An Approach to Improving Anomaly Detection Using Multiple Detectors

Publication Date

1-1-2022

Document Type

Conference Proceeding

Publication Title

Proceedings of the 2022 16th International Conference on Ubiquitous Information Management and Communication, IMCOM 2022

DOI

10.1109/IMCOM53663.2022.9721751

Abstract

Anomaly detection performs well in situations where signature (and other rule-based) methods fail; there is no need to identify every threat as long as it is different from the norm. The tradeoff is that anomaly detection often results in a large number of false positives. While previous work has capitalized on the data imbalance problem to train models with only one set of data (one-class classification), few have utilized the limiting set for anything other than testing purposes. This paper seeks to utilize two anomaly detectors: one that is trained on the positive set and one that is trained on the negative set. By utilizing multiple detectors, we can encode more information about each class and ensure that a data point is not only different from one class, but also similar to the other. We present a new approach to anomaly detection and show its effectiveness at reducing false positives with limited effect on detection rates.

Keywords

anomaly detection, class imbalance, one-class classification

Department

Computer Science

Share

COinS