TY - GEN
T1 - Anomaly detection under a nonlinear system cost objective function
AU - Gurevich, Andrey
AU - Cohen, Kobi
AU - Zhao, Qing
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/1
Y1 - 2017/7/1
N2 - We consider the problem of anomaly detection among K heterogeneous processes. At each given time, a single observation (or a fixed batch of observations) is collected from a chosen process. The observations from each chosen process follow two different distributions, depending on whether the process is normal or abnormal. Each anomalous process incurs a cost until its anomaly is identified and fixed, and the cost is nonlinear (specifically, polynomial with degree d) with the duration of the anomalous state. The objective is a sequential search strategy that minimizes the total expected cost incurred by all the processes during the detection process under reliability constraints. We propose a search algorithm that consists of exploration, exploitation, and sequential testing phases. We analyze the approximation ratio and the regret of the algorithm for d > 1, and establish its asymptotic optimality for d =1.
AB - We consider the problem of anomaly detection among K heterogeneous processes. At each given time, a single observation (or a fixed batch of observations) is collected from a chosen process. The observations from each chosen process follow two different distributions, depending on whether the process is normal or abnormal. Each anomalous process incurs a cost until its anomaly is identified and fixed, and the cost is nonlinear (specifically, polynomial with degree d) with the duration of the anomalous state. The objective is a sequential search strategy that minimizes the total expected cost incurred by all the processes during the detection process under reliability constraints. We propose a search algorithm that consists of exploration, exploitation, and sequential testing phases. We analyze the approximation ratio and the regret of the algorithm for d > 1, and establish its asymptotic optimality for d =1.
KW - Anomaly detection
KW - Sequential Probability Ratio Test (SPRT)
KW - sequential hypothesis testing
UR - http://www.scopus.com/inward/record.url?scp=85047939296&partnerID=8YFLogxK
U2 - 10.1109/ALLERTON.2017.8262796
DO - 10.1109/ALLERTON.2017.8262796
M3 - Conference contribution
AN - SCOPUS:85047939296
T3 - 55th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2017
SP - 634
EP - 638
BT - 55th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2017
PB - Institute of Electrical and Electronics Engineers
T2 - 55th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2017
Y2 - 3 October 2017 through 6 October 2017
ER -