Explaining Anomalies in Groups with Characterizing Subspace Rules
Anomaly detection has numerous applications and has been studied vastly. We consider a complementary problem that has a much sparser literature: anomaly description. Interpretation of anomalies is crucial for practitioners for sense-making, troubleshooting, and planning actions. To this end, we present a new approach called x-PACS (for eXplaining Patterns of Anomalies with Characterizing Subspaces), which "reverse-engineers" the known anomalies by identifying (1) the groups (or patterns) that they form, and (2) the characterizing subspace and feature rules that separate each anomalous pattern from normal instances. Explaining anomalies in groups not only saves analyst time and gives insight into various types of anomalies, but also draws attention to potentially critical, repeating anomalies. In developing x-PACS, we first construct a desiderata for the anomaly description problem. From a descriptive data mining perspective, our method exhibits five desired properties in our desiderata. Namely, it can unearth anomalous patterns (i) of multiple different types, (ii) hidden in arbitrary subspaces of a high dimensional space, (iii) interpretable by the analysts, (iv) different from normal patterns of the data, and finally (v) succinct, providing the shortest data description. Furthermore, x-PACS is highly parallelizable and scales linearly in terms of data size. No existing work on anomaly description satisfies all of these properties simultaneously. While not our primary goal, the anomalous patterns we find serve as interpretable "signatures" and can be used for detection. We show the effectiveness of x-PACS in explanation as well as detection on real-world datasets as compared to state-of-the-art.
READ FULL TEXT