Exchangeability martingales for selecting features in anomaly detection. / Cherubin, Giovanni; Baldwin, Adrian; Griffin, Jonathan.

2018. 157-170 Paper presented at The 7th Symposium on Conformal and Probabilistic Prediction with Applications, Maastricht, Netherlands.

Research output: Contribution to conferencePaper

Published

Abstract

We consider the problem of feature selection for unsupervised anomaly detection (AD) in time-series, where only normal examples are available for training. We develop a method based on exchangeability martingales that only keeps features that exhibit the same pattern (i.e., are i.i.d.) under normal conditions of the observed phenomenon. We apply this to the problem of monitoring a Windows service and detecting anomalies it exhibits if compromised; results show that our method: i) strongly improves the AD system’s performance, and ii) it reduces its computational complexity. Furthermore, it gives results that are easy to interpret for analysts, and it potentially increases robustness against AD evasion attacks.
Original languageEnglish
Pages157-170
Number of pages14
StatePublished - Jun 2018
EventThe 7th Symposium on Conformal and Probabilistic Prediction with Applications - Maastricht, Netherlands

Conference

ConferenceThe 7th Symposium on Conformal and Probabilistic Prediction with Applications
CountryNetherlands
CityMaastricht
Period11/06/1813/06/18
Internet address
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 30991225