Fast outlier detection for very large log data

Seung Kim; Nam Wook Cho; Bokyoung Kang; Suk Ho Kang

doi:10.1016/j.eswa.2011.01.162

Fast outlier detection for very large log data

Seung Kim
, Nam Wook Cho
, Bokyoung Kang
, Suk Ho Kang

Dept. of Industrial Engineering

Seoul National University

Research output: Contribution to journal › Article › peer-review

42 Scopus citations

Abstract

Density-based outlier detection identifies an outlying observation with reference to the density of the surrounding space. In spite of the several advantages of density-based outlier detections, its computational complexity remains one of the major barriers to its application. The purpose of the present study is to reduce the computation time of LOF (Local Outlier Factor), a density-based outlier detection algorithm. The proposed method incorporates kd-tree indexing and an approximated k-nearest neighbors search algorithm (ANN). Theoretical analysis on the approximation of nearest neighbor search was conducted. A set of experiments was conducted to examine the performance of the proposed algorithm. The results show that the method can effectively detect local outliers in a reduced computation time.

Original language	English
Pages (from-to)	9587-9596
Number of pages	10
Journal	Expert Systems with Applications
Volume	38
Issue number	8
DOIs	https://doi.org/10.1016/j.eswa.2011.01.162
State	Published - Aug 2011

Keywords

anomaly) detection
Approximated k-nearest neighbors
Density-based outlier detection
Intrusion (novelty
Kd-tree

Access to Document

10.1016/j.eswa.2011.01.162

Cite this

@article{f03227c18b604078b756e6653e6dc81c,

title = "Fast outlier detection for very large log data",

abstract = "Density-based outlier detection identifies an outlying observation with reference to the density of the surrounding space. In spite of the several advantages of density-based outlier detections, its computational complexity remains one of the major barriers to its application. The purpose of the present study is to reduce the computation time of LOF (Local Outlier Factor), a density-based outlier detection algorithm. The proposed method incorporates kd-tree indexing and an approximated k-nearest neighbors search algorithm (ANN). Theoretical analysis on the approximation of nearest neighbor search was conducted. A set of experiments was conducted to examine the performance of the proposed algorithm. The results show that the method can effectively detect local outliers in a reduced computation time.",

keywords = "anomaly) detection, Approximated k-nearest neighbors, Density-based outlier detection, Intrusion (novelty, Kd-tree",

author = "Seung Kim and Cho, \{Nam Wook\} and Bokyoung Kang and Kang, \{Suk Ho\}",

year = "2011",

month = aug,

doi = "10.1016/j.eswa.2011.01.162",

language = "English",

volume = "38",

pages = "9587--9596",

journal = "Expert Systems with Applications",

issn = "0957-4174",

number = "8",

}

TY - JOUR

T1 - Fast outlier detection for very large log data

AU - Kim, Seung

AU - Cho, Nam Wook

AU - Kang, Bokyoung

AU - Kang, Suk Ho

PY - 2011/8

Y1 - 2011/8

N2 - Density-based outlier detection identifies an outlying observation with reference to the density of the surrounding space. In spite of the several advantages of density-based outlier detections, its computational complexity remains one of the major barriers to its application. The purpose of the present study is to reduce the computation time of LOF (Local Outlier Factor), a density-based outlier detection algorithm. The proposed method incorporates kd-tree indexing and an approximated k-nearest neighbors search algorithm (ANN). Theoretical analysis on the approximation of nearest neighbor search was conducted. A set of experiments was conducted to examine the performance of the proposed algorithm. The results show that the method can effectively detect local outliers in a reduced computation time.

AB - Density-based outlier detection identifies an outlying observation with reference to the density of the surrounding space. In spite of the several advantages of density-based outlier detections, its computational complexity remains one of the major barriers to its application. The purpose of the present study is to reduce the computation time of LOF (Local Outlier Factor), a density-based outlier detection algorithm. The proposed method incorporates kd-tree indexing and an approximated k-nearest neighbors search algorithm (ANN). Theoretical analysis on the approximation of nearest neighbor search was conducted. A set of experiments was conducted to examine the performance of the proposed algorithm. The results show that the method can effectively detect local outliers in a reduced computation time.

KW - anomaly) detection

KW - Approximated k-nearest neighbors

KW - Density-based outlier detection

KW - Intrusion (novelty

KW - Kd-tree

UR - https://www.scopus.com/pages/publications/79953720253

U2 - 10.1016/j.eswa.2011.01.162

DO - 10.1016/j.eswa.2011.01.162

M3 - Article

AN - SCOPUS:79953720253

SN - 0957-4174

VL - 38

SP - 9587

EP - 9596

JO - Expert Systems with Applications

JF - Expert Systems with Applications

IS - 8

ER -

Fast outlier detection for very large log data

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this