School of Computing and Information Systems (CIS) The University of Melbourne COMP90073
Security Analytics
Tutorial exercises: Week 7
1. Give example of 2 applications that it is better to use adaptive window over sliding window in data stream anomaly detection. Justify your answer.
Copyright By PowCoder代写 加微信 powcoder
2. We used the following example to explain the step by step iLOF’s measurements update. We included point 11 in reachdist update (Figure 1) but not in lrd update (Figure 2). Explain why, given k=2.
Figure 1: reachdist update
Figure 2: lrd update
3. In iLOF deleting a point pi from the existing dataset always increases the k-
distances of Rk-NN of pi. Justify the reason
4. InwhatcaseperformanceofMiLOFresemblestoiLOF?
5. InthelecturewesawhowwecanderiveSVDD’sdualformulationfromits primal formulation. Now given OCSVM’s primal formulation as below, derive
its dual formulation.
min ‖𝑤𝑤‖2+ �𝜉𝜉−𝜌𝜌
𝑤𝑤,𝜉𝜉𝑖𝑖,𝜌𝜌 2 𝜈𝜈𝜈𝜈 𝑖𝑖=1 𝑖𝑖
𝑖𝑖 s.t. 𝑖𝑖
�𝑤𝑤 ⋅ 𝜙𝜙(𝑥𝑥 )� ≥ 𝜌𝜌 − 𝜉𝜉 , ∀ 𝑖𝑖 = 1, … , 𝜈𝜈
𝜉𝜉𝑖𝑖 ≥ 0, ∀ 𝑖𝑖 = 1, … , 𝜈𝜈
6. UseOneClassSVMinSplunktoperformunsupervisedoutlierdetection. Some useful information regarding the parameters: https://scikit- learn.org/stable/modules/generated/sklearn.svm.OneClassSVM.html
7. YoumayuseLIBSVM(https://www.csie.ntu.edu.tw/~cjlin/libsvm/)forthe following exercises. The web page provides the necessary information for parameter tuning.
Download the KDDCUP data set from the UCI Machine Learning Repository https://archive.ics.uci.edu/ml/datasets/kdd+cup+1999+data
a. UseSVDDandOCSVMtoidentifytheattacks.
b. Howmanydatapointsarecommonamongtheidentifiedanomalies
using different methods?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com