Paper Info
Title
Incremental anomaly detection using two-layer cluster-based structure.
Abstract
Anomaly detection algorithms face several challenges, including processing speed, adapting to changes in dynamic environments, and dealing with noise in data. In this paper, a two-layer cluster-based anomaly detection structure is presented which is fast, noise-resilient and incremental. The proposed structure comprises three main steps. In the first step, the data are clustered. The second step is to represent each cluster in a way that enables the model to classify new instances. The Summarization based on Gaussian Mixture Model (SGMM) proposed in this paper represents each cluster as a GMM. In the third step, a two-layer structure efficiently updates clusters using GMM representation, while detecting and ignoring redundant instances. A new approach, called Collective Probabilistic Labeling (CPL) is presented to update clusters incrementally. This approach makes the updating phase noise-resistant and fast. An important step in the updating is the merging of new clusters with existing ones. To this end, a new distance measure is proposed, which is a modified Kullback–Leibler distance between two GMMs.
Year
DOI
Venue
2018
10.1016/j.ins.2017.11.023
Information Sciences
Keywords
Field
DocType
Anomaly detection,Incremental clustering,Noise resilience,Gaussian mixture model
Data mining,Cluster (physics),Anomaly detection,Artificial intelligence,Probabilistic logic,Merge (version control),Automatic summarization,Pattern recognition,Support vector machine,Constant false alarm rate,Machine learning,Mathematics,Mixture model
Journal
Volume
Issue
ISSN
429
C
0020-0255
Citations 
PageRank 
References 
7
0.46
69
Authors
4
Name
Order
Citations
PageRank
Elnaz Bigdeli1214.44
Mehdi Mohammadi2109150.02
Bijan Raahemi315522.29
Stan Matwin43025344.20