(2 intermediate revisions by the same user not shown) | |||
Line 41: | Line 41: | ||
'''In Computer Security''' | '''In Computer Security''' | ||
− | Anomaly Detection for Computer Security (taken verbatim from http://www.cs.unm.edu/~terran/research/anomaly_detection_for_computer_security) | + | Anomaly Detection for Computer Security (taken verbatim from [http://www.cs.unm.edu/~terran/research/anomaly_detection_for_computer_security]) |
".. A number of critical problems in computer security can be viewed as distinguishing some "normal" circumstance from "anomalous" or "abnormal" circumstances. For example, we can think of computer viruses as being (syntactic and begavioral) abnormal modifications to normal programs. Similarly, network intrusion detection is also an attempt to discern unusual or abnormal patterns in network traffic. Superficially, this is a standard binary concept learning problem from supervised learning. In practice, however, it's usually infeasible to treat the problem directly this way. Typically, we don't have a thorough sample of examples of abnormal/hostile data, either because the data itself is hard to come by (many sources don't preserve or won't release records of their own vulnerabilities) or because novel attacks are constantly being introduced. Furthermore, defenses based on any fixed assumption of the distribution of attacks would be vulnerable to attacks designed specifically to subvert that assumption. (Virus authors, for example, appear to test their new strains against current commercial antivirus programs in order to develop undetectable strains.) Thus, it is often advantageous to conceive of the anomaly detection problem as the task of developing a strong model of normal behaviors and detecting abnormalities as deviations from that model. This offers the dual benefits of adaptivity to individual systems/users/sites and of (in principle) being less vulnerable to novel attacks. | ".. A number of critical problems in computer security can be viewed as distinguishing some "normal" circumstance from "anomalous" or "abnormal" circumstances. For example, we can think of computer viruses as being (syntactic and begavioral) abnormal modifications to normal programs. Similarly, network intrusion detection is also an attempt to discern unusual or abnormal patterns in network traffic. Superficially, this is a standard binary concept learning problem from supervised learning. In practice, however, it's usually infeasible to treat the problem directly this way. Typically, we don't have a thorough sample of examples of abnormal/hostile data, either because the data itself is hard to come by (many sources don't preserve or won't release records of their own vulnerabilities) or because novel attacks are constantly being introduced. Furthermore, defenses based on any fixed assumption of the distribution of attacks would be vulnerable to attacks designed specifically to subvert that assumption. (Virus authors, for example, appear to test their new strains against current commercial antivirus programs in order to develop undetectable strains.) Thus, it is often advantageous to conceive of the anomaly detection problem as the task of developing a strong model of normal behaviors and detecting abnormalities as deviations from that model. This offers the dual benefits of adaptivity to individual systems/users/sites and of (in principle) being less vulnerable to novel attacks. | ||
A bit more formally, the anomaly detection problem can be framed as a distribution estimation problem for a single class of data (normal behavior) coupled with a threshold selection procedure to define the negative pattern (anomaly) space. The challenge lies in developing sufficiently descriptive models of normal behavior that still allow discrimination of abnormalities .." | A bit more formally, the anomaly detection problem can be framed as a distribution estimation problem for a single class of data (normal behavior) coupled with a threshold selection procedure to define the negative pattern (anomaly) space. The challenge lies in developing sufficiently descriptive models of normal behavior that still allow discrimination of abnormalities .." | ||
+ | |||
+ | List of past conferences/symposiums on application of machine learning techniques to anomaly detection | ||
+ | |||
+ | 1. Symposium on Machine Learning for Anomaly Detection(2004) | ||
+ | [http://cll.stanford.edu/symposia/anomaly/] | ||
+ | |||
+ | 2. Machine Learning Algorithms for Surveillance and Event Detection | ||
+ | [http://web.engr.oregonstate.edu/~wong/workshops/icml2006/index.html] | ||
+ | |||
+ | 3. DATA MINING METHODS FOR ANOMALY DETECTION | ||
+ | [http://www.dmargineantu.net/AD-KDD05/] | ||
+ | |||
+ | An interesting implementation of anomaly detection in Oracle 11g database using one class classification methods. | ||
+ | http://download-uk.oracle.com/docs/cd/B28359_01/datamine.111/b28129/anomalies.htm | ||
+ | |||
+ | '''In Outlier Detection''' | ||
+ | |||
+ | The following paper presents a comprehensive survey of the state-of-art in outlier detection methodologies. | ||
+ | http://www.cs.umn.edu/research/technical_reports.php?page=report&report_id=07-017 | ||
+ | |||
+ | From the abstract of the paper .. | ||
+ | "Outlier detection has been a very important concept in the realm of data analysis. Recently, several application domains have realized the direct mapping between outliers in data and real world anomalies, that are of great interest to an analyst. Outlier detection has been researched within various application domains and knowledge disciplines. This survey provides a comprehensive overview of existing outlier detection techniques by classifying them along different dimensions." |
Latest revision as of 11:18, 28 April 2008
This page can be used to discuss the applications of pattern recognition in our daily research! This would provide us an intuitive understanding of course topics. Please discuss "applied" pattern recognition here. Instead of just mentioning the field, please explain in detail how a specific tool of pattern recognition can be used in research.
