View article

A common problem in data analysis is that of discriminating between modes of normal behavior and modes of abnormal behavior. Of particular interest are techniques that can automatically detect abnormal activity in data. This is important since abnormal data may be indicative of measurement error in scientic data, or malicious activity in security audit data. There are two basic approaches to the problem of automatically nding abnormalities. The rst is known as signature detection, which involves nding known patterns of abnormality in a database. However, it has the drawback of not being able to detect abnormalities for which there is no prior information. The second approach is known as anomaly detection, which involves building a model of normal data and then searching for patterns that do not t this model. Unlike the signature detection approach, it is able to detect abnormalities for which there is no prior …