AD-DMKDE A NOMALY DETECTION THROUGH DENSITY MATRICES AND FOURIER FEATURES Oscar A. Bustos-Brinez Joseph A. Gallego-Mejia Fabio A. González

2025-04-30 0 0 427.9KB 7 页 10玖币

侵权投诉

AD-DMKDE: ANOMALY DETECTION THROUGH DENSITY

MATRICES AND FOURIER FEATURES ∗

Oscar A. Bustos-Brinez , Joseph A. Gallego-Mejia , Fabio A. González

MindLab

Universidad Nacional de Colombia

Bogotá, Colombia

{oabustosb,jagallegom,fagonzalezo}@unal.edu.co

ABSTRACT

This paper presents a novel density estimation method for anomaly detection using density matrices

(a powerful mathematical formalism from quantum mechanics) and Fourier features. The method can

be seen as an efﬁcient approximation of Kernel Density Estimation (KDE). A systematic comparison

of the proposed method with eleven state-of-the-art anomaly detection methods on various data sets is

presented, showing competitive performance on different benchmark data sets. The method is trained

efﬁciently and it uses optimization to ﬁnd the parameters of data embedding. The prediction phase

complexity of the proposed algorithm is constant relative to the training data size, and it performs well

in data sets with different anomaly rates. Its architecture allows vectorization and can be implemented

on GPU/TPU hardware.

Keywords density matrix ·random features ·anomaly detection ·quantum machine learning.

1 Introduction

An anomaly can be broadly deﬁned as an observation or datum that deviates signiﬁcantly from the patterns of the data

set from which it originates, in one or more features. In most cases, data are generated by complex processes and allow

for different types of measurements, so an anomaly may contain valuable information about anomalous behaviors of the

generative processes, or elements that are impacting the generation or measurement stages [1]. Then, recognizing this

type of data (which can be referred to as unusual, atypical, unexpected, malicious or rare, depending on the scenario),

discerning real, meaningful anomalies from normal noisy samples (known as ‘outliers’) and identifying the unusual

processes that originate them are the main objectives of Anomaly Detection (AD) [2]. Methods and algorithms that

perform AD are key in various applications such as bank fraud detection, identiﬁcation of abrupt changes in sensors,

medical diagnostics, natural sciences, network security intrusion detection, among many others [21].

However, classic AD methods face signiﬁcant challenges that limit their performance and range of application [14]. In

most cases, anomalies are much more sparse and scarce than normal data, and are not identiﬁed a priori as anomalies,

which makes the use of supervised classiﬁers difﬁcult. Furthermore, the boundaries between “normal" and “anomaly"

regions are very subjective and depend on the particularities of each case. Data may also be contaminated by noise, so

that both types of data may be intermingled, blurring the very idea of separation. Many of the AD algorithms address

some of these difﬁculties, but at the cost of being vulnerable to others; however, the combination of classical methods

with a good mathematical foundation and deep learning algorithms is one of the most promising paths [11], although it

also presents shortcomings on the detection of complex types of anomalies and fewer possibilities of explanation.

The core idea of the proposed method is to use random Fourier features to approximate a Gaussian kernel centered in

each training sample and then use a density matrix to summarize these kernels in an efﬁcient and compact way. The

density matrix is then used to estimate the density of new samples, and those whose density lies below a certain threshold

are classiﬁed as anomalies. The method uses optimization to obtain the best random Fourier feature embedding (a

∗Citation:Joseph et al., AD-DMKDE: Anomaly Detection through Density Matrices and Fourier Features.

arXiv:2210.14796v1 [cs.LG] 26 Oct 2022

AD-DMKDE: Anomaly Detection through Density Matrices and Fourier Features

process called “Adaptive Fourier Features"), and is able to calculate the best threshold using percentiles from a validation

data set.

The outline of the paper is as follows: in Section 2, we describe anomaly detection and density estimation in more

depth, and present the benchmark methods to which we will compare our algorithm. In Section 3, we present the novel

method, explaining the stages of the algorithm and how it uses Fourier features and density matrices. In Section 4, we

systematically compare the proposed algorithm with state-of-the-art anomaly detection algorithms. In Section 5, we

state the conclusions of this work and sketch future research directions.

2 Background and Related Work

2.1 Anomaly Detection

The main mechanism of anomaly detection algorithms is the construction of a model that determines a degree of

“normality" for the data points, and then detects anomalies as points that deviate from this model. The importance

of anomaly detection lies in the fact that recognizing and understanding anomalous behavior allows one to make

decisions and predictions. For example, anomalous trafﬁc patterns on a network could mean that sensitive data is

being transmitted across it, or that there is an intruder attempting to attack a system [3]. Anomalous user behavior

in payment transactions could signify credit card fraud and give some clues as to how to avoid it in the future [23].

Anomaly detection should be distinguished from outlier detection, the purpose of which is data cleaning: to locate

outliers (mainly normal data affected by noise) and subsequently remove them from the data set.

Let

be the ratio of anomaly samples with respect to all samples. When

is high, the most common approach to

anomaly detection is to use a supervised classiﬁcation method. However, when

is low (which is usually the case), the

best approach is to use semi-supervised or unsupervised AD algorithms. According to [16], classical AD algorithms can

be classiﬁed into six main types: classiﬁcation-based approaches (such as the well-known one-class SVM), probabilistic

models (such as histograms and density estimation methods like KDE [8]), clustering models, information-based

methods, spectral analysis (where dimensionality reduction methods such as PCA are found), and distance-based

methods (including isolation forest and nearest neighbors).

In recent years, these classical models have been progressively replaced by deep learning-based algorithms, showing

high performance in anomaly detection tasks [25]. These algorithms can efﬁciently model the inherent features of

complex data through their distributed and hierarchical architectures, i.e., they can perform implicit feature engineering,

especially when a large amount of data is available [20]. For this reason, they are commonly used for anomaly detection

in scenarios involving very large data sets with high-dimensional instances, such as speech recognition, image/video

analysis, or natural language processing [14].

2.2 Anomaly Detection Baseline Methods

In this paper, we select 11 state-of-the-art anomaly detection methods that represent a complete sample of the most

common types of anomaly detection methods. All algorithms consider the proportion of anomalies in the data as

a necessary parameter for ﬁnding threshold values; other parameters for speciﬁc algorithms are mentioned in later

sections.

We selected ﬁve well-known methods that are based on classic mathematical approaches to anomaly detection. These

methods include One Class SVM [24], a kernel-based algorithm that encloses normal data in a boundary that leaves

anomalies outside of it; Covariance Estimator, that ﬁnds the smallest ellipsoid that wraps normal data; Isolation

Forest [12], that tries to separate points using decision trees, and those who are easier to isolate are the outliers; Local

Outlier Factor (LOF) [4], based on a distance measure from each point to a set of its neighbors; and K-nearest neighbor

(KNN) [18], that makes an scoring based on the distance from the k-th nearest neighbor.

We also decided to include methods developed in the last decade that do not use neural networks into their architectures,

but instead take other approaches. These type of methods include SOS [7], that builds an afﬁnity matrix between all

points that acts as a similarity measure; COPOD [10], that builds univariant probability functions fro each dimension

and then joins them in a uniﬁed multivariant function that models the true distribution of the data; and LODA [15], that

combines classiﬁers in low dimensions and uses histograms to detect anomalies.

Finally, we complete the overview of baseline methods with some of the proposals that are based on the use of neural

networks as their central elements. These three models include VAE-Bayes [9], built around a variational autoencoder

that builds a latent space from data, where the probability distribution of the data can be retrieved by using Bayesian

assumptions; DSVDD [22], in where a neural network is used to transform data into a latent space where normal

data can be encompasssed into a hypersphere whose features are neurally optimized; and LAKE [13], that includes a

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

10 玖币 0人已下载

立即下载

摘要：

AD-DMKDE:ANOMALYDETECTIONTHROUGHDENSITYMATRICESANDFOURIERFEATURESOscarA.Bustos-Brinez,JosephA.Gallego-Mejia,FabioA.GonzálezMindLabUniversidadNacionaldeColombiaBogotá,Colombia{oabustosb,jagallegom,fagonzalezo}@unal.edu.coABSTRACTThispaperpresentsanoveldensityestimationmethodforanomalydetectionusingd...

展开>> 收起<<

AD-DMKDE A NOMALY DETECTION THROUGH DENSITY MATRICES AND FOURIER FEATURES Oscar A. Bustos-Brinez Joseph A. Gallego-Mejia Fabio A. González.pdf

共7页,预览2页

还剩页未读，继续阅读

声明：本站为文档C2C交易模式，即用户上传的文档直接被用户下载，本站只是中间服务平台，本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私，请立即通知玖贝云文库，我们立即给予删除！

AD-DMKDE A NOMALY DETECTION THROUGH DENSITY MATRICES AND FOURIER FEATURES Oscar A. Bustos-Brinez Joseph A. Gallego-Mejia Fabio A. González

相关推荐

开通VIP享超值会员特权

作者详情

相关内容

热门标签

举报选择: