TY - JOUR
T1 - Sequential Anomaly Detection under a Nonlinear System Cost
AU - Gurevich, Andrey
AU - Cohen, Kobi
AU - Zhao, Qing
N1 - Funding Information:
Manuscript received June 30, 2018; revised February 3, 2019; accepted April 29, 2019. Date of publication May 24, 2019; date of current version June 11, 2019. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Marco Lops. The work of A. Gurevich and K. Cohen was supported in part by the Cyber Security Research Center, Ben-Gurion University of the Negev, and in part by the U.S.-Israel Binational Science Foundation (BSF) under Grant 2017723. The work of Q. Zhao was supported by the National Science Foundation under Grant CCF-1815559. This paper was presented in part at the 55th Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, USA, October 2017 [1]. (Corresponding author: Kobi Cohen.) A. Gurevich and K. Cohen are with the Department of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Beer-Sheva 84105, Israel (e-mail: gurevian@bgu.ac.il; yakovsec@bgu.ac.il).
Funding Information:
The work of A. Gurevich and K. Cohen was supported in part by the Cyber Security Research Center, Ben-Gurion University of the Negev, and in part by the U.S.-Israel Binational Science Foundation (BSF) under Grant 2017723. The work of Q. Zhao was supported by the National Science Foundation under Grant CCF-1815559.
Publisher Copyright:
© 1991-2012 IEEE.
PY - 2019/7/15
Y1 - 2019/7/15
N2 - We consider the problem of anomaly detection among K heterogeneous processes. At each given time, one process is probed, and the random observations follow two different distributions, depending on whether the process is normal or abnormal. Each anomalous process incurs a cost until its anomaly is identified and fixed, and the cost is a nonlinear (specifically, polynomial with degree d) function of the duration of the anomalous state. The objective is a sequential search strategy that minimizes the total expected cost incurred by all the processes during the detection process under reliability constraints. We propose a search algorithm that consists of exploration, exploitation, and sequential testing phases. We establish its asymptotic optimality and analyze the approximation ratio and the regret under computational constraints.
AB - We consider the problem of anomaly detection among K heterogeneous processes. At each given time, one process is probed, and the random observations follow two different distributions, depending on whether the process is normal or abnormal. Each anomalous process incurs a cost until its anomaly is identified and fixed, and the cost is a nonlinear (specifically, polynomial with degree d) function of the duration of the anomalous state. The objective is a sequential search strategy that minimizes the total expected cost incurred by all the processes during the detection process under reliability constraints. We propose a search algorithm that consists of exploration, exploitation, and sequential testing phases. We establish its asymptotic optimality and analyze the approximation ratio and the regret under computational constraints.
KW - Anomaly detection
KW - sequential hypothesis testing
KW - sequential probability ratio test (SPRT)
UR - http://www.scopus.com/inward/record.url?scp=85067345074&partnerID=8YFLogxK
U2 - 10.1109/TSP.2019.2918981
DO - 10.1109/TSP.2019.2918981
M3 - Article
AN - SCOPUS:85067345074
SN - 1053-587X
VL - 67
SP - 3689
EP - 3703
JO - IEEE Transactions on Signal Processing
JF - IEEE Transactions on Signal Processing
IS - 14
M1 - 8721562
ER -