TransWikia.com

Algorithm suggestion for anomaly detection in multivariate time series data

Data Science Asked by himadri on February 3, 2021

I have time series data containing user actions at certain time intervals
eg 

Date                 UserId   Directory  operation      Result
01/01/2017 99:00     user1    dir1       created_file   success
01/01/2017 99:00     user3    dir10      deleted_file   permission_denied

unique userIds > 10K
10 distinct operations

and 4 distinct Results

I need to perform anomaly detection on user behavior in real time. Any suggestions on which method I should use?

The anomaly needs to flag whether some user operations are outliers

A very small subset of input data will be labelled. But most of the data will be unlabelled.

anomaly detectionmachine learningoutliertime series

One Answer

The problem with your data set it that it does contain multiple categorical variables (as far as I can see). Another problem is that the users might do sequences with different lengths and different order (which makes it very difficult to detect suspicious patterns). I would create histograms for each variable and see which categories are common and which are not so common. If you have looked at the descriptives of each variable you should be able to see which variables allow you to discriminate.

A good metric is the entropy (dispersion) $H = -sum_{l=1}^{L}p_lln p_l$ (is 0 if all manifestations of the categorical variable are concentrated at one label; is $ln L$ if all manifestations are uniformly distributed). and the Gini-index $text{G}=1-sum_{l=1}^{L}p^2_l$ (tends to zero if one label is very dominant, becomes larger for uniformly distributed labels for a variable and is bounded by $1-1/L$). The variable $p_l$ is the relative frequency of the $l^{text{th}}$ manifestation of the categorical variable that we are investigating and $L$ is the number of all possible manifestations of the categorical variable.

The problem with this procedure is that we are not considering the interactions between your variables. But it is the first approach that you could try. If the variables do not correlate that much this might be sufficient.

Without labeled data, it will be very difficult to use machine learning methods to solve this problem.

Answered by MachineLearner on February 3, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP