19,306 research outputs found
Deep Structured Energy Based Models for Anomaly Detection
In this paper, we attack the anomaly detection problem by directly modeling
the data distribution with deep architectures. We propose deep structured
energy based models (DSEBMs), where the energy function is the output of a
deterministic deep neural network with structure. We develop novel model
architectures to integrate EBMs with different types of data such as static
data, sequential data, and spatial data, and apply appropriate model
architectures to adapt to the data structure. Our training algorithm is built
upon the recent development of score matching \cite{sm}, which connects an EBM
with a regularized autoencoder, eliminating the need for complicated sampling
method. Statistically sound decision criterion can be derived for anomaly
detection purpose from the perspective of the energy landscape of the data
distribution. We investigate two decision criteria for performing anomaly
detection: the energy score and the reconstruction error. Extensive empirical
studies on benchmark tasks demonstrate that our proposed model consistently
matches or outperforms all the competing methods.Comment: To appear in ICML 201
Crowded Scene Analysis: A Survey
Automated scene analysis has been a topic of great interest in computer
vision and cognitive science. Recently, with the growth of crowd phenomena in
the real world, crowded scene analysis has attracted much attention. However,
the visual occlusions and ambiguities in crowded scenes, as well as the complex
behaviors and scene semantics, make the analysis a challenging task. In the
past few years, an increasing number of works on crowded scene analysis have
been reported, covering different aspects including crowd motion pattern
learning, crowd behavior and activity analysis, and anomaly detection in
crowds. This paper surveys the state-of-the-art techniques on this topic. We
first provide the background knowledge and the available features related to
crowded scenes. Then, existing models, popular algorithms, evaluation
protocols, as well as system performance are provided corresponding to
different aspects of crowded scene analysis. We also outline the available
datasets for performance evaluation. Finally, some research problems and
promising future directions are presented with discussions.Comment: 20 pages in IEEE Transactions on Circuits and Systems for Video
Technology, 201
Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams
Analysis of an organization's computer network activity is a key component of
early detection and mitigation of insider threat, a growing concern for many
organizations. Raw system logs are a prototypical example of streaming data
that can quickly scale beyond the cognitive power of a human analyst. As a
prospective filter for the human analyst, we present an online unsupervised
deep learning approach to detect anomalous network activity from system logs in
real time. Our models decompose anomaly scores into the contributions of
individual user behavior features for increased interpretability to aid
analysts reviewing potential cases of insider threat. Using the CERT Insider
Threat Dataset v6.2 and threat detection recall as our performance metric, our
novel deep and recurrent neural network models outperform Principal Component
Analysis, Support Vector Machine and Isolation Forest based anomaly detection
baselines. For our best model, the events labeled as insider threat activity in
our dataset had an average anomaly score in the 95.53 percentile, demonstrating
our approach's potential to greatly reduce analyst workloads.Comment: Proceedings of AI for Cyber Security Workshop at AAAI 201
Detection of Unknown Anomalies in Streaming Videos with Generative Energy-based Boltzmann Models
Abnormal event detection is one of the important objectives in research and
practical applications of video surveillance. However, there are still three
challenging problems for most anomaly detection systems in practical setting:
limited labeled data, ambiguous definition of "abnormal" and expensive feature
engineering steps. This paper introduces a unified detection framework to
handle these challenges using energy-based models, which are powerful tools for
unsupervised representation learning. Our proposed models are firstly trained
on unlabeled raw pixels of image frames from an input video rather than
hand-crafted visual features; and then identify the locations of abnormal
objects based on the errors between the input video and its reconstruction
produced by the models. To handle video stream, we develop an online version of
our framework, wherein the model parameters are updated incrementally with the
image frames arriving on the fly. Our experiments show that our detectors,
using Restricted Boltzmann Machines (RBMs) and Deep Boltzmann Machines (DBMs)
as core modules, achieve superior anomaly detection performance to unsupervised
baselines and obtain accuracy comparable with the state-of-the-art approaches
when evaluating at the pixel-level. More importantly, we discover that our
system trained with DBMs is able to simultaneously perform scene clustering and
scene reconstruction. This capacity not only distinguishes our method from
other existing detectors but also offers a unique tool to investigate and
understand how the model works.Comment: This manuscript is under consideration at Pattern Recognition Letter
Arbitrary Discrete Sequence Anomaly Detection with Zero Boundary LSTM
We propose a simple mathematical definition and new neural architecture for
finding anomalies within discrete sequence datasets. Our model comprises of a
modified LSTM autoencoder and an array of One-Class SVMs. The LSTM takes in
elements from a sequence and creates context vectors that are used to predict
the probability distribution of the following element. These context vectors
are then used to train an array of One-Class SVMs. These SVMs are used to
determine an outlier boundary in context space.We show that our method is
consistently more stable and also outperforms standard LSTM and sliding window
anomaly detection systems on two generated datasets
Robust Subspace Recovery Layer for Unsupervised Anomaly Detection
We propose a neural network for unsupervised anomaly detection with a novel
robust subspace recovery layer (RSR layer). This layer seeks to extract the
underlying subspace from a latent representation of the given data and removes
outliers that lie away from this subspace. It is used within an autoencoder.
