>> So, it's an honor to have Tom Dietterich with us today. I think I remember the first moment, I think I ran into Tom I was passing a seminar room. I looked in and then walked in at Stanford Margaret Jacks Hall, and there was some sort of a very interesting debate going on. Some machine learning topic. I think Rich's folks were there, and so, it's a just a memory that I've had over the past. I just remember that the first glimmer of the energy of Tom Dietterich. I've come to know him and love his work over the years. Tom mentioned during our fireside chat, the video we did last night together that we were talking a little bit about interests and this idea of that, I think we share one thing where we both have what we call, "Research Attention Deficit Disorder." We get very curious and excited about many topics and it's amazing to me how deep Tom goes on each of them that he attacks over the years. Tom did his undergraduate work at Oberlin, and then, did his master's at UIUC. I think you mentioned you were following at the time the line of where you can find the best computer. >> Right. >> Sticking phones into these 300 bud sockets and so on in those days. And then, did his graduate work at Stanford University, following I guess in [inaudible] after hanging out with Machalski at UIUC which got him into the machine learning world. And has worked on many different areas I think following all the recent trends and leading some of them. Remember, you and I were at the first UAI conference in 1985 together. And I remember you wearing a pair of shorts and asking hard questions in front of the room back in those days. I cannot forget anything Tom about these interesting interactions we've had over the years. Going to the probabilistic graphical model phase, it's always been touching on applications. Has been quite a lot of work during the Caelo project on desktop events and understand trying to infer the intentions of goals of users from desktop streams of evidence. More recently has been written like several of us here at the challenge of AI in the open world issues about robustness and understandability of these algorithms. He was a leader in this whole area that's now called Computational Sustainability, working with Carla Gomes at Cornell at defining this area and somehow convincing the National Science Foundation to fund it deeply. Looking at applications of optimization and other areas of Machine Intelligence to hard challenges with environment and speciation and resource management of planetary resources, sort of resonating with our AI effort now at Microsoft. Today, he'll be talking about a piece of this interesting area on robustness, I think it's an important aspect anomaly detection algorithms explanations and application. So, Tom thanks very much for being with us. >> Thank you. Is this working yet? >> Yes. >> Can you hear me? >> Yes. >> Okay. So of course, everything that I'm talking about today was done by someone else. So, this is a collaboration with two of my fellow faculty in Computer Science, Alan Fern and Weng-Keen Wong. Weng-Keen is currently rotating at NSF as a program manager but he'll be back in the Fall. And then two faculty from statistics, Sharmodeep Battacharyya and Debashis Mondal. And at least one of them did their thesis at UW but I don't remember which one. And then, several graduate students and as their contributions come up, I'll be pointing those out in the talk. So, I have a sort of long agenda here, this is more than I would usually try to cover in one talk, but some of them are fairly straightforward. So, what I want to do is start by defining this question of Anomaly Detection, what do we mean by that because that's not a terribly well-defined term. And then, I'll report briefly review big bench marking effort we did. Mostly, in the knowledge discovery and database community, there have been many algorithms published in the anomaly detection area. I think largely because they have many business problems in fraud detection and management, and this is a big tool there. But a lot of those are just publishing an algorithm, a mechanism without any kind of a theoretical foundation. And so, we wanted to understand them, and then, we've done a bit of work on probably approximately correct type of machine learning theory for what we call rare pattern anomaly detection. Then, I'll talk about scenarios like fraud detection, where you have a ranked list of anomalous transactions or users or whatever and now, you have an analyst in the loop. And so, you want to show the analysts say, your number one candidate and explain to them why you think it's anomalous. Obviously, it's not sufficient to dump 180 element vector on them and say, we think this is an anonymous user, but we want. So, I'll talk about some very simple feature-based explanations. And then, if we've got the analyst in the loop, we can also get feedback from them and use that to re-rank our candidates as we're presenting them. And that turns out at least in our benchmarking to be really powerful. And then, I'll wrap up with two applications. One which is a big sort of sustainability application involving, deploying 20,000 sensors weather stations in sub-Saharan Africa and then trying to automatically detect when stations break and sensors break and so on. And the other is, sort of open world AI problem, which is the problem of open category classification in say multi-class classification. So, defining anomalies. So, we're going to assume that our data are just feature vectors in dimensional real space and that we have a data set that is a mixture of what we'll call the nominal points, so that we don't call them the normal points and the others will call the anomalies. Our assumption is that the anomalies are generated by different generative process than the nominal points. But typically our data will be unlabeled, we'll talk about that I guess on the next slide which is there are really three setting. So, in some cases people have tried to formulate this as a Supervised Learning problem, so we get some labeled data, but in most of the sort of anomaly detection applications, the anomalies are quite rare. Fortunately, 50 percent of our users are not trying to defraud us, although, maybe it seems like that at times. And so, here we have severe class imbalance if we approach things from that perspective. Another possibility is that we are training on clean data that has no anomalies in it, but then, maybe at test time we are going to get contaminated data and we need to identify those contaminants and that's what happens in the open category case. And then, another situation is where our training data is contaminated with some kinds of anomalies and we want to figure out which points those might be. So, we'll be looking at those. So, I think a very important consideration here is this assumption I call the WDAD assumption. The assumption that they anomalies are drawn from a well-defined probability distribution. So, if just to backup, if you're formulating things in the supervised learning way you are essentially assuming my anomalies are coming from some well-defined distribution, right, and I can learn about that. But if we're in an adversarial setting like in the fraud or cyber security kinds of settings then that really is not a valid assumption to make, right? In fact, our adversaries are constantly trying to defeat whatever distributional assumptions we've made. Another case, in the weather network case it seems like it's adversarial in the sense that, it's sort of the number of ways something can be anomalous is sort of an unbounded set and I guess technically speaking it's still a well defined probability distribution but you don't have nearly enough data to have sampled the whole thing. So, you really can't model it. And another case that's come up, I've collaborated a little bit with Kiri Wagstaff, the Jet Propulsion Laboratory. And their user is usually a scientist and they're looking at data coming from some sensor like she's worked on some spectrometers that are on the Mars science observatory. And what the expert wants is to find the interesting data points. And now, the first few interesting data points are actually ways that the instrument fails, and they need to understand those. But then, they start being interested in unusual spectra that might signal some interesting compounds. But then, once they've seen those, then they say, well don't show me any more of those I want to see, show me real anomalies and so, it's a time changing notion. So I think, we need to be sensitive to when it's appropriate to make this assumption. So there are two main strategies for Unsupervised Anomaly Detection. It depends a lot on this parameter that we call Alpha, which is the fraction of the training points or test points that will be these anomalies. If Alpha is reasonably large, then we can think about fitting something like a two component mixture model and actually trying to model that anomaly distribution, if we're willing to make this well-defined distribution assumption. There are various conditions for that to work. Alternatively, if the proportion of anomalies is very small as it typically