Cargando…

Anomaly detection based on a dynamic Markov model

Anomaly detection in sequence data is becoming more and more important in a wide variety of application domains such as credit card fraud detection, health care in medical field, and intrusion detection in cyber security. In the existing anomaly detection approaches, Markov chain techniques are wide...

Descripción completa

Detalles Bibliográficos
Autores principales: Ren, Huorong, Ye, Zhixing, Li, Zhiwu
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Elsevier Inc. 2017
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7094635/
https://www.ncbi.nlm.nih.gov/pubmed/32226110
http://dx.doi.org/10.1016/j.ins.2017.05.021
_version_ 1783510512031498240
author Ren, Huorong
Ye, Zhixing
Li, Zhiwu
author_facet Ren, Huorong
Ye, Zhixing
Li, Zhiwu
author_sort Ren, Huorong
collection PubMed
description Anomaly detection in sequence data is becoming more and more important in a wide variety of application domains such as credit card fraud detection, health care in medical field, and intrusion detection in cyber security. In the existing anomaly detection approaches, Markov chain techniques are widely accepted for their simple realization and few parameters. However, the short memory property of a classical Markov model ignores the interaction among data, and the long memory property of a higher order Markov model clouds the relationship between the previous data and current test data, and reduces the reliability of the model. Besides, both of these models cannot successfully describe the sequences changing with a tendency. In this paper, we propose an anomaly detection approach based on a dynamic Markov model. This approach segments sequence data by a sliding window. In the sliding window, we define the states of data according to the value of the data and establish a higher order Markov model with a proper order consequently, to balance the length of the memory property and keep up with the trend of sequences. In addition, an anomaly substitution strategy is proposed to prevent the detected anomalies from impacting the building of the models and keep anomaly detection continuously. The experimental results using simulated datasets and real-world datasets have demonstrated that the proposed approach improves the adaptability and stability of anomaly detection in sequence data.
format Online
Article
Text
id pubmed-7094635
institution National Center for Biotechnology Information
language English
publishDate 2017
publisher Elsevier Inc.
record_format MEDLINE/PubMed
spelling pubmed-70946352020-03-25 Anomaly detection based on a dynamic Markov model Ren, Huorong Ye, Zhixing Li, Zhiwu Inf Sci (N Y) Article Anomaly detection in sequence data is becoming more and more important in a wide variety of application domains such as credit card fraud detection, health care in medical field, and intrusion detection in cyber security. In the existing anomaly detection approaches, Markov chain techniques are widely accepted for their simple realization and few parameters. However, the short memory property of a classical Markov model ignores the interaction among data, and the long memory property of a higher order Markov model clouds the relationship between the previous data and current test data, and reduces the reliability of the model. Besides, both of these models cannot successfully describe the sequences changing with a tendency. In this paper, we propose an anomaly detection approach based on a dynamic Markov model. This approach segments sequence data by a sliding window. In the sliding window, we define the states of data according to the value of the data and establish a higher order Markov model with a proper order consequently, to balance the length of the memory property and keep up with the trend of sequences. In addition, an anomaly substitution strategy is proposed to prevent the detected anomalies from impacting the building of the models and keep anomaly detection continuously. The experimental results using simulated datasets and real-world datasets have demonstrated that the proposed approach improves the adaptability and stability of anomaly detection in sequence data. Elsevier Inc. 2017-10 2017-05-15 /pmc/articles/PMC7094635/ /pubmed/32226110 http://dx.doi.org/10.1016/j.ins.2017.05.021 Text en © 2017 Elsevier Inc. All rights reserved. Since January 2020 Elsevier has created a COVID-19 resource centre with free information in English and Mandarin on the novel coronavirus COVID-19. The COVID-19 resource centre is hosted on Elsevier Connect, the company's public news and information website. Elsevier hereby grants permission to make all its COVID-19-related research that is available on the COVID-19 resource centre - including this research content - immediately available in PubMed Central and other publicly funded repositories, such as the WHO COVID database with rights for unrestricted research re-use and analyses in any form or by any means with acknowledgement of the original source. These permissions are granted for free by Elsevier for as long as the COVID-19 resource centre remains active.
spellingShingle Article
Ren, Huorong
Ye, Zhixing
Li, Zhiwu
Anomaly detection based on a dynamic Markov model
title Anomaly detection based on a dynamic Markov model
title_full Anomaly detection based on a dynamic Markov model
title_fullStr Anomaly detection based on a dynamic Markov model
title_full_unstemmed Anomaly detection based on a dynamic Markov model
title_short Anomaly detection based on a dynamic Markov model
title_sort anomaly detection based on a dynamic markov model
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7094635/
https://www.ncbi.nlm.nih.gov/pubmed/32226110
http://dx.doi.org/10.1016/j.ins.2017.05.021
work_keys_str_mv AT renhuorong anomalydetectionbasedonadynamicmarkovmodel
AT yezhixing anomalydetectionbasedonadynamicmarkovmodel
AT lizhiwu anomalydetectionbasedonadynamicmarkovmodel