2

I need to decide between SVM (One-Class Support Vector Machine) and PCA (PCA-Based Anomaly Detection) as anomaly detection methods. Azure ML is used and provides SVM and PCA as methods - hence the choice of 2 possible methods.

Does anyone have suggestions or a defined process for method selection? (Similar to cheat sheets you get for selecting a regression method).

The use case is to detect anomalies in high frequency network traffic data (from firewalls, routers & switches)?

Snympi
  • 252
  • 3
  • 16

1 Answers1

4

Without putting in the time to look through Azure's documentation, my guess is that their PCA method is really just a way to do a feature reduction, then use some algorithm they have to classify. Best thing to do is try both methods and then CV and compare performances. https://gallery.azure.ai/Experiment/1219e87f8fb84e88a2e1b54256808bb3

Snympi
  • 252
  • 3
  • 16
Hobbes
  • 1,469
  • 9
  • 15