is in these fraud cases, then the main strategy is to treat it as a problem of outlier detection. So we're going to try to model the distribution of the nominal points, the ordinary users, and then treat the outliers as our candidate anomalies. The advantage there is that we don't have to make any assumption about the distribution. But of course, if the anomalies are not outliers, then we will miss some of them. Also, if the nominal distribution itself has very heavy tails so that it just naturally has a lot of outliers, this won't work either. So as I mentioned in the KDD literature, there must be 20 or 30 different algorithms that have been published. There's a huge number of papers there. A problem with many of these is that, unlike in a lot of other parts of machine learning and Computer Vision and natural language processing, there's not a large collection of standard benchmark datasets that you could do a thorough evaluation on these algorithms. Often, there's some sort of a corporate application with a proprietary dataset that they can't share. Then the most popular benchmark dataset is this computer intrusion dataset that was collected as part of a DARPA project back in the late 90s, and it turns out to be extremely easy. So, we strongly believe in benchmarking and the need to have a large and constantly growing collection of anomaly benchmarks. So, my student Andrew Emmott conducted a big benchmarking study. Our methodology was to repurpose existing supervised learning benchmarks either classification or regression problems. So we chose 19 datasets from the UC Irvine repository, which were all the datasets that satisfied a set of criteria we had. We wanted real-valued features. We wanted enough data. We wanted enough dimension. Then we would choose one or more of the classes to be these anomaly classes, the source of our anomalies, and the rest to be the nominals. This ensures that our anomaly points are being created by some process that's different from the data that's creating the nominals. Then we systematically varied things like Alpha, the relative frequency of the anomalies, the difficulty of the points, like how deeply embedded are they inside our nominal distribution versus how much are they outliers. We added redundant or irrelevant features to see how much that could defeat the algorithms. We also looked at how clustered the anomaly points are. Because to a large extent, these anomaly detection algorithms are all something that some form of approximate density estimation. You're essentially trying to model the probability density of the nominal points, and then score points according to how the very low density points are your anomalies. Now, if the anomalies are all tightly clustered, then they form a little peak of density, they don't look like they're low-density anymore, and so you'll miss them. So, we were interested in that. We created 20 replicates for each configuration of these manipulated values, and that gave us about 25,000 different benchmark datasets. So then, we compared a set of eight different algorithms. I won't go through all of them. But basically, there are some that are doing density estimation, some that we call the quantile-based methods, like the one-class Support Vector Machine is probably the best known of those. It tries to find a boundary around your data that contains say, one minus Delta of your data for some quantile you choose Delta. There are nearest neighbor-type distance methods, and then there are these projection methods. I want to talk about these because these two algorithms turn out to be very attractive for many reasons. So, the first algorithm and the one that actually performed the best on our benchmarking exercise is something called the Isolation Forest. Those of you who know me, know I love decision trees and anything random forests boosting all these things. So, I had a natural affinity for this algorithm. Although, when I first saw this paper came out, I said, "This is such a weird idea." But the basic idea is we're going to construct a fully completely random binary tree. Again, recall that our data are not labeled, so we just choose one of the attributes at random. Then, we choose a splitting threshold uniformly at random out of the observed range of the data. Then we do that, split the data recursively. We split this in some sense overfitting radically, until every data point is in its own leaf in the tree. In the paper, actually, they have ways of avoiding having to do that. You can stop the splitting at some point. The idea, and we'll build an ensemble of these, and these statistics were interested and is actually the depth of a point in the tree, the depth at which a point becomes completely isolated. Like let's say that my one data point x_i, is the only data point in this leaf node here, then we would say x_i, is isolated at depth three. The intuition here is in some sense, we're just throwing like a dartboard random separators at the data. How many random separations do we have to do before a data point is separated from all the rest of the data? The intuition is, well, if you're an outlier, it's going to take only a few random shots and we'll get you isolated. Whereas if you're deeply embedded in a tight cluster, I may have to split, split, split, split forever to get down to isolating you. So, the anomaly score that we get, well, so d-bar is going to be the average isolation depth over the 100 trees say some ensemble. Then, one nice thing in this paper is that they calculate the expected isolation depth from a little bit of theory. So, then they can normalize this so that it lies in a zero-one scale, where anomalies are given a score as close to one, and the nominal points typically have scores less than 0.5 or around 0.5. The other algorithm I want to talk about. Yes. >> Does that favor a particular basis of the features? If you have a linear transform of the features, you get a different basis. This is invariant. For example, if you have the point is not obviously outlier in one basis. But if you transform it, for example, even like the sphere. Then like it's fuzzy around that. I don't know if you can tell just by looking at this via one basis? >> It's true. So, of course, we've also looked at randomly rotating the data before we top it up. It helps a little bit, but the randomness increases the variance of the isolation depth, so then we have to make the ensemble bigger. So, it hasn't been enough of a game to be worthwhile to us because the memory starts to be an issue here. >> Why this business problem arise frequently enough in nature, or like in practice that you should actually care about this? >> Well, so in nature, I don't know. In our benchmark datasets and in our fraud detection applications, the features are generally meaningful. We're not doing this on images or things like this, where pixel 25 has no particular meaning at all. So, yeah. So I certainly wouldn't use this out of the box on images, that would be crazy. Maybe I would use it in the penultimate layer of CNN or something. I'm not even convinced that would be a good idea, but yeah. >> Maybe something like relationship between variables, like say, x squared plus y plus z squared, is like the meaningful variable like the outlier. >> But usually, just as decision trees, basically are looking at higher-order interactions. As you go deeper, you're looking, these things pretty much follow the data distribution. We only put splits where we have data, so they do a pretty good job. There was an interesting paper by Nina Mishra I think, and colleagues at ICML a couple of years ago, where they analyzed a slight variant of this algorithm and showed that the isolation depth is related to an LP norm and the distance between the outlier and the data. So in this case, basically an L1 norm. You can sort of imagine how this would be sort of like an L1 distance. If you look at these different algorithms, I think a lot of them are essentially doing something that's very similar. I mean, the nearest neighbor algorithms are calculating some distance, and the Isolation Forest is definitely calculating something like a distance also. Clearly, these things are using kernel distance, and these things are using something like a Gaussian kernel in the original space. So yeah, of course, you could apply PCA to try to rectify the data in some sense. The other method that I want to mention, or I should say, are there any other questions? Yes. >> Do any your benchmark datasets include behavioral data or sequential data that was generated by capturing traces of someone's behavior like networking intruder's behavior? >> No. So when we apply this in this DARPA, we were in this DARPA program called Atoms. There, we were looking at an organization that had 5,000 employees. We had actual desktop spyware installed, monitoring software on their desktops that they were working for some organization in the military industrial complex, so I'm allowed to say. So, we could go down and really look at every email messages they sent and even the content and all that stuff. But we summarized that at a daily time step, and turned it into a vector of how many emails did they