Exchangeability martingales for selecting features in anomaly detection

Giovanni Cherubin, Adrian Baldwin, Jonathan Griffin

Research output: Contribution to conferencePaperpeer-review


We consider the problem of feature selection for unsupervised anomaly detection (AD) in time-series, where only normal examples are available for training. We develop a method based on exchangeability martingales that only keeps features that exhibit the same pattern (i.e., are i.i.d.) under normal conditions of the observed phenomenon. We apply this to the problem of monitoring a Windows service and detecting anomalies it exhibits if compromised; results show that our method: i) strongly improves the AD system’s performance, and ii) it reduces its computational complexity. Furthermore, it gives results that are easy to interpret for analysts, and it potentially increases robustness against AD evasion attacks.
Original languageEnglish
Number of pages14
Publication statusPublished - Jun 2018
EventThe 7th Symposium on Conformal and Probabilistic Prediction with Applications: COPA 2018 - Maastricht, Netherlands
Duration: 11 Jun 201813 Jun 2018


ConferenceThe 7th Symposium on Conformal and Probabilistic Prediction with Applications
Internet address


  • plug-in martingales
  • exchangeability
  • anomaly detection
  • feature selection
  • anomaly detection
  • conformal prediction
  • information security

Cite this