Abstract
Atypical behaviours are the basis of a valuable knowledge in domains related to security (e.g. fraud detection for credit card [1], cyber security [4] or safety of critical systems [6]). Atypicity generally depends on the isolation level of a (set of) records, compared to the dataset. One possible method for finding atypic records aims to perform two steps. The first step is a clustering (grouping the records by similarity) and the second step is the identification of clusters that do not correspond to a satisfying number of records. The main problem is to adjust the method and find the good level of atypicity. This issue is even more important in the domain of data streams, where a decision has to be taken in a very short time and the end-user does not want to try several settings. In this paper, we propose Mrab, a self-adjusting approach intending to automatically discover atypical behaviours (in the results of a clustering algorithm) without any parameter. We provide the formal framework of our method and our proposal is tested through a set of experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aleskerov, E., Freisleben, B., Rao, B.: Cardwatch: A neural network based database mining system for credit card fraud detection. In: IEEE Computational Intelligence for Financial Engineering (1997)
Breunig, M.M., Kriegel, H.-P., Ng, R.T., Sander, J.: Lof: identifying density-based local outliers. SIGMOD Records 29(2), 93–104 (2000)
Daubechies, I.: Ten lectures on wavelets. Society for Industrial and Applied Mathematics, Philadelphia, PA, USA (1992)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.-N., Kumar, V., Srivastava, J., Dokas, P.: Minds - minnesota intrusion detection system. Data Mining - Next Generation Challenges and Future Directions (2004)
Fan, H., Zaiane, O.R., Foss, A., Wu, J.: A nonparametric outlier detection for effectively discovering top-n outliers from engineering data. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS, vol. 3918, pp. 557–566. Springer, Heidelberg (2006)
Fujimaki, R., Yairi, T., Machida, K.: An approach to spacecraft anomaly detection problem using kernel feature space. In: 11th ACM SIGKDD (2005)
Jaing, M.F., Tseng, S.S., Su, C.M.: Two-phase clustering process for outliers detection. Pattern Recogn. Lett. 22(6-7), 691–700 (2001)
Jin, W., Tung, A.K.H., Han, J.: Mining top-n local outliers in large databases. In: 7th ACM SIGKDD, pp. 293–298 (2001)
Oldmeadow, J.J., Ravinutala, S., Leckie, C.: Adaptive clustering for network intrusion detection. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS, vol. 3056, pp. 255–259. Springer, Heidelberg (2004)
Knorr, E.M., Ng, R.T.: Algorithms for mining distance-based outliers in large datasets. In: 24th VLDB, pp. 392–403 (1998)
Papadimitriou, S., Kitagawa, H., Gibbons, P.B., Faloutsos, C.: LOCI: fast outlier detection using the local correlation integral. In: 19th International Conference on Data Engineering (2003)
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: ACM CSS Workshop on Data Mining Applied to Security (2001)
Sequeira, K., Zaki, M.: Admit: anomaly-based data mining for intrusions. In: KDD 2002, pp. 386–395. ACM, New York (2002)
Young, R.K.: Wavelet Theory and Its Applications. Kluwer Academic Publishers Group, Dordrecht (1995)
Zhong, S., Khoshgoftaar, T.M., Seliya, N.: Clustering-based network intrusion detection. International Journal of Reliability, Quality and Safety Engineering 14 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Marascu, A., Masseglia, F. (2009). A Multi-resolution Approach for Atypical Behaviour Mining. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, TB. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2009. Lecture Notes in Computer Science(), vol 5476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01307-2_94
Download citation
DOI: https://doi.org/10.1007/978-3-642-01307-2_94
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01306-5
Online ISBN: 978-3-642-01307-2
eBook Packages: Computer ScienceComputer Science (R0)