Anomaly detection practice quiz


there’s a question in the anomaly detection practice quiz that asks whether we should use supervised learning or anomaly detection to monitor machines in a data center. We have a lot of data points on normal and abnormal behavior.

I’m not going to reveal the answer, I’m just going to say that I feel like we can go either way. It could be argued there is enough data to learn to detect all variants of already seen anomalies but it could also be argued (and this is from the lectures) that we should stick with anomaly detection because there will be new anomaly variants in the near future due to new security issues.


Agree that both are possible and one may be better than the other in some cases.

I probably would go for “anomaly detection” when 99% of my data are normal cases, or when I expect my anomalous samples are not representative enough.


P.S. Usually we should have more normal cases than anomalous, otherwise the system would be back in maintainence state rather than in working state and under monitoring.

1 Like