Data Science Asked by himadri on February 3, 2021
I have time series data containing user actions at certain time intervals
eg
Date UserId Directory operation Result
01/01/2017 99:00 user1 dir1 created_file success
01/01/2017 99:00 user3 dir10 deleted_file permission_denied
unique userIds > 10K
10 distinct operations
and 4 distinct Results
I need to perform anomaly detection on user behavior in real time. Any suggestions on which method I should use?
The anomaly needs to flag whether some user operations are outliers
A very small subset of input data will be labelled. But most of the data will be unlabelled.
The problem with your data set it that it does contain multiple categorical variables (as far as I can see). Another problem is that the users might do sequences with different lengths and different order (which makes it very difficult to detect suspicious patterns). I would create histograms for each variable and see which categories are common and which are not so common. If you have looked at the descriptives of each variable you should be able to see which variables allow you to discriminate.
A good metric is the entropy (dispersion) $H = -sum_{l=1}^{L}p_lln p_l$ (is 0 if all manifestations of the categorical variable are concentrated at one label; is $ln L$ if all manifestations are uniformly distributed). and the Gini-index $text{G}=1-sum_{l=1}^{L}p^2_l$ (tends to zero if one label is very dominant, becomes larger for uniformly distributed labels for a variable and is bounded by $1-1/L$). The variable $p_l$ is the relative frequency of the $l^{text{th}}$ manifestation of the categorical variable that we are investigating and $L$ is the number of all possible manifestations of the categorical variable.
The problem with this procedure is that we are not considering the interactions between your variables. But it is the first approach that you could try. If the variables do not correlate that much this might be sufficient.
Without labeled data, it will be very difficult to use machine learning methods to solve this problem.
Answered by MachineLearner on February 3, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP