Title :
Anomaly detection by combining decision trees and parametric densities
Author :
Reif, Matthias ; Goldstein, Markus ; Stahl, Armin ; Breuel, Thomas M.
Author_Institution :
German Res. Center for Artificial Intell. (DFKI), Saarbrucken
Abstract :
In this paper a modified decision tree algorithm for anomaly detection is presented. During the tree building process, densities for the outlier class are used directly in the split point determination algorithm. No artificial counter-examples have to be sampled from the unknown class, which yields to more precise decision boundaries and a deterministic classification result. Furthermore, the prior of the outlier class can be used to adjust the sensitivity of the anomaly detector. The proposed method combines the advantages of classification trees with the benefit of a more accurate representation of the outliers. For evaluation, we compare our approach with other state-of-the-art anomaly detection algorithms on four standard data sets including the KDD-Cup 99. The results show that the proposed method performs as well as more complex approaches and is even superior on three out of four data sets.
Keywords :
decision trees; security of data; anomaly detection; decision trees; parametric densities; split point determination algorithm; Artificial intelligence; Classification tree analysis; Computer science; Decision trees; Detection algorithms; Detectors; Impurities; Intrusion detection; Sampling methods; Training data;
Conference_Titel :
Pattern Recognition, 2008. ICPR 2008. 19th International Conference on
Conference_Location :
Tampa, FL
Print_ISBN :
978-1-4244-2174-9
Electronic_ISBN :
1051-4651
DOI :
10.1109/ICPR.2008.4761796
