Detection of anomalies and explanation in cybersecurity
- Authors: Samariya, Durgesh , Ma, Jiangang , Aryal, Sunil , Zhao, Xiaohui
- Date: 2024
- Type: Text , Conference paper
- Relation: 30th International Conference on Neural Information Processing, ICONIP 2023, Changsha, 20-23 November 2023, Neural Information Processing: 30th International Conference, ICONIP 2023, Changsha, China, November 20-23, 2023, Proceedings, Part XIII Vol. 1967 CCIS, p. 414-426
- Full Text: false
- Reviewed:
- Description: Histogram-based anomaly detectors have gained significant attention and application in the field of intrusion detection because of their high efficiency in identifying anomalous patterns. However, they fail to explain why a given data point is flagged as an anomaly. Outlying Aspect Mining (OAM) aims to detect aspects (a.k.a subspaces) where a given anomaly significantly differs from others. In this paper, we have proposed a simple but effective and efficient histogram-based solution - HMass. In addition to detecting anomalies, HMass provides explanations on why the points are anomalous. The effectiveness and efficiency of HMass are evaluated using comparative analysis on seven cyber security datasets, covering the tasks of anomaly detection and outlying aspect mining. © 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
Defying the gravity of learning curve : A characteristic of nearest neighbour anomaly detectors
- Authors: Ting, Kaiming , Washio, Takashi , Wells, Jonathan , Aryal, Sunil
- Date: 2017
- Type: Text , Journal article
- Relation: Machine Learning Vol. 106, no. 1 (2017), p. 55-91
- Full Text: false
- Reviewed:
- Description: Conventional wisdom in machine learning says that all algorithms are expected to follow the trajectory of a learning curve which is often colloquially referred to as ‘more data the better’. We call this ‘the gravity of learning curve’, and it is assumed that no learning algorithms are ‘gravity-defiant’. Contrary to the conventional wisdom, this paper provides the theoretical analysis and the empirical evidence that nearest neighbour anomaly detectors are gravity-defiant algorithms.