Abstract
Most current clustering based anomaly detection methods use scoring schema and thresholds to classify anomalies. These methods are often tailored to target specific data sets with known number of clusters. The paper provides a streaming clustering and anomaly detection algorithm that does not require strict arbitrary thresholds on the anomaly scores or knowledge of the number of clusters while performing probabilistic anomaly detection and clustering simultaneously. This ensures that the cluster formation is not impacted by the presence of anomalous data, thereby leading to more reliable definition of ``normal vs abnormal’’ behavior. The motivations behind developing the INCAD model [17] and the path that leads to the streaming model are discussed.
BibTex
@inproceedings{Guggilam2019,
author="Guggilam, Sreelekha and Zaidi, Syed Mohammed Arshad and Chandola, Varun and Patra, Abani K.",
year="2019",
booktitle="Proceedings of International Conference on Computational Science",
year="2019",
pages="45--59",
}