• Corpus ID: 8109230

Peer Group Analysis - Local Anomaly Detection in Longitudinal Data

  title={Peer Group Analysis - Local Anomaly Detection in Longitudinal Data},
  author={Richard J. Bolton and David J. Hand},
Peer group analysis is a new tool for monitoring behavior over time in data mining situations. In particular, the tool detects individual objects that begin to behave in a way distinct from objects to which they had previously been similar. Each object is selected as a target object and is compared with all other objects in the database, using either external comparison criteria or internal criteria summarizing earlier behavior patterns of each object. Based on this comparison, a peer group of… 

Figures from this paper

Contextual Profiling of Homogeneous User Groups for Masquerade Detection

Group profiling methods are evaluated as a contextual means to detect internal threats, specifically masquerade attacks and a framework used for masquerade detection research is derived.

Healthcare fraud detection using primitive sub peer group analysis

Healthcare fraud is a significant problem greatly affecting the quality of healthcare services. Manual auditing of insurance claims extends to the delay in finding fraudulent behaviors causing huge

Expert Knowledge Elicitations in a Procurement Card Context: Towards Continuous Monitoring and Assurance

Internal Anomaly Detection in the area of employee procurement cards continues to be an issue within many firms, even large multinational corporations. . In this case, the authors observed the manual

Combining Statistical and Machine Learning Techniques in IoT Anomaly Detection for Smart Homes

The main idea relies on the fact that during an abnormal event, the device will be moved away from the center of the cluster, generating an alert that can be further used for proposing mitigation actions.

An application of peer group analysis in online banking fraud detection

........................................................................................................................ II Resumen

A Comparative Study on the Assessment of Personal Credit in Uncertain Environments

Naive Credal Classifier is also introduced to deal with incomplete credit datasets in the mobile environment and its performance is assessed by the precision and the area under Roc curve.

On monitoring heat-pumps with a group-based conformal anomaly detection approach

The ever increasing complexity of modern systems and equipment make the task of monitoring their health quite challenging. Traditional methods such as expert defined thresholds, physics based model

Decision making in an uncertain environment: An application of ROC analysis for credit scoring in the mobile telephone market

This paper describes the use of relative operating characteristics (ROC) analysis for decision making under uncertain circumstances. It is presented in the framework of credit scoring for a mobile

Identification of anomalous network security token usage via clustering and density estimation

An anomaly detection system based upon IP addresses, a mapping of geographic location as inferred from IP address, and usage timestamps that is capable of identifying fraudulent token usage with as little as a single instance of fraudulent usage while overcoming the often significant limitations in geographic IP address mappings is presented.

Electronic Fraud Detection in the U.S. Medicaid Healthcare Program: Lessons Learned from other Industries

A systematic literature study is conducted to analyze the application of existing electronic fraud detection techniques in similar industries to the US Medicaid program to improve frauddetection in the Medicaid health care program.



Temporal sequence learning and data reduction for anomaly detection

An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information.

Data Mining for Fun and Profit

Data qual- ity is a particularly troublesome issue in data mining applications, and this is examined.

Activity monitoring: noticing interesting changes in behavior

It is shown that two superficially different tasks, news story monitoring and intrusion detection, can be expressed naturally within the framework, and show that key differences in solution methods can be compared.

Combining Data Mining and Machine Learning for Effective Fraud Detection

This paper combines data mining and constructive induction with more standard machine learning techniques to design methods for detecting fraudulent usage of cellular telephones based on profiling customer behavior, and uses a rulelearning program to uncover indicators of fraudulent behavior from a large database of cellular calls.

Intrusion Detection via System Call Traces

Preliminary work in analyzing system call traces, particularly their structure during normal and anomalous behavior, reveals that normal program behavior can be described compactly using deterministic finite automata.

A sense of self for Unix processes

A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during


The motivation for massive tracking is discussed and the definition and the computation of one of the more interesting bytes in the profile are described and fully described.

Methodological issues in data mining

The nature of the new science of data mining is examined, drawing attention to the concepts and ideas it has inherited from areas such as statistics, machine learning, and database technology.

A decomposition of multi-dimensional point-sets with applications to k-nearest-neighbors and n-body potential fields (preliminary version)

The notion of a well-separated pair decomposition of points in d-dimensional space is defined and the resulting decomposition is applied to the efficient computation of nearest neighbors and body potential fields.

A decomposition of multidimensional point sets with applications to k-nearest-neighbors and n-body potential fields

The notion of a well-separated pair decomposition of points in d-dimensional space is defined and the resulting decomposition is applied to the efficient computation of nearest neighbors and body potential fields.