2016.2623773
dc.identifier.eissn1558-2361
dc.identifier.issn1070-9908
dc.identifier.scopus2-s2.0-85006010743
dc.identifier.urihttp://dx.doi.org/10.1109/LSP.2016.2623773
dc.identifier.urihttps://hdl.handle.net/20.500.14288/15439
dc.identifier.wos395020600001
dc.keywordsIntrusion detection
dc.keywordsSemisupervised learning
dc.keywordsStatistical learning
dc.keywordsTree data structures
dc.languageEnglish
dc.publisherIEEE-Inst Electrical Electronics Engineers Inc
dc.sourceIEEE Signal Processing Letters
dc.subjectEngineering
dc.subjectElectrical electronic engineering
dc.titleOnline anomaly detection with nested trees
dc.typeJournal Article
dspace.entity.typePublication
local.contributor.authorid0000-0002-7296-6301
local.contributor.authorid0000-0002-2797-242X
local.contributor.kuauthorDelibalta, İbrahim
local.contributor.kuauthorBaruh, Lemi
relation.isOrgUnitOfPublication483fa792-2b89-4020-9073-eb4f497ee3fd
relation.isOrgUnitOfPublication.latestForDiscovery483fa792-2b89-4020-9073-eb4f497ee3fd

Files

Collections

Publications without Fulltext