Human-in-the-Loop Learning for Anomaly Detection: Novel Insights, Algorithms, and Applications

Rakibul Islam

doi:10.7273/000005527

Back

Human-in-the-Loop Learning for Anomaly Detection: Novel Insights, Algorithms, and Applications

Dissertation

Open access

Human-in-the-Loop Learning for Anomaly Detection: Novel Insights, Algorithms, and Applications

Rakibul Islam

Washington State University

Doctor of Philosophy (PhD), Washington State University

2021

DOI:

https://doi.org/10.7273/000005527

Files and links (1)

pdf

MD Rakibul Islam Dissertation36.59 MBDownload View

Open Access

Abstract

Active learning

Anomaly detection

Human in-the-loop learning

Outlier detection

Anomaly detection (AD) task corresponds to identifying the true anomalies among a given set of data instances. AD algorithms score the data instances and produce a ranked list of candidate anomalies. The ranked list of anomalies is then analyzed by a human to discover the true anomalies. However, AD systems are not practical when the number of false-positives is very high resulting in lot of wasted human effort. Therefore, in many real-world AD applications including computer security and fraud prevention, the anomaly detector must be configurable by the human analyst to minimize the effort on false positives. One important way to configure the detector is by providing true labels (nominal or anomaly) for a few instances by the analyst. This dissertation builds on the recent work on human-in-the-loop methods for anomaly detection and makes the following contributions. First, we provide an important insight that explains the practical successes of unsupervised tree-based {\em local} AD ensembles and active learning based on greedy querying for anomaly discovery. Second, we exploit the inherent strengths of tree-based ensembles to discover diverse anomalies and for generating interpretations of discovered anomalies to improve the usability of human-in-the-loop anomaly detection systems. Third, we develop a novel active learning algorithm to handle the streaming data setting. We present a novel data drift detection algorithm that not only detects the drift robustly, but also allows us to take corrective actions to adapt the anomaly detector in a principled manner. Fourth, to support human analysts that use AD systems based on simple and explainable {\em global} anomaly detectors, we propose a novel human-in-the-loop learning algorithm that automatically learns their {\em local} relevance to specific data instances using label feedback. Finally, we apply the principles and algorithms from our active anomaly detection work to a challenging real-world application, namely, accurate detection of malware on Android over time.

Metrics

1 File views/ downloads

30 Record Views

Details

Title: Human-in-the-Loop Learning for Anomaly Detection
Creators: Rakibul Islam
Contributors: Janardhan Rao Doppa (Advisor)
Haipeng Cai (Committee Member)
Adam Hahn (Committee Member)
Awarding Institution: Washington State University
Academic Unit: School of Electrical Engineering and Computer Science
Theses and Dissertations: Doctor of Philosophy (PhD), Washington State University
Publisher: Washington State University
Number of pages: 196
Identifiers: 99901052237801842
Language: English
Resource Type: Dissertation