Algorithms

OneClassSVM

The OneClassSVM algorithm uses the scikit-learn OneClassSVM to fit a model from a set of features or fields for detecting anomalies and outliers, where features are expected to contain numerical values. OneClassSVM is an unsupervised out…

The OneClassSVM algorithm uses the scikit-learn OneClassSVM to fit a model from a set of features or fields for detecting anomalies and outliers, where features are expected to contain numerical values. OneClassSVM is an unsupervised outlier detection method.

For further information, see the sci-kit learn documentation: http://scikit-learn.org/stable/modules/svm.html#kernel-functions

Parameters

  • The kernel parameter specifies the kernel type for using in the algorithm, where the default value is kernel is rbf.

    • Kernel types include: linear, rbf, poly, and sigmoid.

  • You can specify the upper bound on the fraction of training error as well as the lower bound of the fraction of support vectors using the nu parameter, where the default value is 0.5.

  • The degree parameter is ignored by all kernels except the polynomial kernel, where the default value is 3.

  • gamma is the kernel co-efficient that specifies how much influence a single data instance has, where the default value is 1/ number of features.

  • The independent term of coef0 in the kernel function is only significant if you have polynomial or sigmoid function.

  • The term tol is the tolerance for stopping criteria.

  • The shrinking parameter determines whether to use the shrinking heuristic.

Syntax

fit OneClassSVM <fields> [into <model name>]
[kernel=<str>] [nu=<float>] [coef0=<float>]
[gamma=<float>] [tol=<float>] [degree=<int>] [shrinking=<true|false>]
  • You can save OneClassSVM models using the into keyword.
  • You can apply the saved model later to new data with the apply command.

Syntax constraints

  • After running the fit or apply command, a new field named isNormal is generated. This field defines whether a particular record (row) is normal (isNormal=1) or anomalous (isNormal=-1).
  • You cannot inspect the model learned by OneClassSVM with the summary command.

Example

The following example uses OneClassSVM on a test set.

... | fit OneClassSVM * kernel="poly" nu=0.5 coef0=0.5 gamma=0.5 tol=1 degree=3 shrinking=f into
TESTMODEL_OneClassSVM

Local availability

  • Local class: OneClassSVM
  • Source file: Splunk_ML_Toolkit/bin/algos/OneClassSVM.py (in-repo path Splunk_ML_Toolkit/bin/algos/OneClassSVM.py)
  • algos.conf stanza: [OneClassSVM]
  • Class bases: ClustererMixin, BaseAlgo

Source

Adapted from the Splunk AI Toolkit 5.6.4 documentation at /en/splunk-cloud-platform/apply-machine-learning/use-ai-toolkit/5.6.4/algorithms-and-scoring-metrics-in-the-ai-toolkit/algorithms-in-the-ai-toolkit (section: anomaly).

Press Cmd/Ctrl+K to focus search. Esc to close.

Type to search the portal.