Anomaly Detection by Combining Decision Trees and Parametric Densities

Matthias Reif, Markus Goldstein, Armin Stahl, Thomas Breuel

In: Pattern Recognition, 2008. ICPR 2008.. International Conference on Pattern Recognition (ICPR-2008) 19th December 8-11 Tampa FL United States IEEE 12/2008.


In this paper a modified decision tree algorithm for anomaly detection is presented. During the tree building process, densities for the outlier class are used directly in the split point determination algorithm. No artificial counter-examples have to be sampled from the unknown class, which yields to more precise decision boundaries and a deterministic classification result. Furthermore, the prior of the outlier class can be used to adjust the sensitivity of the anomaly detector. The proposed method combines the advantages of classification trees with the benefit of a more accurate representation of the outliers. For evaluation, we compare our approach with other state-of-the-art anomaly detection algorithms on four standard data sets including the KDD-Cup 99. The results show that the proposed method performs as well as more complex approaches and is even superior on three out of four data sets.


Poster.pdf (pdf, 788 KB ) Anomaly_Detection_Trees.pdf (pdf, 177 KB )

Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence