I am working on a problem where my features are the time spent on different system calls in microseconds and the count(number of occurrences) of each system call. I want to identify the normal vs. any variant of anomaly.
I don't have the data for every variant of the anomaly.
As per my intuition, 1-class SVM could have been a fit but unfortunately it is performing badly.
I tuned all the parameters and played with different kernels. Yet, it doesn't give better than 60% accuracy.
For, about 80-85% of the data, the values seem easily distinguishable just glancing at the values.
Can you give some tips and suggestions or even suggest a totally different approach?
Hello, Rajat Tandon!
The problem, I think, that you apllied only SVM to get the anomalies by classification or may be in data nature. It is depended on type of data, for static data or time series the approaches should be different.
0) You can examine your data for clearness, may be they need some preliminary preparations, for example, normalization. Also, you can try to use Principal Component Analisys to extract main components of data and exclude noise data (they may have the crucial influence for SVM).
If any parameter has a near-zero variance (means nothing), it should be excluded, because being normalized it goes down all system. Also if the values frequencies of paremeter is imbalanced (e.g. 5 5 5 5 1 5 5 5 5 5 0), it should be excluded, too.
Many or the problems are solved just by preliminary data processing.
1) There are many types of anomalies in data, for example,
- global or point anomaly: one or more points of anomalies
- contextual: all is going as usual, but something wrong with unusual data part (they are all have usual values, but unusual behavior)
- system anomalies: all goes down, but one or more values are staying as usual
2) Therу are many approaches to anomaly detection (not only clustering). Even a clustering you may applied different (specially for anomalies) approaches.
For further, you can find a lot of ppt, pptx or pdf files for the anomaly detection.
Also, you can look through my youtube playlist on anomaly detection code in python (jupyter notebook)
https://www.youtube.com/playlist?list=PL34NbCo2mgdIPGojIryxFWr899oZg72K9
(in Russian)
or any other example on anomaly detection at http://github.com
Hello, Rajat Tandon!
In my opinion, your dataset is imbalanced (there are frequent instances and they belong to the majority classe and rare instances which belong the minority classe).
Methods and measures used by classification in balance and imbalanced datasets are not the same.
If you are intersting, I will send do you some articles.
Good luck.
Please look at the class
Machine learning
by professor
Yasser
from
Caltech university
on
YouTube
Thanks everyone for your suggestions and time! EllipticEnvelope technique worked well for me :)
- Badges
- Science topic