Hi, I have a question for you experts, i've been using RM a little while now and find it very useful. Im trying to create an anomaly detection process for my final thesis. Based on what I already know in order for an anomaly system to work you need a data source - (KD99 dataset) a preprocessing stage - (process documents from data with embedded tokenization and transform cases to create TF-IDF word vectors) then a normal profile learning phase (so rule building etc. but not sure what operators would work on this dataset) then finally something to detect the anomalies.
Ive already installed the anomaly detection extensions which as I understand houses a variety of algorithms in it already but am not really sure how to implement its operator i just keep getting errors and its really frustrating.
For metrics I want to see the rate of false positives and the number of attacks actually detected. The data is labelled normal or attack but i also have just normal unlabelled data as well - every time i use this however it always asks me to put a special attribute in.
Any help would be greatly appreciated.
Is this post a copy of this one: http://community.rapidminer.com/t5/RapidMiner-Studio-Forum/Anomaly-detection-experiment/m-p/37669 ? I would suggest you stick to one thread if you can.