Hidden Markov models for anomaly detection and fault diagnosis

Date of Completion

January 2007


Statistics|Engineering, Electronics and Electrical|Computer Science




In this thesis, we utilize hidden Markov model-based algorithms to address the problem of anomaly detection and dynamic multiple fault diagnosis. In the first part of the thesis, we address the problem of detecting an anomaly (e.g., intrusions, fraud and unusual business activities) with minimum delay and fewest false alarms. In our application, an anomaly is a sequence of very few transactions of interest embedded in a large number of noise (benign) transactions. We propose a sequential detection-based approach to detect HMMs, which are used to model anomalies (asymmetric threats). A transaction-based probabilistic model is developed to combine hidden Markov models and feature-aided tracking. A detailed performance analysis of the proposed anomaly detection algorithm is performed along with a comparison with the maximum likelihood-based data mining method. ^ In the second part of the thesis, we develop near-optimal algorithms for dynamic multiple fault diagnosis (DMFD) problems in the presence of imperfect test outcomes. The dynamic diagnostic inference problem is to determine the most likely evolution of component states, the one that best explains the observed test outcomes. Here, we discuss four formulations of the DMFD problem. These include the deterministic situation corresponding to a perfectly-observed coupled Markov decision processes, to several partially-observed factorial hidden Markov models ranging from the case where the imperfect test outcomes are functions of tests only to the case where the test outcomes are functions of faults and tests, as well as the case where the false alarms are associated with the nominal (fault-free) case only. All these formulations are intractable NP-hard combinatorial optimization problems. We solve each of the DMFD problems by combining Lagrangian relaxation and the Viterbi decoding algorithm in an iterative way. Computational results on real world problems are presented. A detailed performance analysis of the proposed algorithm is also discussed. ^