Adaptive Threshold for Outlier Detection on Data Streams

Abstract

As the distribution of a data stream evolves over time, a learner must adapt to its distributional shifts in order to make accurate predictions. In the context of anomaly detection, it is crucial for the learner to distinguish between natural changes in distribution and true anomalies in the data stream. This is the problem we focus on in this study which considers the situation where only normal data are available for initial training, but subsequent data can be either normal or anomalous. In that context, it is necessary to train a one-class learning anomaly detection system on the normal data and let the system output a score representing the degree of normalcy or outlierness that each data point in the subsequent data stream exhibits. The system then uses a threshold to discriminate between normal and anomalous instances. In the case of data stream, the data distribution may shift overtime, and a fixed threshold could develop a high false alarm rate or a low outlier detection rate in case of concept drift. To this end, we designed an adaptive sliding window approach which updates the threshold when necessary based on the scores distribution. Experimental results show that our method improves the performance of base anomaly detectors by dynamically updating the threshold of the scores when needed rather than using a fixed threshold or an adaptive threshold with fixed window sizes.