Learning States and Rules for Time Series Anomaly Detection

In this paper we investigate machine learning techniques for discovering knowledge that can be used to monitor the operation of devices or systems. Specifically, we study methods for generating models that can detect anomalies in time series data. The normal operation of a device can usually be characterized in different temporal states. To identify these states, we introduce a clustering algorithm called Gecko that can automatically determine a reasonable number of clusters using our proposed "L" method. We then use the RIPPER classification algorithm to describe these states in logical rules. Finally, transitional logic between the states is added to create a finite state automaton. Our empirical results, on data obtained from the NASA shuttle program, indicate that the Gecko algorithm is comparable to a human expert in identifying states and our overall system can track normal behavior and detect anomalies.