sent, how many websites did they visit, how many this and that, and the other thing. Then we also did some normalization to try to deal with both asking how unusual was this day compared to the typical day of this user, and how unusual is this user on this day compared to everybody else in the company on that day. Because otherwise, we had these things where some new web link would be sent out through the whole company and everybody go visit it, and nobody had ever visited that link before, and we will get all excited if we're only looking at one you user. So we had to do some pretty serious feature engineering to turn this into something that was almost an ID. But then, all these algorithms are purely for that sort of feature vector case. In my weather data, we're again, just having to figure out how we can engineer the features to take what is very much a spatio-temporal time series and turn it into little database views that are approximately exchangeable. Okay, well, the second algorithm I want to mention is even simpler, is called LODA. Given a set of data points, what it does is, is create a set of capital M, say again, say 100 sparse random projections. So, it randomly chooses square root of d, where d, is the dimension of the data, square root of d, of the dimensions, and then defines a random projection onto a one-dimension, and then fits a one-dimensional density model. I've drawn it as a kernel density estimate, but they actually use an adaptive histogram estimator. Then what they do, is just calculate the average of the minus log density of a query point, so the average surprise. We can see, if we took a data point like this one right here, it would have a pretty high probability in this projection. But of course, if we got some other projection, then it will be mapped to a low-density tail. So, this is extremely simple idea, but also works surprisingly well presumably because they're not super however interactions in our data. So looking at three or four dimensions at a time, works pretty well. So then, how do we do our analysis? I point you to the archive papers for the details. But we basically, chose a couple of metrics either the area under the ROC curve, which we put through a LODA transform, or the log of the lift, which is related to the area under the precision-recall curve. Then, just try to set up a linear model to see it across all of these benchmarks, how much of the variation in the metric could be explained by the relative frequency of the anomalies, the difficulty of the points, the clusteredness, the amount of irrelevant features, what we call the mother set, the original, the domain from which the original dataset was drawn, and which algorithm are we using? Because I wanted to say, well, a typical finding in machine learning is that the choice of problem is much more important than which algorithm you use, and we were curious if that was true here or not. The answer is pretty much true also. So, here are those five factors. Here is the change in the R squared basically, how much variation can be explained in these two metrics? So area under the ROC curve, if we take a model and delete the dataset feature, how much R squared do we lose, or how much can we assign to the dataset? And that's the most important variable for explaining the observed AUC. Next is a relative frequency. So, if you have a dataset where the anomalies are very rare, we can do very well because we have very little contamination. As the nominees get more common, then these techniques fail. Because really only one of them has any explicit attempt to be robust and use a robust loss, that's this technique called robust kernel density estimation. All the others are just plunging forward fitting some kind of a model. So, the choice of algorithm is really only the third most important factor, and really not a whole lot more important than the others. But with that caveat, here are the different algorithms that we tested, sorted by decreasing change in the metric compared to a control baseline. What we see, is actually, the Isolation Forest was performing better than the other methods, and then there's sort of like a five-way tie for second place. Surprisingly, the one-class Support Vector Machine and Support Vector Data Description really performed the worst on these problems, which was quite a shock. Because I think if you asked a random machine learning person, "If I had a one-class problem and I needed to fit it, what would you use?" And they'd all say, "Well, gee, how about Scholkopf has this algorithm." We're a little puzzled about this. Of course, it's possible that we just didn't tune these properly. Although, we tried a lot of things, but we wanted to have a fully automated tuning procedure So, it may be that we didn't do that well. But there have been some papers recently in literature and auto tuning those, and so we were trying to use the current best practices. My own hypothesis here, is that the metrics that we're evaluating on are really related to how well you can rank the data points. Whereas these methods really just set it up as are you inside or outside of a particular quantile, a particular level set of the density. So, it's not clear that they're really been trained for the right to do well on these metrics. So, maybe that's why they don't do as well as some of these more distance-based or density-based approaches. So, we also find in general that the Isolation Forest is a bit more robust to irrelevant features, and that it's also a bit more robust to clustered anomaly points. So that may be why it has this slight advantage over the other methods. Okay. Well, let's move on now to thinking about whether we can have some kind of a theory to explain what's going on. Because one of the things we were quite surprised at is when we look at the learning curves, these algorithms all learn quite quickly. Of course, if we look at what existing sample complexity theory do we have for this kind of one-class or density estimation, it's often quite discouraging. So if you look at full density estimation, you typically need a number of examples that's exponential in the dimension of the data, and that doesn't match our experience. For the quantile methods, there are polynomial sample complexity results. So, our observations are maybe more consistent with something polynomial time. So, my colleague Alan Fern came up with this theory we call rare pattern anomaly detection, and it works as follows. So we imagine we're going to define, this is very valiant style pattern learning kind of thing, we're going to define a space of patterns or regions. So we'll define a pattern as a Boolean function that takes a point in d, dimensional space, and maps it either zero or one. So it might be a half plane or an axis-parallel hyper-rectangle, some kind of region. We'll let capital H, be the set of all the patterns in our pattern space. Then, the idea is to define a notion of a rare pattern and a common pattern. To do this, we need to do a little bit of being careful about measures. So we're going to assume some baseline measure. So if we're in say a hyper box in d, dimensional space, we might use just the Lebesgue measure, the uniform measure over that. But if we're in unbounded real space, we need to use something like a standard multivariate Gaussian as our baseline measure. We'll let mu(h) be the measure of that pattern, pattern h. Then, let's let p, be the probability density of the nominal data points, and it's defined over Rd, also. And will let p(h) be the probability assigned to pattern h. So, we'll say a pattern h, is tau-rare if the sort of normalized probability density is less than or equal to some threshold tau, and otherwise we'll say that pattern is tau-common. Then our definition of what we want, is we're going to say, a data point now, a query point is tau-rare if there exists a tau-rare pattern that that data point belongs to. So that data point belongs in pattern h, and h, is tau-rare. So it means there's some way of looking at the data, there's some bin in the data that this query point x, belongs to that is very unusual under the nominal distribution. So, then our goal, an ideal anomaly detection algorithm would output all of the tau-rare query points in a test set, and not output any of the tau-common points that would be the idea. So, I guess what's interesting about this model is that instead of trying to estimate the entire density or even trying to estimate a level set of the density, we're just choosing some set of regions in the space and just trying to figure out roughly what their probability density is or the probability of those. I think that this is why if we don't have too many of those regions, then we can get uniformly good estimates over most of them from a relatively small sample. So, we define an algorithm to be probably approximately correct RPAD. If for any probability density p, and any threshold tau, it draws a polynomial size sample. Then with probability one minus Epsilon, it detects all the tau-rare points and rejects, does not output any tau plus Epsilon common points. So we have to introduce a sort of elbow room parameter to allow the algorithm