SlideShare a Scribd company logo

data engineering topic on cluster analysis

Download as PPT, PDF
D
DwarakacharlaTarun

Chapter 12 of 'Data Mining: Concepts and Techniques' discusses outlier analysis, focusing on the definition, types, and detection methods of outliers. The chapter categorizes outliers into global, contextual, and collective types, highlighting the challenges and various detection methods, including supervised, unsupervised, and semi-supervised approaches. It emphasizes the significance of properly modeling normal objects and understanding noise in order to effectively identify outliers applicable in various fields such as fraud detection and medical analysis.

Engineering
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
1 Data Mining: Concepts and Techniques (3rd ed.) — Chapter 12 — Jiawei Han, Micheline Kamber, and Jian Pei University of Illinois at Urbana-Champaign & Simon Fraser University ©2011 Han, Kamber & Pei. All rights reserved.
2 Chapter 12. Outlier Analysis  Outlier and Outlier Analysis  Outlier Detection Methods
3 What Are Outliers?  Outlier: A data object that deviates significantly from the normal objects as if it were generated by a different mechanism  Ex.: Unusual credit card purchase, sports: Michael Jordon, Wayne Gretzky, ...  Outliers are different from the noise data  Noise is random error or variance in a measured variable  Noise should be removed before outlier detection  Outliers are interesting: It violates the mechanism that generates the normal data  Outlier detection vs. novelty detection: early stage, outlier; but later merged into the model  Applications:  Credit card fraud detection  Telecom fraud detection  Customer segmentation  Medical analysis
4 Types of Outliers (I)  Three kinds: global, contextual and collective outliers  Global outlier (or point anomaly)  Object is Og if it significantly deviates from the rest of the data set  Ex. Intrusion detection in computer networks  Issue: Find an appropriate measurement of deviation  Contextual outlier (or conditional outlier)  Object is Oc if it deviates significantly based on a selected context  Ex. 80o F in Urbana: outlier? (depending on summer or winter?)  Attributes of data objects should be divided into two groups  Contextual attributes: defines the context, e.g., time & location  Behavioral attributes: characteristics of the object, used in outlier evaluation, e.g., temperature  Can be viewed as a generalization of local outliers—whose density significantly deviates from its local area  Issue: How to define or formulate meaningful context? Global Outlier
5 Types of Outliers (II)  Collective Outliers  A subset of data objects collectively deviate significantly from the whole data set, even if the individual data objects may not be outliers  Applications: E.g., intrusion detection:  When a number of computers keep sending denial-of-service packages to each other Collective Outlier  Detection of collective outliers  Consider not only behavior of individual objects, but also that of groups of objects  Need to have the background knowledge on the relationship among data objects, such as a distance or similarity measure on objects.  A data set may have multiple types of outlier  One object may belong to more than one type of outlier
6 Challenges of Outlier Detection  Modeling normal objects and outliers properly  Hard to enumerate all possible normal behaviors in an application  The border between normal and outlier objects is often a gray area  Application-specific outlier detection  Choice of distance measure among objects and the model of relationship among objects are often application-dependent  E.g., clinic data: a small deviation could be an outlier; while in marketing analysis, larger fluctuations  Handling noise in outlier detection  Noise may distort the normal objects and blur the distinction between normal objects and outliers. It may help hide outliers and reduce the effectiveness of outlier detection  Understandability  Understand why these are outliers: Justification of the detection  Specify the degree of an outlier: the unlikelihood of the object being generated by a normal mechanism
7 Chapter 12. Outlier Analysis  Outlier and Outlier Analysis  Outlier Detection Methods
Outlier Detection I: Supervised Methods  Two ways to categorize outlier detection methods:  Based on whether user-labeled examples of outliers can be obtained:  Supervised, semi-supervised vs. unsupervised methods  Based on assumptions about normal data and outliers:  Statistical, proximity-based, and clustering-based methods  Outlier Detection I: Supervised Methods  Modeling outlier detection as a classification problem  Samples examined by domain experts used for training & testing  Methods for Learning a classifier for outlier detection effectively:  Model normal objects & report those not matching the model as outliers, or  Model outliers and treat those not matching the model as normal  Challenges  Imbalanced classes, i.e., outliers are rare: Boost the outlier class and make up some artificial outliers  Catch as many outliers as possible, i.e., recall is more important than accuracy (i.e., not mislabeling normal objects as outliers) 8
Outlier Detection II: Unsupervised Methods  Assume the normal objects are somewhat ``clustered'‘ into multiple groups, each having some distinct features  An outlier is expected to be far away from any groups of normal objects  Weakness: Cannot detect collective outlier effectively  Normal objects may not share any strong patterns, but the collective outliers may share high similarity in a small area  Ex. In some intrusion or virus detection, normal activities are diverse  Unsupervised methods may have a high false positive rate but still miss many real outliers.  Supervised methods can be more effective, e.g., identify attacking some key resources  Many clustering methods can be adapted for unsupervised methods  Find clusters, then outliers: not belonging to any cluster  Problem 1: Hard to distinguish noise from outliers  Problem 2: Costly since first clustering: but far less outliers than normal objects  Newer methods: tackle outliers directly 9
Outlier Detection III: Semi-Supervised Methods  Situation: In many applications, the number of labeled data is often small: Labels could be on outliers only, normal objects only, or both  Semi-supervised outlier detection: Regarded as applications of semi- supervised learning  If some labeled normal objects are available  Use the labeled examples and the proximate unlabeled objects to train a model for normal objects  Those not fitting the model of normal objects are detected as outliers  If only some labeled outliers are available, a small number of labeled outliers many not cover the possible outliers well  To improve the quality of outlier detection, one can get help from models for normal objects learned from unsupervised methods 10
Outlier Detection (1): Statistical Methods  Statistical methods (also known as model-based methods) assume that the normal data follow some statistical model (a stochastic model)  The data not following the model are outliers. 11  Effectiveness of statistical methods: highly depends on whether the assumption of statistical model holds in the real data  There are rich alternatives to use various statistical models  E.g., parametric vs. non-parametric  Example (right figure): First use Gaussian distribution to model the normal data  For each object y in region R, estimate gD(y), the probability of y fits the Gaussian distribution  If gD(y) is very low, y is unlikely generated by the Gaussian model, thus an outlier
Outlier Detection (2): Proximity-Based Methods  An object is an outlier if the nearest neighbors of the object are far away, i.e., the proximity of the object is significantly deviates from the proximity of most of the other objects in the same data set 12  The effectiveness of proximity-based methods highly relies on the proximity measure.  In some applications, proximity or distance measures cannot be obtained easily.  Often have a difficulty in finding a group of outliers which stay close to each other  Two major types of proximity-based outlier detection  Distance-based vs. density-based  Example (right figure): Model the proximity of an object using its 3 nearest neighbors  Objects in region R are substantially different from other objects in the data set.  Thus the objects in R are outliers
Outlier Detection (3): Clustering-Based Methods  Normal data belong to large and dense clusters, whereas outliers belong to small or sparse clusters, or do not belong to any clusters 13  Since there are many clustering methods, there are many clustering-based outlier detection methods as well  Clustering is expensive: straightforward adaption of a clustering method for outlier detection can be costly and does not scale up well for large data sets  Example (right figure): two clusters  All points not in R form a large cluster  The two points in R form a tiny cluster, thus are outliers

