Advertisement

Nonlinear Dynamics

, Volume 61, Issue 1–2, pp 303–310 | Cite as

Anomaly detection combining one-class SVMs and particle swarm optimization algorithms

  • Jiang Tian
  • Hong Gu
Original Paper

Abstract

Anomalies are patterns in data that do not conform to a well-defined notion of normal behavior. One-class Support Vector Machines calculate a hyperplane in the feature space to distinguish anomalies, but the false positive rate is always high and parameter selection is a key issue. So, we propose a novel one-class framework for detecting anomalies, which takes the advantages of both boundary movement strategy and the effectiveness of evaluation algorithm on parameters optimization. First, we search the parameters by using a particle swarm optimization algorithm. Each particle suggests a group of parameters, the area under receiver operating characteristic curve is chosen as the fitness of the object function. Second, we improve the original decision function with a boundary movement. After the threshold has been adjusted, the final detection function will bring about a high detection rate with a lower false positive rate. Experimental results on UCI data sets show that the proposed method can achieve better performance than other one class learning schemes.

Keywords

Outlier detection Particle swarm optimization Support vector machine Anomaly detection One-class classification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hodge, V., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004) MATHCrossRefGoogle Scholar
  2. 2.
    Filzmoser, P., Maronna, R., Werner, M.: Outlier identification in high dimensions. Comput. Stat. Data Anal. 52(3), 1694–1711 (2008) MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Scholkopf, B., Williamson, R.C., Smola, A.J., Shawe-Taylor, J., Platt, J.: Support vector method for novelty detection. Adv. Neural Inf. Process. Syst. 12, 582–588 (2000) Google Scholar
  4. 4.
    Scholkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001) CrossRefGoogle Scholar
  5. 5.
    Tax, D.M.J., Duin, R.P.W.: Support vector domain description. Pattern Recogn. Lett. 20(11–13), 1191–1199 (1999) CrossRefGoogle Scholar
  6. 6.
    Tax, D.M.J., Duin, R.P.W.: Support vector data description. Mach. Learn. 54(1), 45–66 (2004) MATHCrossRefGoogle Scholar
  7. 7.
    Davy, M., Desobry, F., Gretton, A., Doncarli, C.: An online support vector machine for abnormal events detection. Signal Process. 86(8), 2009–2025 (2006) MATHCrossRefGoogle Scholar
  8. 8.
    Zhang, Y., Liu, X.D., Xie, F.D., Li, K.Q.: Fault classifier of rotating machinery based on weighted support vector data description. Expert Syst. Appl. 36(4), 7928–7932 (2009) CrossRefGoogle Scholar
  9. 9.
    King, S.P., King, D.M., Astley, K., Tarassenko, L., Hayton, P., Utete, S.: The use of novelty detection techniques for monitoring high-integrity plant. In: Proceedings of the 2002 International Conference on Control Applications, Cancun, Mexico, vol. 1, pp. 221–226 (2002) Google Scholar
  10. 10.
    Gardner, A.B., Krieger, A.M., Vachtsevanos, G., Litt, B.: One-class novelty detection for seizure analysis from intracranial eeg. J. Mach. Learn. Res. 7, 1025–1044 (2006) MathSciNetGoogle Scholar
  11. 11.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Data Mining for Security Applications, vol. 19 (2002) Google Scholar
  12. 12.
    Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of Third SIAM Conference on Data Mining, San Francisco, vol. 3 (2003) Google Scholar
  13. 13.
    Giacinto, G., Perdisci, R., Del Rio, M., Roli, F.: Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inf. Fusion 9(1), 69–82 (2008) CrossRefGoogle Scholar
  14. 14.
    Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recogn. 30(7), 1145–1159 (1997) CrossRefGoogle Scholar
  15. 15.
    Hassan, M.R., Hossain, M.M., Bailey, J., Ramamohanarao, K.: Improving k-nearest neighbour classification with distance functions based on receiver operating characteristics. In: Proceedings of the 2008 European Conference on Machine Learning and Knowledge Discovery in Databases—Part I, Antwerp, Belgium. Lecture Notes in Artificial Intelligence, vol. 5211, pp. 489–504. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  16. 16.
    Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, Berlin (2000) MATHGoogle Scholar
  17. 17.
    Muller, K.R., Mika, S., Ratsch, G., Tsuda, K., Scholkopf, B.: An introduction to kernel-based learning algorithms. IEEE Trans. Neural Netw. 12(2), 181 (2001) CrossRefGoogle Scholar
  18. 18.
    Egan, J.P.: Signal Detection Theory and ROC Analysis. Academic Press, New York (1975) Google Scholar
  19. 19.
    Fawcett, T.: ROC graphs: Notes and practical considerations for data mining researchers. Tech. Rep. (2004) Google Scholar
  20. 20.
    Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006) CrossRefMathSciNetGoogle Scholar
  21. 21.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. In: ACM Computing Surveys (2009) Google Scholar
  22. 22.
    Kennedy, J., Eberhart, R.: Particle swarm optimization. In: Neural Networks, 1995. Proceedings. IEEE International Conference on, Piscataway, NJ, vol. 4 (1995) Google Scholar
  23. 23.
    Bazi, Y., Melgani, F.: Semisupervised pso-svm regression for biophysical parameter estimation. IEEE Trans. Geosci. Remote Sens. 45(6), 1887–1895 (2007) Google Scholar
  24. 24.
    Melgani, F., Bazi, Y.: Classification of electrocardiogram signals with support vector machines and particle swarm optimization. IEEE Trans. Information Technol. Biomed. 12(5), 667–677 (2008) CrossRefGoogle Scholar
  25. 25.
    Peng, T., Zuo, W.L., He, F.L.: Svm based adaptive learning method for text classification from positive and unlabeled documents. Knowl. Inf. Syst. 16(3), 281–301 (2008) CrossRefGoogle Scholar
  26. 26.
    Cao, L.J., Lee, H.P., Chong, W.K.: Modified support vector novelty detector using training data with outliers. Pattern Recogn. Lett. 24(14), 2479–2487 (2003) MATHCrossRefGoogle Scholar
  27. 27.
    Oliveira, A.L.I., Costa, F.R.G., Filho, C.O.S.: Novelty detection with constructive probabilistic neural networks. Neurocomputing 71(4–6), 1046–1053 (2008) CrossRefGoogle Scholar
  28. 28.
    Theodoridis, S., Koutroumbas, K.: Pattern Recognition, 3rd edn. Academic Press, San Diego (2006) MATHGoogle Scholar
  29. 29.
    Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, Oxford (1995) Google Scholar
  30. 30.
    Kohonen, T.: The self-organizing map. Neurocomputing 21(1–3), 1–6 (1998) MATHCrossRefGoogle Scholar
  31. 31.
    Jolliffe, I.: Principal Component Analysis. Springer, New York (2002) MATHGoogle Scholar
  32. 32.
    Mierswa, I., Wurst, M., Klinkenberg, R., Scholz, M., Euler, T.: Yale: Rapid prototyping for complex data mining tasks. In: International Conference on Knowledge Discovery and Data Mining, pp. 935–940. Association for Computing Machinery, Philadelphia (2006) Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  1. 1.School of Electronic and Information EngineeringDalian University of TechnologyDalianChina

Personalised recommendations