Anomaly detection
In anomaly detection problems, technical issues (e.g., which unsupervised learning algorithm is best?) tend to get a lot of attention. We think the business and implementation questions are just as important, and actually need to be addressed first:
1. What are your end goals?
- Anomaly detection is generally a means to an end, like ensuring appropriate actions are taken to prevent catastrophic systems failure, address the source of defective materials or components, and follow up on potentially-concerning medical conditions.
2. How do you want your anomaly detection system(s) to be used (i.e., by whom and where)?
- What events do your goals suggest you need to detect, and what actions would need to be taken once they are detected? Are the individuals charged with taking those actions equipped and empowered to do so?
HORIZON brings a wealth of experience to its clients facing challenges related to anomaly detection. We've advised clients in the engineering, IoT, health, and other spaces on a range of anomaly detection system design and implementation issues. We can help your organization structure the problem you're facing in this area, as well as design, implement and - critically - evaluate, your systems.
Below are a few key questions that we've helped our clients think through:
- Given the kinds of events or outcomes you're interested in avoiding/mitigating/leveraging, what's the right balance between the sensitivity (the proportion of true anomalies that your system will capture) and specificity (the proportion of events captured by your system that will turn out to be true anomalies) of your system? The answer is likely to vary across outcomes even within the same application.
- What are the different kinds of anomalies you're interested in capturing? Do you have historical data that can serve as a guide, helping you identify and categorize drivers (potential anomalies of interest) of your various outcomes of interest?
- In what units or groupings of analysis are you interested? Anomaly detection systems can be targeted at individual units or on groups of units comprising a system (e.g., to prevent systems failure).
- Can you establish any benchmarks for "normal"/"expected" behavior among your units or groups? Even in situations where you lack critical information about the data generating processes and context, benchmarking can provide a useful and transparent means for detecting and describing anomalies.
- What ROI can you expect for one approach to anomaly detection vs. another, given your application?
If some of these questions sound relevant to your application, please contact us to discuss your needs and how HORIZON may be able to help.