Multi-source anomaly detection: using across-domain and across-time peer-group consistency checks
- Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications(JoWUA)
We present robust anomaly detection in multi-dimensional data. We describe information
fusion across multiple levels in a layered architecture to ensure accurate and reliable
detection of anomalies from heterogeneous data. We consider the problem of detecting
anomalous entities (e.g., people) from observation data (e.g., activities) gathered from
multiple contexts or information sources over time. We propose two anomaly detection
methods. The first method seeks to identify anomalous behavior that blends within each
information source but is inconsistent across sources. A supervised learning approach detects
the blend-in anomalies manifested as across-information source inconsistencies. The
second method identifies unusual changes in behavior over time using a Markov model approach.
Finally, we present a fusion approach that integrates evidence from both methods
to improve the accuracy and robustness of the anomaly detection system. We illustrate
the performance of our proposed approaches on an insider threat detection problem using
a real-world work-practice data set.
Eldardiry, H.; Kumar, S.; Liu, J. J.; Hanley, J.; Price, R.; Brdiczka, O.; Bart, E. Multi-source anomaly detection: using across-domain and across-time peer-group consistency checks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) volume: 5, number: 2, pp. 39-58