to make some mistakes. So it's allowed if a point is between tau plus Epsilon rare and tau rare, then the algorithm can do anything it wants there. So, what we end up with is an algorithm such as the following. We can draw a polynomial size sample, and we'll talk about what this is in a moment, and then we just estimate p-hat, is the fraction of the sample that belongs to each of our patterns, and then we can calculate the normalized rareness. Then we just say a query point is declared to be an anomaly if one of these tau-rare patterns is made true by that query point. So we can prove a sample complexity result that says that the number of samples we need is on the order of one over Epsilon squared, the log of the number of patterns plus log of one over Delta. So, very kind of typical pack result. It's a little unfortunate that this is Epsilon squared here. So that's going to mean if we want Epsilon to be 0.01, then we're going to need 10,000. This will be a big number, a big constant. Then we can get a VC dimension version of this, where the VC dimension plugs in here times log of one over Epsilon squared. So, there are lots of different practical algorithms you can design with this procedure. So, half spaces and axis-aligned hyper-rectangles, and in our paper, we worked out the VC dimension of all of these. In particular, we designed a version of the Isolation Forest that exactly matches this theory. To do that, the pattern space has to be chosen a priori in this theory, it can't be adaptive to the data. So to deal with that, we use the usual trick of say, taking our training data and dividing it in half, and using half the data to grow an isolation tree to some fixed depth k, that fixes our pattern space, and then the second-half of the data, we can estimate the probability of all of these bins. So, here are some examples on some datasets, where the plot on the left is for the actual Isolation Forest algorithm grown to a fixed depth k. This is our theoretical version of it also at depth k. The vertical axis is the area under the ROC curve, and I apologize that the axes are different in the two plots. Then these different lines are for different depths of tree. But if we just look in this case, the depth one tree is actually works the best. We see that in this case, the pattern min method actually does a little bit better than the Isolation Forest on the area under the ROC curve. For another dataset particle, the Isolation Forest does much better because notice this is 0.71 down to 0.66, and this would be 0.66 down to 0.52. So, all of these curves basically are below all of these, so the Isolation Forest was much better. Then, here's a dataset shuttle, where the RPAD, the theoretically inspired algorithm is actually doing quite a bit better than Isolation Forest. This time, I did get the axes aligned. So I think qualitatively, well, the shapes of the curves aren't always the same, but yeah, there's sometimes some funny business going on with very small samples. This is particularly weird that we do very well with very small samples, and there's an interesting phenomenon going on here that we don't fully understand. But, when you have a training sample, and it includes some amount of contamination. A standard practice that's done in the Isolation Forest is to train on actually subsets of the data, not on the entire dataset, and the idea is that you're kind of thinning out. It's a robust stratification strategy. By training on smaller sub-samples, the absolute number of contaminating points is reduced. The fraction isn't reduced, but it seems that if you have a tight clustered points, you're reducing that local density of that cluster. And I think this helps the algorithms do a better job, but we don't have a good theoretical understanding of this. But empirically, even the original authors of the Isolation Forest algorithm say that you should train on a small subsets of the data rather than the entire dataset, and that this often helps. For those of us in machine learning it's like, "What, you're not using all your data?" But of course, we're building an ensemble. So across the whole ensemble, we're using all of our data. The smaller the subsets, the bigger the ensemble needs to be, because you also have to reduce the variance that you've introduced by choosing these random subsets. So this is a paradox that where this kind of thing, where the small samples are actually performing well. It's not observed all the time, but it's observed enough of the time that we think it's a real phenomenon and we're trying to find a nice theoretical understanding of it. Okay. So the conclusions from this is that we feel that this rare pattern anomaly detection theory captures a lot of the behavior of the Isolation Forest or of LODA, because these methods are solving a simpler problem than full density estimation or even estimating level sets of the density. So, I guess maybe I should pause and say, are there any questions about that? Yes. >> How does this algorithm compared on a high-dimensional data, very high-dimensional data? >> Well, I would guess on very high-dimensional data, you need to use a very large ensemble of trees. Let's see, what's the right way to talk about this? If your space of rare patterns is, in some sense, if you have a distribution of the data, you want to have these rare patterns kind of surrounding the data. Obviously, one intuition is in high-dimensional space, you're going to need a lot of those patterns surrounding the cloud of data. So, the number of patterns you might need to really tile the entire region might grow exponentially. So, our result says the sample size is polynomial in the number of patterns, but the number of patterns that you need might be exponential. So, that's a good question. >> Have you tried this on a bag-of-words? >> We have not tried this on a bag-of-words thing for example, yeah. Now, one might hope, so I'll do the standard machine learning thing and say, "Oh, but the data really lives in a low-dimensional manifold." So all we have to do, is identify that manifold then. Well, but we know that tree-type algorithms will in some sense follow that manifold. So, we would maybe we'll still do okay. I'm waving my hands. Yes. >> So, it seems like it still requires knowing the pattern space. But then, if you're dealing with anomaly detection, many successful intrusions happen exactly because there is some sort of behavioral pattern that you didn't take into account, and so the adversary was able to exploit it. So, is there a way to extend or fix this theory to maybe at least give you some indication that there's something in the data for which you don't maybe have a pattern, or you didn't miss the pattern that may be an anomaly? >> Well, if we think about what, for instance, the Isolation Forest does, it actually partitions the entire input space into patterns. So, there is always a pattern for every possible observation. Many of those patterns will be essentially empty. In fact, I skipped over a little detail of the Isolation Forest. But when you do a split at a node and you split the data, there is little empty spaces between the observed range of the data in the children and the observed range in the parent. They're actually, a query point can fall into that empty space in between the observed ranges. I'm being very inarticulate here about this. But if I have a set of data points along a line and I choose an arbitrary split, there's going to be some space between adjacent instances and that empty space effect for the algorithm allocates two additional patterns for that empty space. Because if a query point comes down, it's considered to be isolated if it falls into this space, it was inside the range of the parent and outside the range of the child. That turns out to be really important. If you don't do this right, then the performance of the algorithm suffers quite a lot. So, I guess my first point would be that if we use some of the data to build the tree structure, and if the tree structure is really following the structure of the data, then we will have tiled the space nicely. And every leaf node by construction is going to be rare because it will have at most one point in it. So we're going to have a lot of reasons that have essentially zero points or one in them, and we've also completely tiled the space. So, if there is an unusual behavior, it will fall into one of these empty spaces basically and will be detected. >> Then how do you tell between interesting anomalous behaviors and uninteresting anomalous behaviors? Because essentially, you won't be able to do that. >> Well, yeah, because we're only doing outlier detection here, and we have no knowledge that an outlier. We can't tell the difference between an outlier that's part of the natural variation of the distribution and an outlier that's due to some unusual behavior that's caused by something different like a fraudster or something, yeah. In fact, of course, a fraudster is going to try to mimic the nominal distribution, and so we might want to try to use some essential behavior, things that the fraudulent user is not able to manipulate to help us detect their behavior. But, all