Diversifying Database Activity Monitoring with Bandits

Hagit Grushka-Cohen, Ofer Biller, Oded Sofer, Lior Rokach, Bracha Shapira

Research output: Working paper/PreprintPreprint

25 Downloads (Pure)

Abstract

Database activity monitoring (DAM) systems are commonly used by organizations to protect the organizational data, knowledge and intellectual properties. In order to protect organizations database DAM systems have two main roles, monitoring (documenting activity) and alerting to anomalous activity. Due to high-velocity streams and operating costs, such systems are restricted to examining only a sample of the activity. Current solutions use policies, manually crafted by experts, to decide which transactions to monitor and log. This limits the diversity of the data collected. Bandit algorithms, which use reward functions as the basis for optimization while adding diversity to the recommended set, have gained increased attention in recommendation systems for improving diversity. In this work, we redefine the data sampling problem as a special case of the multi-armed bandit (MAB) problem and present a novel algorithm, which combines expert knowledge with random exploration. We analyze the effect of diversity on coverage and downstream event detection tasks using a simulated dataset. In doing so, we find that adding diversity to the sampling using the bandit-based approach works well for this task and maximizing population coverage without decreasing the quality in terms of issuing alerts about events.
Original languageEnglish GB
StatePublished - 23 Oct 2019

Publication series

NamearXiv PrePrint,

Keywords

  • cs.LG
  • cs.AI
  • stat.ML

Fingerprint

Dive into the research topics of 'Diversifying Database Activity Monitoring with Bandits'. Together they form a unique fingerprint.

Cite this