* difficulties on detecting anomalies on streams * Robust Random Cut or Isolation? * how do they do it on AWS Kinesis * combining small ideas from papers into our RRCF implementation

1. Detecting concept drifts on
data streams using
Robust Random Cut Forest

2. RRCF is an unsupervised algorithm
for detecting anomalous data points
within a stream of data.

3. Agenda
• Why do we need streaming outlier detection?
• Difficulties on detecting anomalies in data streams
• Chronology of RRCF
• Isolation Forest
• RRCF
• Implementation Details

4. Best outlier detection
algorithm?
???

5. Iforest SVM LOF EGM

9. Chronology recap
• 2008 – Isolation Forest published
• 2013 – Survey on outlier detection
• 2016 – RRCF published in JMLR
• 2016 – RRCF available on Amazon Kinesis
• 2018 – RCCF available on Hydroserving

10. Isolation Forest

11. Isolation Tree
• Contains all points
• Every leaf contains one distinct point
• Each node separates bounding box of it’s points in two halves

12. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated

13. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated

14. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated

15. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated
Y = 5.45

16. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated
Y ≤ 5.45

17. Isolation
Forest
1. Create bounding box around
given set of points in which
you would like to make a cut
2. Pick random dimension
3. Calculate random coordinate
in this dimension
4. Divide given set of points
according to calculated cut
5. Repeat 1-4 on this two sets
until every point is isolated
Y ≤ 5.45
X=8.0
Y=8.
0
X ≤ 3.22 Y ≤ 7.61
v v v

18. Streaming
Algorithms
Issues
1. Data is transient
2. Timestamps are needed
3. Stream size is infinite
4. Arrival rate is important
5. Concept drift
6. Uncertainty
Survey on Outlier Detection in Data Stream ‘16. By Thakkar, Vala, Prajapati

19. RRCF

20. RRCF - Tree

22. Displacement
ba c
Point displacement
is average number
of points moved in
the tree after this
point deletion.

23. Collusive
Displacement

24. CoDisplacement
cba
Point collusive
displacement is average
of maximal
displacement which can
be achieved by deleting
this point and it’s
neighbors divided by
number of points
deletedmax
𝑥∈𝐶
1
𝐶
𝐷𝑖𝑠𝑝(𝐶)

25. Reservoir sampling

26. Shingles

27. Issues after paper analysis
1. What is time decay reservoir and how it is implemented?
2. How to initialize forest?
3. How to implement scoring and insertion efficiently?

28. dimension
coordinate
bounding box
# of children
point
bounding box
# of children
Tree & Node structure

29. dba c
Incremental Insertion