I'll say is that in the competitions inside this DARPA program, we were number one in several months using these kind of techniques. So, maybe that's a tribute to our future engineering skills or maybe the red team made it too easy, I don't know. But these methods were working pretty well. We're competing against an IBM team that actually has a product in this space, so I don't know. Anything else? Okay, well, let me move on now to assuming that we can find these anomalies, how can we explain them to the user? So, our basic idea is the following. We were really troubled by what constitutes a good explanation, and how could we measure that in a rigorous way without doing human subject studies. So, here is the thing that we came up with. We imagined that the goal of our anomaly detection system is to persuade the analyst that a candidate anomaly is a real anomaly. The idea is we're going to expose one feature at a time to the analyst, and in the worst case until we've presented all of the different features to the analyst. Then with an appropriate visualization tool, until we've either convinced the analyst that it really is an anomaly or the analyst says, no, it isn't. We sort of view the analyst, their job is really to decide whether to say launch an internal investigation like a fraud investigation, or not. So, this is the the kind of model here. So, we call this a sequential feature explanation. We had a paper at UAI two years ago on this. So in pictures, the vertical axis here is the experts or the analysts' assessment of the probability that the data point is a nominal, not an anomaly, given the features you've seen so far. So we'll say that notionally it starts out pretty close to one because say, one minus Epsilon, where Epsilon is the background probability of being an anomaly. In our sequential feature explanation is some permutation of the feature, say, feature number three, we think is the most important. So we start presenting these features to the expert. If we're being persuasive, the experts posterior belief that this is a normal point starts to drop, and hopefully goes to zero. What we do is choose some threshold, and we talk about our metric is something we call the minimum feature prefix, MFP, which in this case will be four. It took us the first four features in our ordering, we're required to drive the expert's assessment down below say point, whatever that is, 0.25. So, this is the MFP is our metric. Across the whole dataset of anomalies, we'll look at the average of that as being our performance metric. So far, anomaly detectors working well. Or if we have a good explanation algorithm, it should use short explanations. So this is sort of the minimum kind of thing we might have and obviously, it's only appropriate for problems where the features are meaningful. So, in this case, our technique, we relied on another one of our anomaly detectors, which is an ensemble of Gaussian mixture model, so the EGMM algorithm. We had originally developed this just as a control. So we apply PCA and then in the PCA space, we fit an ensemble of Gaussian mixture models, where we randomly vary the number of mixture components and the starting initialization, and we discard mixture components that didn't fit the data very well. And of the ones that survive, then we can get our anomaly scores are actually, again, the average surprise across those models. So it's the product of the density estimates I guess. So, then, we use a simple greedy algorithm. So, the score of a particular feature is how much the log likelihood drops when we marginalize out, or I've got this backwards there should probably a minus sign here. It's how much the surprise decreases when we compare the marginalized distribution to the original distribution, so right there. This will always have a higher probability density after we've marginalized that one feature, then the full distribution had. So, we do this, we score each feature and the one that led to the biggest change in the density, we say that's the feature of the biggest impact, and then we remove it from this set of candidate features and add it to our answer and just do that in a greedy fashion. Again, we used a bunch of our datasets. We only used seven of the UCI domains instead of 19 in this study. Instead of using real human analysts, we trained regularized random forests on the supervised version of the data, so they can see all the data. Then the question was, we would convince them if they saw all the first four features, is there a predicted probability that it belongs to the anomaly class, or to the nominal class as it dropped below some threshold. So, we compared against a random ordering of the features and against an Oracle that actually knows the labels of the data. What we saw was that we always did better than random, and sometimes we do almost as well as the Oracle. So, this is random ordering. This is the Oracle in blue, and this is our greedy algorithm. Sometimes, we don't do as well. I guess one thing that's kind of interesting is that for most of these Irvine type domains, on average, the Oracle only needs to show the analyst one or at most two features to give an explanation. So, that's convincing. So, that's kind of interesting. This gives us a kind of metric of how hard a dataset is. So, if we look at the KD1999 dataset, for instance, it's always the case that you need only one feature. Even our algorithm only needs to use one feature to explain an anomaly. Whereas if we look at our this Adam's insider threat database, you need about seven on average, so it's a much more challenging problem. Well, if we're going to be talking to an analyst and convincing them, we can also get feedback from an analyst. So, we wanted to also then look at, could we take the feedback from the analyst and feed it back into our anomaly detection process to re-rank the candidates that we have. So, we had a paper at ICDM a year and a half ago showing that this could be a potentially big win. So what we do is, we require one parameter which is a quantile, basically corresponds to how many cases can an analyst look at in a given, like in a day or a month, whatever the time period is that we're analyzing. So, the idea is that the analyst can look and say, Sixty cases in a month. We want to optimize the 60 cases we present." So we start by presenting to the analyst the highest scoring anomaly we have and then the analyst says, "Yes, that's the case I'm going to open an investigation, or no, it isn't." And then we feed back that. And what we've tried to do, is learn to reweight. In this case, we're working with the LODA anomaly detector, which remember, creates a bunch of random projections, one-dimensional random projections. So we learned to reweight those projections to try to rank all of the known anomalies above quantile tau, and all of the known nominals below quantile tau. To do this, we used a modification of a method from Stephen Boyd and famous colleagues called Accuracy at the Top that was published at NIPS several years ago now. So, we're re-ranking based on feedback from the expert, and we call this active anomaly detection. I guess the only interesting thing is that if the anomalies are fairly rare, then we will have a significant false alarm rate. So it could very well be that the first, three, or four, five, ten cases we showed to the analyst, none of them are actual fraud cases. What can we do? Well, one of the advantages of having this threshold tau is that even with no positive examples, we still learn to push down all of those non-anomalies below the threshold tau. So, this seems to help us learn even without any positives, but we had to make some minor modifications. So, we compared against a baseline where we do no learning, we just take our initial anomaly scores and present them in that order. We looked at randomly ordering them, and then this is our method. Then there are two other methods in the literature. One called AI2, which I don't think has ever been published except as a CSAIL Tech Report. So it's probably a class project or something, although it works quite well in some cases. Then there's something called SSAD, which was in a JAIR paper. Their method from Gornitz, et al. is called Marginalize and Cluster, I think. We thought we had an idea for improving it using our Accuracy at the Top method, but as you'll see it was not an improvement, but just for completeness. So, what we're going to plot in these plots, is along the horizontal axis is how many cases have we presented to the analyst, and the vertical axis is how many of them turned out to be true anomalies. Again, all this is done with a simulated analyst, and so on. So, we can see that our baseline method is this blue curve. So, if we have a budget of 60 cases we can look at, we find about, I don't know, 25 or 26 or something. Whereas if we can incorporate our feedback, we get 45. So, huge advantage from having the analyst in loop. However, this is the KD1999 dataset, which is extremely easy. So let's move onto some other ones. So this is a Abalone dataset. Here, early on, we get some benefit of our method over our baseline. No feedback is the blue curve, and ours