I need to detect anomalies in transaction and I have a concept problem.
In fact my anomalies concern not a transaction but a group/cluster of transactions.
This transactions are:
- of a low amount
- and very close to each other in the time (between 1 sec and 1 minute of interval).
(A transaction with a low amount is not a problem in itself)
I need to detect them and to give for each transaction an anomalie probability. Bigger is the time interval and the amount, lower is the anomalie probability.
One big problem in this case is that the interval between the transaction is not fixed. I said between 1 sec and 1 min
but sometimes you can get transactions with an interval of 1 min and 1 sec or of 2 min.
To detect them, I have thought to:
- an anomalie detection model by third (such as customers of suppliers)
- a cluster model to detect and group the transactions
I don't have implemented the first solution (an anomalie detection model) because I understood that you have to create one case table and one model by third. And as I have a lot of third, it's not easy to implement.
I have try the second solution (cluster detection) but:
- the algorithm treat the date time (a number in my case table) as a value and not as a scale time.
- the number of (group|cluster) is limited of must be given in the algorithm setting.
Then my questions:
- Is data mining a tool that can help in this kind of detection
- If yes, what is the right approach.
I don't ask for a lot of detail in the implementation of the solution but much more to get the right direction in order to detect this kind of transaction behaviours.