Anomaly Detection with HMM Gauge Likelihood Analysis
This method addresses anomaly detection for time series data, such as syslog monitoring, but appears incremental as it builds on existing HMM and clustering techniques.
The paper tackles anomaly detection in discrete time series by introducing HMM gauge likelihood analysis (GLA), which uses Hidden Markov Models and clustering to identify anomalies without labeled data, demonstrating its application on synthetic and real-world syslog data.
This paper describes a new method, HMM gauge likelihood analysis, or GLA, of detecting anomalies in discrete time series using Hidden Markov Models and clustering. At the center of the method lies the comparison of subsequences. To achieve this, they first get assigned to their Hidden Markov Models using the Baum-Welch algorithm. Next, those models are described by an approximating representation of the probability distributions they define. Finally, this representation is then analyzed with the help of some clustering technique or other outlier detection tool and anomalies are detected. Clearly, HMMs could be substituted by some other appropriate model, e.g. some other dynamic Bayesian network. Our learning algorithm is unsupervised, so it does not require the labeling of large amounts of data. The usability of this method is demonstrated by applying it to synthetic and real-world syslog data.