is the red curve. Then this is SSAD method, which is doing just about as well as ours. But if we say, well, suppose we only had time to look at 20 cases, then we'd still be seeing more than a factor of two improvement. Eventually, obviously if you go out far enough on this, there will be no benefit. Because eventually, we'll have shown everything to the analyst. Here's another one for thyroid. In this case, again, compared to our baseline and we're doing pretty well. In this case, this AI2 method is doing almost as well as we are. But again, the benefit is potentially almost a factor of two in terms of the number of anomalies we can detect. In mammography, similar story. So in general, for all of these, we're seeing that incorporating the analyst feedback can be really powerful at least for this LODA algorithm. But now, let me speculate about why this might be overly optimistic. We have to remember that these datasets that we've constructed here are constructed from the supervised learning datasets. What's going on when we reweight these different projections, we're essentially reweighting the original features and putting more weight on some than on others. So, it could be that because our anomalies are coming from classes in the classification problem, they were presumably determined to be classes because they were believed to be separable using the features. It may be they were essentially in a sort of a sneaky way of learning a classifier and taking advantage of that. So, it's not clear in a real fraud detection case would we get this same factor of two improvements. However, we have a paper under review right now at KDD, where we're doing reweighting for Isolation Forest using a sort of online learning strategy. We have applied this to this advanced persistent threat cybersecurity case, which is not a supervised learning case, and we're still seeing a substantial, not a factor two, but a substantial benefit from integrating the feedback. Yes. >> Would it help to put the label to answer that question? >> Labeled? >> So you have your classes. >> Right. >> Would you put some label noise, it's going to start mixing the classes, they wouldn't be separable anymore. >> Oh, you mean when we constructed, that's interesting. That's interesting. We should maybe look at that. That would be a good test at least for this particularly. Yeah. I guess another thing is, we could create benchmarks where our nominal points come from say just one class and the anomalies are from the mixture of all the other classes. Or maybe we should use lots of each classes so that there's probably not a simple decision boundary that separates the nominals from the anomalies, because they'll be very multi-modal distributions on both sides. Yeah. >> So the feedback you have here is very example driven right on the analyst judging thing. It seems like you can also order it to be feature-driven, or going back to pattern terminology, patterns. So in fraud cases, people are often interested in patterns like a small gas station purchase followed by big purchase, is that pattern right? And instead, the anomalies are evidence that this pattern exists. Have you thought about trying to order in other ways where people might be able to give a more sample-efficient feedback over an entire feature as to whether or not I believe something anomalous is happening here? >> We have not. We did try to do some sort of model-based work back in the Insider threat dataset, where we had some theories of Insider threats and we designed features specifically to look for those threats, like someone copying a large number of files onto a thumb drive. But you have in mind maybe more of a knowledge discovery setting where the analyst looks at our anomalies. Or maybe can you do like as we've been discussing today, maybe some cluster analysis of these anomalies the way you guys are clustering mistakes and say, "Oh, I see sort of a pattern in this, and this looks completely bogus to me. This looks like just some side effect of some instrument. So, I don't want to see any more of these cases like this, for instance, or this looks interesting to me. So, everything that looks like this, let me label that whole cluster." Yeah. >> Okay. How you select the example that they set them in kind of set based criterion right. If you want to exclude a whole feature, if you just randomly select examples, chances are you won't exclude that feature. Whereas if you start selecting them in conjunction, you can do that. >> Yes. We did look at whether the sort of select the biggest anomaly is the right thing to do. And Weng-Keen, you may or may not know, but when he was a graduate student, he was working on rare category discovery and there you do have some diversity tricks. So we could think of this as also, could we elicit from the expert. Again, consistent with some of the things I've been hearing about here. Not only is that anomaly, but I'm going to call that a full anomaly because this corresponds to a kind of use-case I know. This is the check that the credit card is working before you use it pattern. No, we haven't thought about that, but it's a great idea obviously. Yes. >> Can you still reward diversity, because diversity will definitely change the efficacy of query versus anomaly. So, it seems like your quick trick that can completely change your metric, or is that not true? >> No, we would really have to also have something in our metric that rewards diversity. Well, as you say, if we could essentially present a group of proposed anomalies, and say we think these points are all anomalous for the same reason, are we right? And get feedback on the whole group at once, then that would be great. Then the next query, we would use obviously a different group. But we might have to balance them, I know in real situations. I remember years ago, I visited Bell Labs and Darrell [inaudible] was working on payphone fraud for, well, it wasn't even AT&T at the time, and they had some statistical model and they were looking for weird behavior. But they also ranked them by how valuable they were in terms of the financial impact of those frauds. So, that was it. Okay, well, I've got to move along because we're really behind. So, let's talk about these two applications. So the first one is, data cleaning and weather networks. So, I'm part of a group that's working on something called the Trans-African Hydro-Meteorological Observatory, and it's founded by two folks. One is a colleague of mine John Selker, who's a hydrologist and the other is a guy named Nick van de Giesen, who's at the Technical University of Delft, also a hydrologist. They were at some World Meteorological Organization meeting, at which this plot was put up showing where are the weather stations around the world that reliably report data to the World Meteorological Organization. Those purple blue dots are the ones that are the good weather stations. We can see that in most of Latin America and Africa, the weather infrastructure is just very poor. So, in the context of agriculture in Africa, most agriculture is rain-fed, there's not a lot of irrigation. They noted that when you have very poor sensing, then you can't buy crop insurance because the insurance companies don't know what risk they would take. They don't know how to price the insurance. So, that leaves the farmers to plant their plants very far apart, so that each plant under the worst case precipitation conditions will still get enough water to do well. There have been field trials showing that if you do offer crop insurance, then the farmers plant much more aggressively, plant their plants much closer together and get a much higher agricultural productivity as a result. So, this is one of these examples of if we could provide better data, this could lead to crop insurance industry, which could in turn lead to higher agricultural productivity. John Selker is not a modest man. He wants to have Africa leapfrog over the whole rest of the world and become the best sensed continents. Of course, the price of sensors is dropping rapidly, and we can now build weather stations that are very cheap. So, we're trying to deploy 20,000 such stations across Africa and then create various data products. I like to say, "Well, weather stations are really cool, but for some reason, people want to put them out in the weather and expose them to the rain and all kinds of problems, and then they break." So, this is a kind of Internet of Things project. I like to say, the Internet of Things is going to be the Internet or broken things. So, how can we automatically detect which stations have failed, which sensors have failed? So, we might approach this as a sort of medical diagnosis problem. If we could say, "Well, these sensors tend to get one in five different diseases, can we learn to recognize the symptoms?" But this is one of those cases where we feel like there seems to be an unbounded number of ways these weather systems can fail. So, where there are known symptoms, we can write rules for them or build probabilistic models, but we want to use anomaly detection to detect new kinds of failures. So, I think in the interest of time I won't go through all the