Random Partitioning Forest for Point-Wise and Collective Anomaly
Detection -- Application to Intrusion Detection
- URL: http://arxiv.org/abs/2006.16801v2
- Date: Thu, 14 Jan 2021 11:48:25 GMT
- Title: Random Partitioning Forest for Point-Wise and Collective Anomaly
Detection -- Application to Intrusion Detection
- Authors: Pierre-Francois Marteau
- Abstract summary: DiFF-RF is an ensemble approach composed of random partitioning binary trees to detect anomalies.
Our experiments show that DiFF-RF almost systematically outperforms the isolation forest (IF) algorithm.
Our experience shows that DiFF-RF can work well in the presence of small-scale learning data.
- Score: 9.74672460306765
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In this paper, we propose DiFF-RF, an ensemble approach composed of random
partitioning binary trees to detect point-wise and collective (as well as
contextual) anomalies. Thanks to a distance-based paradigm used at the leaves
of the trees, this semi-supervised approach solves a drawback that has been
identified in the isolation forest (IF) algorithm. Moreover, taking into
account the frequencies of visits in the leaves of the random trees allows to
significantly improve the performance of DiFF-RF when considering the presence
of collective anomalies. DiFF-RF is fairly easy to train, and excellent
performance can be obtained by using a simple semi-supervised procedure to
setup the extra hyper-parameter that is introduced. We first evaluate DiFF-RF
on a synthetic data set to i) verify that the limitation of the IF algorithm is
overcome, ii) demonstrate how collective anomalies are actually detected and
iii) to analyze the effect of the meta-parameters it involves. We assess the
DiFF-RF algorithm on a large set of datasets from the UCI repository, as well
as two benchmarks related to intrusion detection applications. Our experiments
show that DiFF-RF almost systematically outperforms the IF algorithm, but also
challenges the one-class SVM baseline and a deep learning variational
auto-encoder architecture. Furthermore, our experience shows that DiFF-RF can
work well in the presence of small-scale learning data, which is conversely
difficult for deep neural architectures. Finally, DiFF-RF is computationally
efficient and can be easily parallelized on multi-core architectures.
Related papers
- LeRF: Learning Resampling Function for Adaptive and Efficient Image Interpolation [64.34935748707673]
Recent deep neural networks (DNNs) have made impressive progress in performance by introducing learned data priors.
We propose a novel method of Learning Resampling (termed LeRF) which takes advantage of both the structural priors learned by DNNs and the locally continuous assumption.
LeRF assigns spatially varying resampling functions to input image pixels and learns to predict the shapes of these resampling functions with a neural network.
arXiv Detail & Related papers (2024-07-13T16:09:45Z) - Enhancing Fast Feed Forward Networks with Load Balancing and a Master Leaf Node [49.08777822540483]
Fast feedforward networks (FFFs) exploit the observation that different regions of the input space activate distinct subsets of neurons in wide networks.
We propose the incorporation of load balancing and Master Leaf techniques into the FFF architecture to improve performance and simplify the training process.
arXiv Detail & Related papers (2024-05-27T05:06:24Z) - Efficient Frequency Domain-based Transformers for High-Quality Image
Deblurring [39.720032882926176]
We present an effective and efficient method that explores the properties of Transformers in the frequency domain for high-quality image deblurring.
We formulate the proposed FSAS and DFFN into an asymmetrical network based on an encoder and decoder architecture.
arXiv Detail & Related papers (2022-11-22T13:08:03Z) - Disentangled Representation Learning for RF Fingerprint Extraction under
Unknown Channel Statistics [77.13542705329328]
We propose a framework of disentangled representation learning(DRL) that first learns to factor the input signals into a device-relevant component and a device-irrelevant component via adversarial learning.
The implicit data augmentation in the proposed framework imposes a regularization on the RFF extractor to avoid the possible overfitting of device-irrelevant channel statistics.
Experiments validate that the proposed approach, referred to as DR-RFF, outperforms conventional methods in terms of generalizability to unknown complicated propagation environments.
arXiv Detail & Related papers (2022-08-04T15:46:48Z) - MRF-UNets: Searching UNet with Markov Random Fields [25.607512500358723]
We propose MRF-NAS that extends and improves the recent Adaptive and Optimal Network Width Search (AOWS) method.
We find an architecture, MRF-UNet, that shows several interesting characteristics.
Experiments show that our MRF-UNets significantly outperform several benchmarks on three aerial image datasets and two medical image datasets.
arXiv Detail & Related papers (2022-07-13T13:04:18Z) - Deep Frequency Filtering for Domain Generalization [55.66498461438285]
Deep Neural Networks (DNNs) have preferences for some frequency components in the learning process.
We propose Deep Frequency Filtering (DFF) for learning domain-generalizable features.
We show that applying our proposed DFF on a plain baseline outperforms the state-of-the-art methods on different domain generalization tasks.
arXiv Detail & Related papers (2022-03-23T05:19:06Z) - A Generalizable Model-and-Data Driven Approach for Open-Set RFF
Authentication [74.63333951647581]
Radio-frequency fingerprints(RFFs) are promising solutions for realizing low-cost physical layer authentication.
Machine learning-based methods have been proposed for RFF extraction and discrimination.
We propose a new end-to-end deep learning framework for extracting RFFs from raw received signals.
arXiv Detail & Related papers (2021-08-10T03:59:37Z) - iffDetector: Inference-aware Feature Filtering for Object Detection [70.8678270164057]
We introduce a generic Inference-aware Feature Filtering (IFF) module that can easily be combined with modern detectors.
IFF performs closed-loop optimization by leveraging high-level semantics to enhance the convolutional features.
IFF can be fused with CNN-based object detectors in a plug-and-play manner with negligible computational cost overhead.
arXiv Detail & Related papers (2020-06-23T02:57:29Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.