Anomaly Detection Using the Knowledge-based Temporal Abstraction Method

TL;DR

This paper introduces a framework combining knowledge-based temporal abstraction with pattern mining to detect anomalies in large time-oriented datasets, demonstrated on real server data.

Contribution

It presents a novel integration of KBTA with pattern mining for anomaly detection in temporal data, enhancing interpretability and accuracy.

Findings

Successfully identified abnormal periods with few normal patterns.

Effective on real server data, demonstrating practical applicability.

Improves anomaly detection by leveraging domain knowledge and pattern analysis.

Abstract

The rapid growth in stored time-oriented data necessitates the development of new methods for handling, processing, and interpreting large amounts of temporal data. One important example of such processing is detecting anomalies in time-oriented data. The Knowledge-Based Temporal Abstraction method was previously proposed for intelligent interpretation of temporal data based on predefined domain knowledge. In this study we propose a framework that integrates the KBTA method with a temporal pattern mining process for anomaly detection. According to the proposed method a temporal pattern mining process is applied on a dataset of basic temporal abstraction database in order to extract patterns representing normal behavior. These patterns are then analyzed in order to identify abnormal time periods characterized by a significantly small number of normal patterns. The proposed approach was demonstrated using a dataset collected from a real server.