The encoder maps the data into a latent space, from which the RSR layer
extracts the subspace. The decoder then smoothly maps back the underlying
subspace to a "manifold" close to the original inliers. Inliers and outliers
are distinguished according to the distances between the original and mapped
positions (small for inliers and large for outliers). Extensive numerical
experiments with both image and document datasets demonstrate state-of-the-art
precision and recall.Comment: This work is on the ICLR 2020 conferenc
Transformation Based Deep Anomaly Detection in Astronomical Images
In this work, we propose several enhancements to a geometric transformation
based model for anomaly detection in images (GeoTranform). The model assumes
that the anomaly class is unknown and that only inlier samples are available
for training. We introduce new filter based transformations useful for
detecting anomalies in astronomical images, that highlight artifact properties
to make them more easily distinguishable from real objects. In addition, we
propose a transformation selection strategy that allows us to find
indistinguishable pairs of transformations. This results in an improvement of
the area under the Receiver Operating Characteristic curve (AUROC) and accuracy
performance, as well as in a dimensionality reduction. The models were tested
on astronomical images from the High Cadence Transient Survey (HiTS) and Zwicky
Transient Facility (ZTF) datasets. The best models obtained an average AUROC of
99.20% for HiTS and 91.39% for ZTF. The improvement over the original
GeoTransform algorithm and baseline methods such as One-Class Support Vector
Machine, and deep learning based methods is significant both statistically and
in practice.Comment: 8 pages, 6 figures, 4 tables. Accepted for publication in proceedings
of the IEEE World Congress on Computational Intelligence (IEEE WCCI),
Glasgow, UK, 19-24 July, 202
Deep Learning in Information Security
Machine learning has a long tradition of helping to solve complex information
security problems that are difficult to solve manually. Machine learning
techniques learn models from data representations to solve a task. These data
representations are hand-crafted by domain experts. Deep Learning is a
sub-field of machine learning, which uses models that are composed of multiple
layers. Consequently, representations that are used to solve a task are learned
from the data instead of being manually designed.
In this survey, we study the use of DL techniques within the domain of
information security. We systematically reviewed 77 papers and presented them
from a data-centric perspective. This data-centric perspective reflects one of
the most crucial advantages of DL techniques -- domain independence. If
DL-methods succeed to solve problems on a data type in one domain, they most
likely will also succeed on similar data from another domain. Other advantages
of DL methods are unrivaled scalability and efficiency, both regarding the
number of examples that can be analyzed as well as with respect of
dimensionality of the input data. DL methods generally are capable of achieving
high-performance and generalize well.
However, information security is a domain with unique requirements and
challenges. Based on an analysis of our reviewed papers, we point out
shortcomings of DL-methods to those requirements and discuss further research
opportunities
Fence GAN: Towards Better Anomaly Detection
Anomaly detection is a classical problem where the aim is to detect anomalous
data that do not belong to the normal data distribution. Current
state-of-the-art methods for anomaly detection on complex high-dimensional data
are based on the generative adversarial network (GAN). However, the traditional
GAN loss is not directly aligned with the anomaly detection objective: it
encourages the distribution of the generated samples to overlap with the real
data and so the resulting discriminator has been found to be ineffective as an
anomaly detector. In this paper, we propose simple modifications to the GAN
loss such that the generated samples lie at the boundary of the real data
distribution. With our modified GAN loss, our anomaly detection method, called
Fence GAN (FGAN), directly uses the discriminator score as an anomaly
threshold. Our experimental results using the MNIST, CIFAR10 and KDD99 datasets
show that Fence GAN yields the best anomaly classification accuracy compared to
state-of-the-art methods
Anomaly scores for generative models
Reconstruction error is a prevalent score used to identify anomalous samples
when data are modeled by generative models, such as (variational) auto-encoders
or generative adversarial networks. This score relies on the assumption that
normal samples are located on a manifold and all anomalous samples are located
outside. Since the manifold can be learned only where the training data lie,
there are no guarantees how the reconstruction error behaves elsewhere and the
score, therefore, seems to be ill-defined. This work defines an anomaly score
that is theoretically compatible with generative models, and very natural for
(variational) auto-encoders as they seem to be prevalent. The new score can be
also used to select hyper-parameters and models. Finally, we explain why
reconstruction error delivers good experimental results despite weak
theoretical justification.Comment: 9 pages, 3 figures, submitted to NeurIPS 201
- …