technical stuff here. But I'll just say that we are combining anomaly detection scores in a dynamic Bayesian network, where we reason about the state of each sensors. Then we're doing a foreign map inference to try to say given the observations that we've made turned into anomalies scores, we try to not just flag the data with anomaly flags, but actually do some root cause analysis. And say the reason that you got these 2,000 alarms, is due to one particular thermometer failing for some time interval. So, I guess I should say, maybe the most interesting or weirdest move here is a typical problem you have when you try to do diagnosis on this, is you want to model the sensor readings as a function of the state of the sensors. But these sensor distributions can be very messy, and so we replace the actual distribution sensor readings by the anomaly score assigned to those sensor readings. This has a nice virtue of normalizing everything to be in zero and one, and having a more predictable distribution. At least that's our hypothesis, but we don't have definitive results to prove this. So, I'll say, we're currently working a lot on comparing sensor readings at multiple stations. So then the other problem which is more related to open world is Open Category Classification. So, given that I have training data for say K classes that I've collected and I trained a multi-class classifier for them, but then my test data may contain queries corresponding to new classes, how can I detect them? We call them alien queries, the queries that belong to new kinds of objects. So, our approach is, given our training data, we train both our multi-class classifier but also an anomaly detector. So, then when an input query comes in, we look at the anomaly score. And if it's greater than some threshold, then we reject that point and say, "We think this might belong to a new category, so we're not going to classify it." But otherwise, we feed through our classifier and make our prediction. So, this was for me was motivated by another ecological problem which was, for about a decade I was working with some folks at the EPA and on campus at freshwater stream health monitoring. So the EPA every year in the United States does randomized sampling of freshwater streams, and what they do is they use a kick-net, which is what these guys are doing here, to collect insect larvae that live on the substrate of the streams, and then they bring those specimens into the lab. Currently, they manually identify them to genus or species. But this is very time consuming and so we thought, "Well, we'll build a robotic device that can singulate the specimens as they say, and then photograph them, and then we'll use Computer Vision to tell them apart. We did this back in the mid 2000s when everything was Bag of SIFT and Support Vector Machines as the classification technology. But we got up into the low 90 percent correct, over ultimately 54 categories. So we were all excited about that and then we started to look at actually deploying it, and we realized although our collaborators had collected specimens and we had these beautiful training data for all the specimens, the test samples are going to contain other stuff. It turns out more than 29 species or more than 54 species out there, like it's estimated there's something like 1,200 species of freshwater macro invertebrates as they call them. So this led us to think about, how could we deal with this problem? Of course, more recently in Computer Vision, this has become a popular problem. So, there are several techniques that are out there but as far as we know, no one has looked at the question whether we can provide any kind of theoretical guarantees. So, we are looking at a set up now, where we have two training sets. One training set is of our clean training data. Our collaborators went out and collected all these training data for us. It's all nicely labeled, and we know there are no contaminating samples in these. But in addition, we're going to require that we have a unlabeled collection of samples that are representative of our test queries. So, here, we are making a well-defined anomaly distribution assumption that we can get a sample from the distribution of anomalies. In fact, even talk about what do we mean to have a pat guarantee on detecting say 99 percent of all the aliens, right there, I'm assuming that's a sensible statement that there is such a distribution. So, we're going to assume that this contaminated sample, which we'll call SM for mixture is a mixture where again, the proportion of the aliens is Alpha. So, this density is a mixture of one minus Alpha times the clean distribution, p_not times Alpha times this anomaly distribution. Now, what we want to find is, if let's suppose this is the CDF of the anomaly scores of the anomaly points. So, we're really interested in, say we wanted to detect 95 percent of the aliens or anomalies, then we want to know this quantile. The anomaly score, such that 95 percent of the probability mass is greater than that. So we'd like to estimate this tau at 0.05 or 0.01 or whatever we want. So we'll call this q, quantile 0.05. So, we note that if this is a mixture distribution since we're in one-dimensional world, it's true that for the cumulative distribution functions also, that the CDF of the anomaly scores for the mixture distribution is a convex combination of the nominal distribution in the anomaly distribution. So if you do a little algebra, you can say, GD, anomaly CDF can be calculated. We can estimate this from data. We can estimate this from data. If someone will just tell us Alpha or give us maybe a reasonable upper bound on Alpha, then we can use that to estimate this CDF. So, the picture looks something like this. This might be the CDF of the clean data, the black one is the mixture data, and maybe this is our anomaly CDF. So, we're going to set our threshold somewhere around in here maybe. We'll get all the anomalies, but we will have some number of false alarms too. So, of course, this all depends on how good the anomaly detector is, and how well they can distinguish the aliens from the known classes. So, when we look in practice, this is empirical CDF of the of the clean data, this is the empirical CDF of the mixture data, and of course, we're kind of subtracting them. So, unfortunately, this thing can go negative. This is the estimated CDF of the anomalies. So, it's pretty sad. But if we have a larger sample, it starts to look reasonable. But it still can cross this threshold a few times, and so we look at the largest value of the anomaly score that crosses this 0.05 line and we set our threshold there. That's what this pseudocode says. Then we're able to get a guarantee that if the number of samples in these two datasets is equal to n, then the required sample size is something like this. We have one over Epsilon squared term, we have something that's sort of a one over Alpha squared term, and then we have this, which is a funny thing that comes from the fact that we're estimating two different cumulative distribution functions and there are some concentration results for CDFs. So, then with probability one minus Delta, the alien detection rate will be at least one minus q plus Epsilon. So once again, we need some elbow room in the form of some Epsilon. Anyway, so that's what we can do. Then experimentally, I didn't put the results here, but we have a paper under review for ICML where we also show experimental results for this. Of course, it's a loose bound but it is a bound, and it does work in practice. We see that for some reasonable things, so we have some results on some image datasets and some benchmark datasets. We get false alarm rates using Isolation Forest as our anomaly detector. False alarm rates somewhere in the 10 to 20 percent range for reasonable sample sizes. So we're very happy with this, very pleased with it. So, to finish then. Outlier detection, I talked about the different unsupervised and mixed. Our benchmarking suggests that this Isolation Forest algorithm is quite nice. Surprisingly, that these percentile methods or quantile methods are not doing so well. I should say in passing, obviously these things don't work at all well by themselves for image data, we've kind of discussed this already, any kind of signal data or time series data. So, I think the next steps here, I'm very intrigued by things like GANs, and autoencoders, and other kind of manifold learning and density estimation techniques that are coming out of the deep learning literature, and so that's the next thing I want to try. There's some very nice papers at the last couple of NIPS about this, because I think that might give us much better anomaly detectors than we can get using these simple IAD feature based methods. Then we talked about the RPAD theory, which accounts for their behavior I think reasonably well. Then we talked about presenting the most important features, a simple ordered feature explanation incorporating expert feedback using this Accuracy at the Top strategy. Finally, guarantees for Open Category Detection. I apologize for running long, and thank my funders, and open it up for questions. >> Thanks