5.11 Anomaly Detection

This topic describes information about the Anomaly Detection.

Anomaly detection in machine learning focuses on identifying patterns in data that deviate from expected behavior. These “anomalies” or “outliers” can signal critical events such as fraud, system failures, security breaches, or data quality issues.

  1. From Home screen, click Machine Learning. Under Machine Learning, click Anomaly Detection.
    The Anomaly Model Build screen is displayed.

    Figure 5-22 Anomaly Model Build


    Description of Figure 5-22 follows
    Description of "Figure 5-22 Anomaly Model Build "

  2. Specify the sensitivity field on Anomaly Model Build screen.

    Note:

    The fields marked as Required are mandatory.
    For more information on fields, refer to the field description table.

    Table 5-23 Anomaly Model Build - Field Description

    Field Description
    Use case name Select an existing use case defined in model definition for Anomaly Detection.

    This field is mandatory.

    Sensitivity Specify a numeric value to define the sensitivity level for anomaly detection (the default is 0.01)

    This field is mandatory.

  3. Click Build to triggers the model building process based on the selected use case and sensitivity.

Model Output

This section displays the results after the model is built.

Note:

The fields marked as Required are mandatory. For more information on fields, refer to the field description table.

Table 5-24 Anomaly Model Build - Field Description

Field Description
Calculated Sensitivity Displays the final sensitivity level computed after model training.
Solver Displays the optimization method used during the model-building process.
Converge Indicates whether the training process met its stopping criteria and reached a stable solution (example: Yes/No).

Anomaly Query

This section helps you apply the model subject to a probability threshold value, which is determined by business based on risk sensitivity, to highlight unusual records and save selected results as cases for investigation.

  1. Under Anomaly Detection, click Anomaly Query.
    The Anomaly Query screen is displayed.

    Figure 5-23 Anomaly Query


    Description of Figure 5-23 follows
    Description of "Figure 5-23 Anomaly Query"

  2. Specify the fields on Anomaly Query screen.

    Note:

    The fields marked as Required are mandatory.
    For more information on fields, refer to the field description table.

    Table 5-25 Anomaly Query - Field Description

    Field Description
    Use case name Select the trained anomaly detection use case you want to apply.

    This field is mandatory.

    Probability Enter a value between 0.01 and 1 that defines what probability threshold the model should consider as anomaly. Records with probability at or above this value are flagged as anomalies.

    This field is mandatory.

    Threshold Select how many results to show and what they represent.
    The available options are:
    • Anomalies: Returns the top N records that meet or exceed the Probability Threshold (that is only flagged anomalies).
    • Records: Returns the top N records ranked by probability, regardless of the threshold.

    This field is mandatory.

    Display Top N Specify the Top N rows option from drop-down list.
    The available options are:
    • Anomalies
    • Records

    This field is mandatory.

    Top N Provide how many rows to display.

    If fewer qualifying rows exist, the list will be shorter. Must be a positive whole number. This field is mandatory if Display Top N type is Records.

  3. Click Query button to run the model with the selected use case, threshold, and display settings.
    Populates the results table.

    Note:

    The fields marked as Required are mandatory.
    For more information on fields, refer to the field description table.

    Table 5-26 Anomaly Query - Field Description

    Field Description
    Unique Identifier Displays the primary key for each scored record.
    Probability Threshold The model’s estimated likelihood that the record is anomalous. Higher values indicate stronger anomaly signals.
  4. Click the Save to save all identified anomalies along with the current query settings for future investigation.

    Note:

    If Anomalies is selected but the threshold is set too high, fewer than N results may be displayed.

    If Records is selected, the probability for each item is shown; only items at or above the threshold are considered anomalies.

Investigative Dashboard

This dashboard helps you review, assign, investigate, and close out anomalies that were saved as cases from the Anomaly Query step.

  1. Under Anomaly Detection, click Investigative Dashboard.
    The Investigative Dashboard screen is displayed.

    Figure 5-24 Investigative Dashboard


    Description of Figure 5-24 follows
    Description of "Figure 5-24 Investigative Dashboard"

  2. Select the Use Case to load its cases and metrics.
  3. Review the Case Distribution to view counts across Suspected, Assigned, Under your Investigation, Pending Approval, and Completed.
  4. Open Suspected Cases, select the anomaly records, and click Assign to route them to the appropriate owner.
  5. The assignee reviews the case under Under your Investigation, records findings, and sets the outcome as Confirmed or Normal.
  6. 15. After setting the outcome, click Submit for Approval for approval.

    Figure 5-26 Investigative Dashboard


    Description of Figure 5-26 follows
    Description of "Figure 5-26 Investigative Dashboard"

  7. The case moves to Pending Approval.
    On approval, the case is closed and appears under Completed; if rejected, it returns to Under Investigation for further action.

Parent topic: Machine Learning Framework