- Case-based Reasoning_OldKiwi
- Wireless Communications_OldKiwi
- Image Processing_OldKiwi
- Implementation Issues_OldKiwi
- Video Classification - State of the Art_OldKiwi
From yamini.nimmagadda.1 Sun Feb 3 15:44:44 -0500 2008 From: yamini.nimmagadda.1 Date: Sun, 03 Feb 2008 15:44:44 -0500 Subject: Maximum Likelihood Estimate Message-ID: <20080203154444-0500@https://engineering.purdue.edu>
In Wireless Communications:
- If the input sequence messages are equally likely, Convolutional decoders like Viterbi minimizes the probability of error using the maximum likelihood estimate between the output sequence and all the possible input sequences.
In Image Processing:
- Maximum likelihood estimates can be used in image matching (edge template matching and gray-level image matching). This can be applied to stereo matching and feature tracking. More about this topic can be found here ... [1]
- Maximum likelihood can also be used in image reconstruction or restoration. Surprisingly, I found the usage of this in compression artifact removal also. See this paper [2]
In Signal Processing:
- automatic speech recognition
- face recognition
In Face Reconition:
- Fisher Linear Discriminant (FLD) is widely used in face recognition. Here is a paper for reference: [3]. Also variants of FLD are used for face recognition such as DiaFLD [4]. It has been observed that FLD works better than Principal Component Analysis in classifying the facial features.
Face detection vs Face recognition_OldKiwi
In Image Segmentation:
- Image Segmentation is performed by conventional graphical methods, but many a times, some pixels not belonging to the same object are classified into the same segment. Also, in images where a wide background is separated by a thin boundary line, image segmentation can be performed by obtaining features from FLD. I experimented this personally and found that the results are better than the conventional methods. This paper gives a starting point in doing this [5].
In Artifical Intelligence:
The applications of support vector machines in various fields can be found here.
[6]
In Computer Security
Anomaly Detection for Computer Security (taken verbatim from [7])
".. A number of critical problems in computer security can be viewed as distinguishing some "normal" circumstance from "anomalous" or "abnormal" circumstances. For example, we can think of computer viruses as being (syntactic and begavioral) abnormal modifications to normal programs. Similarly, network intrusion detection is also an attempt to discern unusual or abnormal patterns in network traffic. Superficially, this is a standard binary concept learning problem from supervised learning. In practice, however, it's usually infeasible to treat the problem directly this way. Typically, we don't have a thorough sample of examples of abnormal/hostile data, either because the data itself is hard to come by (many sources don't preserve or won't release records of their own vulnerabilities) or because novel attacks are constantly being introduced. Furthermore, defenses based on any fixed assumption of the distribution of attacks would be vulnerable to attacks designed specifically to subvert that assumption. (Virus authors, for example, appear to test their new strains against current commercial antivirus programs in order to develop undetectable strains.) Thus, it is often advantageous to conceive of the anomaly detection problem as the task of developing a strong model of normal behaviors and detecting abnormalities as deviations from that model. This offers the dual benefits of adaptivity to individual systems/users/sites and of (in principle) being less vulnerable to novel attacks.
A bit more formally, the anomaly detection problem can be framed as a distribution estimation problem for a single class of data (normal behavior) coupled with a threshold selection procedure to define the negative pattern (anomaly) space. The challenge lies in developing sufficiently descriptive models of normal behavior that still allow discrimination of abnormalities .."
List of past conferences/symposiums on application of machine learning techniques to anomaly detection
1. Symposium on Machine Learning for Anomaly Detection(2004) [8]
2. Machine Learning Algorithms for Surveillance and Event Detection [9]
3. DATA MINING METHODS FOR ANOMALY DETECTION [10]
An interesting implementation of anomaly detection in Oracle 11g database using one class classification methods. http://download-uk.oracle.com/docs/cd/B28359_01/datamine.111/b28129/anomalies.htm
In Outlier Detection
The following paper presents a comprehensive survey of the state-of-art in outlier detection methodologies. http://www.cs.umn.edu/research/technical_reports.php?page=report&report_id=07-017
From the abstract of the paper .. "Outlier detection has been a very important concept in the realm of data analysis. Recently, several application domains have realized the direct mapping between outliers in data and real world anomalies, that are of great interest to an analyst. Outlier detection has been researched within various application domains and knowledge disciplines. This survey provides a comprehensive overview of existing outlier detection techniques by classifying them along different dimensions."