More Related Content

PPT
12Outlier.for software introductionalism
faiziikanwal47
 
PDF
12 outlier
JoonyoungJayGwak
 
PPT
Chapter 12. Outlier Detection.ppt
Subrata Kumer Paul
 
PPT
Chapter 12 outlier
Houw Liong The
 
PPTX
Outlier analysis,Chapter-12, Data Mining: Concepts and Techniques
Ashikur Rahman
 
PPT
Data mining: Concepts and Techniques, Chapter12 outlier Analysis
Salah Amean
 
PPT
Data cleaning-outlier-detection
Chathurangi Shyalika
 
PDF
Chapter 6.pdf
DrGnaneswariG
 
12Outlier.for software introductionalism
faiziikanwal47
 
12 outlier
JoonyoungJayGwak
 
Chapter 12. Outlier Detection.ppt
Subrata Kumer Paul
 
Chapter 12 outlier
Houw Liong The
 
Outlier analysis,Chapter-12, Data Mining: Concepts and Techniques
Ashikur Rahman
 
Data mining: Concepts and Techniques, Chapter12 outlier Analysis
Salah Amean
 
Data cleaning-outlier-detection
Chathurangi Shyalika
 
Chapter 6.pdf
DrGnaneswariG
 

Similar to data engineering topic on cluster analysis (20)

PDF
Outlier Detection Using Unsupervised Learning on High Dimensional Data
IJERA Editor
 
PDF
Introduction to unsupervised learning: outlier detection
Joseph Itopa Abubakar
 
PPT
3.7 outlier analysis
Krish_ver2
 
PDF
Anomaly detection Workshop slides
QuantUniversity
 
PDF
Outlier Detection
Dr. Abdul Ahad Abro
 
DOCX
A Survey on Cluster Based Outlier Detection Techniques in Data Stream
IIRindia
 
