Anomaly detection using the knowledge-based temporal abstraction method

Asaf Shabtai

arXiv preprint arXiv:1612.04804, 2016

The rapid growth in stored time-oriented data necessitates the development of new methods for handling, processing, and interpreting large amounts of temporal data. One important example of such processing is detecting anomalies in time-oriented data. The Knowledge-Based Temporal Abstraction method was previously proposed for intelligent interpretation of temporal data based on predefined domain knowledge. In this study we propose a framework that integrates the KBTA method with a temporal pattern mining process for anomaly detection. According to the proposed method a temporal pattern mining process is applied on a dataset of basic temporal abstraction database in order to extract patterns representing normal behavior. These patterns are then analyzed in order to identify abnormal time periods characterized by a significantly small number of normal patterns. The proposed approach was demonstrated using a dataset collected from a real server.