Anomaly detection by combining decision trees and parametric densities

Author

Reif, Matthias ; Goldstein, Markus ; Stahl, Armin ; Breuel, Thomas M.

Author_Institution

German Res. Center for Artificial Intell. (DFKI), Saarbrucken

fYear

2008

fDate

8-11 Dec. 2008

Firstpage

1

Lastpage

4

Abstract

In this paper a modified decision tree algorithm for anomaly detection is presented. During the tree building process, densities for the outlier class are used directly in the split point determination algorithm. No artificial counter-examples have to be sampled from the unknown class, which yields to more precise decision boundaries and a deterministic classification result. Furthermore, the prior of the outlier class can be used to adjust the sensitivity of the anomaly detector. The proposed method combines the advantages of classification trees with the benefit of a more accurate representation of the outliers. For evaluation, we compare our approach with other state-of-the-art anomaly detection algorithms on four standard data sets including the KDD-Cup 99. The results show that the proposed method performs as well as more complex approaches and is even superior on three out of four data sets.

Keywords

decision trees; security of data; anomaly detection; decision trees; parametric densities; split point determination algorithm; Artificial intelligence; Classification tree analysis; Computer science; Decision trees; Detection algorithms; Detectors; Impurities; Intrusion detection; Sampling methods; Training data;

fLanguage

English

Publisher

ieee

Conference_Titel

Pattern Recognition, 2008. ICPR 2008. 19th International Conference on

Conference_Location

Tampa, FL

ISSN

1051-4651

Print_ISBN

978-1-4244-2174-9

Electronic_ISBN

1051-4651

Type

conf

DOI

10.1109/ICPR.2008.4761796

Filename

4761796