PPTX
Outlier-Detection-in-Higher-Dimensions in data mining
vikkyvivek043
 
DOCX
Data Mining Anomaly DetectionLecture Notes for Chapt.docx
randyburney60861
 
PDF
angle based outlier de
Kruthikka Palraj
 
PDF
Kdd08 abod
Kruthikka Palraj
 
PPT
Chap10 Anomaly Detection
guest76d673
 
PDF
Outlier Detection Approaches in Data Mining
IRJET Journal
 
PPTX
Chapter 10 Anomaly Detection
Khalid Elshafie
 
PPTX
Outlier analysis and anomaly detection
ShantanuDeosthale
 
PDF
Multiple Linear Regression Models in Outlier Detection
IJORCS
 
PPTX
Anomaly Detection
Datamining Tools
 
PPTX
Anomaly Detection
DataminingTools Inc
 
PPTX
Anomaly Detection
guest0edcaf
 
PDF
Anomaly detection
QuantUniversity
 
PPTX
Outlier Detection in Data Mining An Essential Component of Semiconductor Manu...
yieldWerx Semiconductor
 
Outlier Detection Using Unsupervised Learning on High Dimensional Data
IJERA Editor
 
Introduction to unsupervised learning: outlier detection
Joseph Itopa Abubakar
 
3.7 outlier analysis
Krish_ver2
 
Anomaly detection Workshop slides
QuantUniversity
 
Outlier Detection
Dr. Abdul Ahad Abro
 
A Survey on Cluster Based Outlier Detection Techniques in Data Stream
IIRindia
 
Outlier-Detection-in-Higher-Dimensions in data mining
vikkyvivek043
 
Data Mining Anomaly DetectionLecture Notes for Chapt.docx
randyburney60861
 
angle based outlier de
Kruthikka Palraj
 
Kdd08 abod
Kruthikka Palraj
 
Chap10 Anomaly Detection
guest76d673
 
Outlier Detection Approaches in Data Mining
IRJET Journal
 
Chapter 10 Anomaly Detection
Khalid Elshafie
 
Outlier analysis and anomaly detection
ShantanuDeosthale
 
Multiple Linear Regression Models in Outlier Detection
IJORCS
 
Anomaly Detection
Datamining Tools
 
Anomaly Detection
DataminingTools Inc
 
Anomaly Detection
guest0edcaf
 
Anomaly detection
QuantUniversity
 
Outlier Detection in Data Mining An Essential Component of Semiconductor Manu...
yieldWerx Semiconductor
 
Ad

Recently uploaded (20)

PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Sustainable Sites - Green Building Construction
mhdumerali
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Construction Project Organization Group 2.pptx
vj5agdales
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Project quality management in manufacturing
BarMusaTetik
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
composite construction of structures.pdf
AinieButt1
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Ad

data engineering topic on cluster analysis

  • 1. 1 Data Mining: Concepts and Techniques (3rd ed.) — Chapter 12 — Jiawei Han, Micheline Kamber, and Jian Pei University of Illinois at Urbana-Champaign & Simon Fraser University ©2011 Han, Kamber & Pei. All rights reserved.
  • 2. 2 Chapter 12. Outlier Analysis  Outlier and Outlier Analysis  Outlier Detection Methods
  • 3. 3 What Are Outliers?  Outlier: A data object that deviates significantly from the normal objects as if it were generated by a different mechanism  Ex.: Unusual credit card purchase, sports: Michael Jordon, Wayne Gretzky, ...  Outliers are different from the noise data  Noise is random error or variance in a measured variable  Noise should be removed before outlier detection  Outliers are interesting: It violates the mechanism that generates the normal data  Outlier detection vs. novelty detection: early stage, outlier; but later merged into the model  Applications:  Credit card fraud detection  Telecom fraud detection  Customer segmentation  Medical analysis
  • 4. 4 Types of Outliers (I)  Three kinds: global, contextual and collective outliers  Global outlier (or point anomaly)  Object is Og if it significantly deviates from the rest of the data set  Ex. Intrusion detection in computer networks  Issue: Find an appropriate measurement of deviation  Contextual outlier (or conditional outlier)  Object is Oc if it deviates significantly based on a selected context  Ex. 80o F in Urbana: outlier? (depending on summer or winter?)  Attributes of data objects should be divided into two groups  Contextual attributes: defines the context, e.g., time & location  Behavioral attributes: characteristics of the object, used in outlier evaluation, e.g., temperature  Can be viewed as a generalization of local outliers—whose density significantly deviates from its local area  Issue: How to define or formulate meaningful context? Global Outlier
  • 5. 5 Types of Outliers (II)  Collective Outliers  A subset of data objects collectively deviate significantly from the whole data set, even if the individual data objects may not be outliers  Applications: E.g., intrusion detection:  When a number of computers keep sending denial-of-service packages to each other Collective Outlier  Detection of collective outliers  Consider not only behavior of individual objects, but also that of groups of objects  Need to have the background knowledge on the relationship among data objects, such as a distance or similarity measure on objects.  A data set may have multiple types of outlier  One object may belong to more than one type of outlier
  • 6. 6 Challenges of Outlier Detection  Modeling normal objects and outliers properly  Hard to enumerate all possible normal behaviors in an application  The border between normal and outlier objects is often a gray area  Application-specific outlier detection  Choice of distance measure among objects and the model of relationship among objects are often application-dependent  E.g., clinic data: a small deviation could be an outlier; while in marketing analysis, larger fluctuations  Handling noise in outlier detection  Noise may distort the normal objects and blur the distinction between normal objects and outliers. It may help hide outliers and reduce the effectiveness of outlier detection  Understandability  Understand why these are outliers: Justification of the detection  Specify the degree of an outlier: the unlikelihood of the object being generated by a normal mechanism
  • 7. 7 Chapter 12. Outlier Analysis  Outlier and Outlier Analysis  Outlier Detection Methods
  • 8. Outlier Detection I: Supervised Methods  Two ways to categorize outlier detection methods:  Based on whether user-labeled examples of outliers can be obtained:  Supervised, semi-supervised vs. unsupervised methods  Based on assumptions about normal data and outliers:  Statistical, proximity-based, and clustering-based methods  Outlier Detection I: Supervised Methods  Modeling outlier detection as a classification problem  Samples examined by domain experts used for training & testing  Methods for Learning a classifier for outlier detection effectively:  Model normal objects & report those not matching the model as outliers, or  Model outliers and treat those not matching the model as normal  Challenges  Imbalanced classes, i.e., outliers are rare: Boost the outlier class and make up some artificial outliers  Catch as many outliers as possible, i.e., recall is more important than accuracy (i.e., not mislabeling normal objects as outliers) 8
  • 9. Outlier Detection II: Unsupervised Methods  Assume the normal objects are somewhat ``clustered'‘ into multiple groups, each having some distinct features  An outlier is expected to be far away from any groups of normal objects  Weakness: Cannot detect collective outlier effectively  Normal objects may not share any strong patterns, but the collective outliers may share high similarity in a small area  Ex. In some intrusion or virus detection, normal activities are diverse  Unsupervised methods may have a high false positive rate but still miss many real outliers.  Supervised methods can be more effective, e.g., identify attacking some key resources  Many clustering methods can be adapted for unsupervised methods  Find clusters, then outliers: not belonging to any cluster  Problem 1: Hard to distinguish noise from outliers  Problem 2: Costly since first clustering: but far less outliers than normal objects  Newer methods: tackle outliers directly 9
  • 10. Outlier Detection III: Semi-Supervised Methods  Situation: In many applications, the number of labeled data is often small: Labels could be on outliers only, normal objects only, or both  Semi-supervised outlier detection: Regarded as applications of semi- supervised learning  If some labeled normal objects are available  Use the labeled examples and the proximate unlabeled objects to train a model for normal objects  Those not fitting the model of normal objects are detected as outliers  If only some labeled outliers are available, a small number of labeled outliers many not cover the possible outliers well  To improve the quality of outlier detection, one can get help from models for normal objects learned from unsupervised methods 10
  • 11. Outlier Detection (1): Statistical Methods  Statistical methods (also known as model-based methods) assume that the normal data follow some statistical model (a stochastic model)  The data not following the model are outliers. 11  Effectiveness of statistical methods: highly depends on whether the assumption of statistical model holds in the real data  There are rich alternatives to use various statistical models  E.g., parametric vs. non-parametric  Example (right figure): First use Gaussian distribution to model the normal data  For each object y in region R, estimate gD(y), the probability of y fits the Gaussian distribution  If gD(y) is very low, y is unlikely generated by the Gaussian model, thus an outlier
  • 12. Outlier Detection (2): Proximity-Based Methods  An object is an outlier if the nearest neighbors of the object are far away, i.e., the proximity of the object is significantly deviates from the proximity of most of the other objects in the same data set 12  The effectiveness of proximity-based methods highly relies on the proximity measure.  In some applications, proximity or distance measures cannot be obtained easily.  Often have a difficulty in finding a group of outliers which stay close to each other  Two major types of proximity-based outlier detection  Distance-based vs. density-based  Example (right figure): Model the proximity of an object using its 3 nearest neighbors  Objects in region R are substantially different from other objects in the data set.  Thus the objects in R are outliers
  • 13. Outlier Detection (3): Clustering-Based Methods  Normal data belong to large and dense clusters, whereas outliers belong to small or sparse clusters, or do not belong to any clusters 13  Since there are many clustering methods, there are many clustering-based outlier detection methods as well  Clustering is expensive: straightforward adaption of a clustering method for outlier detection can be costly and does not scale up well for large data sets  Example (right figure): two clusters  All points not in R form a large cluster  The two points in R form a tiny cluster, thus are outliers