What anomaly detection can do for you
what anomaly detection cannot do for you
When is anomaly detection helpful?
When is anomaly detection not helpful?
If you came into this with a blank slate, and wanted to set up an anomaly detection system, how would you do it?
(step-by-step) come up with an hypothetical, specific use case, walk through the steps.
generating time-series
extracting features
tuning model parameters
evaluating
If you came into this with a blank slate, and wanted to set up an anomaly detection system, how would you do it?
(step-by-step) come up with an hypothetical, specific use case, walk through the steps.
generating time-series
extracting features
tuning model parameters
evaluating
briefly evaluate various ways, classification models, why PCA is helpful (extract features in high dimensionality spaces)
briefly evaluate various ways, classification models, why PCA is helpful (extract features in high dimensionality spaces)
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
given that the nature of traffic is often changing and non-uniform, how do you consistently select features in an online fashion that keeps up with the seasonality of the data?
it turns out that this is unarguably the hardest part of outlier detection, and has to be done, because in very few scenarios can you just train a static model once and the detector will work fine forever.
thinking about it, if that is indeed the case, then you don’t have to deal with the complexity of ML anomaly detection techniques. you can use a simple rule/detector engine to alert when datapoints that does not fit the expected trend arrive.
Explain PCA, demo of PCA, visualization of what PCA looks like
how would you go about evaluating the efficacy of the system?
finding the true FNR of the detector - hard?
non-trivial problem, but it all boils down to FNR vs FPR
define fnr and fPr
does FNR/FPR change over time?
how would you go about evaluating the efficacy of the system?
finding the true FNR of the detector - hard?
non-trivial problem, but it all boils down to FNR vs FPR
define fnr and fPr
does FNR/FPR change over time?
lets say you wanted to get past an anomaly detector
we can make several different assumptions about the power that you have. what do you know? global knowledge? local knowledge?
lets say you wanted to get past an anomaly detector
we can make several different assumptions about the power that you have. what do you know? global knowledge? local knowledge?