a lot. >> Thank you very much. Yeah. >> So, at the beginning of the talk, you mentioned that there was a fundamental assumption about the nominal distribution and the anomaly distribution? >> Well, the assumption I wanted to call out is, is it safe in my application to assume that the anomalies come from a well-defined distribution. >> I'm curious, can you sketch how to weaken such an assumption to allow the fraudster also in the loop not just the analyst in the loop, but an arms race between the anomaly detector and the people who are trying to gain the thing. >> Well, so, I don't know how to do that in a theoretical framework. It seems to me that we end up having to think about it more like a game or minimaxing kind of adversarial learning setup instead, and try to get some guarantees that way, so that would be quite different from this. Of course, there is some interesting work in adversarial learning for supervised learning. Of course, everybody in deep nets right now is trying to do with adversarial examples in deep learning. Obviously, some of the strategies that are being explored like using GANs and trying to map queries onto the data manifold to strip out these adversarial attacks, many are very closely related to the same ideas of could we detect the adversarial queries as being outliers that fall outside of our data distribution. So, I think anomaly detection will again be part of the answer but this theory for open category will not be part of the answer there. We need some other more adversarial approach. >> And then just a clarification. Was the DARPA Atoms thing run as an arms race between red and blue team or was it? >> Yeah, so there was a red team that was actually based on people from CERT, the computer security guys. They have this whole White paper on different kinds of Insider threats in organizations that they've collected both from DOD and from industry. My favorite one is what they called the Insider Startup, that a sub-team decides, the company doesn't appreciate us, we're going to take the source tree with us and go form a startup. But there were other things, like someone who's passed over for promotion, survivor guilt, all these, and so they have this whole set of things, a lot of them very psychological. Then they hired a script writer to write scripts about what kinds of emails and text messages will these people be exchanging in addition to their desktop data, then they acted out all of this under this desktop and monitoring software, and then overlaid it on the behavior of real employees in the company. I had access to this in a very controlled setting, and we had to see if we could find those red team inserts. But unfortunately, we don't really know how hard they were and of course, we don't have access to the data anymore. It would have been interesting to, once we have the ground truth labels to go and see well. So how could we train a supervised learner, like go to the nearest neighbor classifier and figure this out quickly, we don't know. >> In the weather station example, I'm curious. Mostly, the anomaly detection algorithm you talked about seemed to be optimizing for low false alarm rates and high gadgets. But in some of the systems depending on how you're reacting to the anomaly, you might be able to tolerate lots of false alarms depending on what's important and how you're recovering from a problem. I was curious, in the weather station, what happens when you detect an anomaly? >> Well, so, in all existing weather networks that I'm aware of, they have a lot of flags and then they rely on some human eyeballs to look at them all. So for instance, Oklahoma Mesonet is the best weather network in the United States. They have a big budget, and they have four full-time meteorologists for 130 stations. So scaling that up to 20,000 stations in Africa, needed heck of a lot of. I just don't think that strategy scales to the Internet of Things so that's why I think we need to bring much more intelligence to bear. Also, most of the existing weather networks, they use basically hand-coded expert systems for writing these problem detection rules and so they are completely ad hoc. So, I think in some sense, low-hanging fruit for us because by bringing probabilistic inference on top of the alarming, we should be able to greatly. We still have lots of alarms, but we can say these 1000 alarms are really just due to one failure, and create a trouble ticket for it. Well, we're well on the way to building a system where the weather network manager, who everyday logs in and he gets a report of what are the new failures we found in the last 24 hours. Then he can very easily create trouble tickets and assign those to the field engineers, who then will be scheduled to go out and do the repairs. In our dreams, that would be integrated with an inventory system and on and on. But that's how they're set up. >> But you have to give a lot more knowledge than usually about how sensors failure essentially air models and must be not so much control you're aware off, where experts have very rich models about house, they would just use like this like doing weird things, but they filter in certain ways. [inaudible] >> A mature system, presumably, ultimately we find these recurring anomalies. So, then they bring them into the lab and say, "Okay, what's going on here?" Then, we've already had this happen. We didn't discover with our code, but there was a manufacturing defect or design defect in the station, and so all the generation two stations are having to be replaced with. But over time, you will accumulate a library of failure models and with very specialized detectors for those. But we want this anomaly infrastructure as a fallback because there's always something new. We haven't had any of our stations attacked by an elephant yet but I'm sure it'll happen. Oklahoma, they have unbelievable stories about cows getting into the thing. What is the symptom of a weather station where some ants have decided to lay eggs all over the circuit board? It's hard to have a disease model for that. >> I was just wondering about the online case of anomaly detection. You seem to assume here in the problem statement that the nominal distribution is stable over time. >> Absolutely, yes. >> What happens if the nominal distribution starts drifting over time because since the weighted identification changes, or whatever other issues? >> So, somehow we're going to have to track that distribution. Yeah, we haven't confronted that case here. Although in the weather data case, it's not stationary but it is very predictable in an annual cycle, on a daily cycle, there are lots of periodic components that you can sort of the traditional time-series techniques, model and pull them out of the signal. Then in your dream, you have now uncorrelated white noise and then it looks. >> [inaudible]. >> Maybe it's a part of the answer, but actually we've spent a whole year trying to do good feature engineering and decided this isn't working for us. Because it's just too much work to do all that modeling. When you make modeling errors, uses artifacts, and then we start making mistakes because of those. So, we're looking now at basically, looking at nearby weather stations that should be experiencing the same disturbances, the same annual daily cycles, and then comparing them. How well can we predict one using the other or what's their joint distribution, and using that to do the anomaly detection stuff. So, yeah. >> So you retrain the models, or there's some drift between predictions? >> Yes. Actually, we need to retrain the models really sort of a sliding window thing because again, the nature of correlations changes. In wintertime, for instance, precipitation is our most important variable, our most problematic sensor, and it has the smallest spatial scale in terms of spatial smoothness. In the wintertime, if we think about the Pacific Northwest, it's very smooth, very large storm. It affects the whole Pacific Northwest. So, if it's raining in one place, it's should be raining at another station and we can use that correlation. But in the summer time or in the late spring when we get these showers, stations becoming extremely uncorrelated, so then we need to have in a sense switch models to use a model that corresponds to a showery day with lots of little cells. Really, I think we need to be tracking that because it really is happening day-by-day weather. Like the first day of a rain event, it might have this large scale and then by the third day, it's into these little uncorrelated things. So, I think we actually need to attract that kind of larger spatial phenomenon. Speaking of larger spatial phenomenon, another thing is if you have a spatially clustered set of anomaly of alarms all ringing at once. It's probably a real weather event and an unusual weather event, not any of the stations broken, and that's knowledge it's not anywhere in our system, but the meteorologists definitely know this. Of course, there are other data sources like satellites, and radar, and things that we can use as additional sources of data for this, so. >> Okay. With that, we probably should thank. Thanks very much. >> Thank you.