Yu Sun,Gangfeng Yan,Xiasheng Shi

DOI: https://doi.org/10.1088/1757-899x/631/4/042046

2019-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Abstract Traditional methods for detecting data anomalies of power equipment fail to fully mine the data characteristics. And it has shortcomings such as complex calculation, poor flexibility and low accuracy. To solve the problem of abnormal fault detection of electric equipment, the abnormal detection algorithm based on statistical analysis and machine learning is used in the paper. The reconstruction method based on Long Short Term Memory (LSTM) time sequence is proposed for time series data abnormal detection. Experiments show that the new method is effective in detecting and correcting abnormal data, which reduces the detection time and improves the accuracy of state estimation results. There are huge differences within the positive samples in anomaly detection, so several methods are studied in the paper. One-class SVM algorithm is often used in novelty detection and isolation forest algorithm is used in outlier detection. Machine learning methods which is based on statistical analysis will play an increasingly important role in the fields of equipment monitoring and predictive maintenance, safety of electric equipment.

Guansong Pang,Chunhua Shen,Longbing Cao,Anton van den Hengel

DOI: https://doi.org/10.48550/arXiv.2007.02500

IF: 5.414

2020-07-06

Machine Learning

Abstract:Anomaly detection, a.k.a. outlier detection or novelty detection, has been a lasting yet active research area in various research communities for several decades. There are still some unique problem complexities and challenges that require advanced approaches. In recent years, deep learning enabled anomaly detection, i.e., deep anomaly detection, has emerged as a critical direction. This paper surveys the research of deep anomaly detection with a comprehensive taxonomy, covering advancements in three high-level categories and 11 fine-grained categories of the methods. We review their key intuitions, objective functions, underlying assumptions, advantages and disadvantages, and discuss how they address the aforementioned challenges. We further discuss a set of possible future opportunities and new perspectives on addressing the challenges.

Amrik Singh -,Sukhpreet Singh -,Mohammad Nazmul Alam -,Gurpreet Singh -

DOI: https://doi.org/10.36948/ijfmr.2024.v06i04.24601

2024-07-14

International Journal For Multidisciplinary Research

Abstract:The proliferation of Internet of Things (IoT) devices has revolutionized various sectors by enabling real-time data collection and processing, leading to unprecedented levels of efficiency and convenience. However, this increased connectivity and data flow also introduce significant security risks, particularly in the realm of anomaly detection. This study delves into the use of deep learning techniques for identifying abnormalities in IoT systems, providing a thorough analysis of state-of-the-art methods, assessing their effectiveness across different IoT scenarios, and exploring future research directions. We review current deep learning-based anomaly detection techniques, examine their applications in real-world settings, and discuss potential improvements and innovations. By synthesizing the latest research and developments, this paper aims to offer a comprehensive understanding of how deep learning can bolster the security and performance of IoT systems. Our findings highlight the importance of robust anomaly detection mechanisms in safeguarding IoT networks and underscore the need for continued advancements in this area. Through this study, we seek to contribute valuable insights into the application of deep learning for enhancing IoT system security and reliability, ultimately supporting the sustainable growth and integration of IoT technologies across various domains.

Sanjay Chawla,Raghavendra Chalapathy

2019-01-10

Abstract:Anomaly detection is an important problem that has been well-studied within diverse research areas and application domains. The aim of this survey is two-fold, firstly we present a structured and comprehensive overview of research methods in deep learning-based anomaly detection. Furthermore, we review the adoption of these methods for anomaly across various application domains and assess their effectiveness. We have grouped state-of-the-art research techniques into different categories based on the underlying assumptions and approach adopted. Within each category we outline the basic anomaly detection technique, along with its variants and present key assumptions, to differentiate between normal and anomalous behavior. For each category, we present we also present the advantages and limitations and discuss the computational complexity of the techniques in real application domains. Finally, we outline open issues in research and challenges faced while adopting these techniques.

Mathematics,Computer Science,Geology

Armin Danesh Pazho,Ghazal Alinezhad Noghre,Arnab A Purkayastha,Jagannadh Vempati,Otto Martin,Hamed Tabkhi

2023-06-02

Abstract:Anomaly detection is a crucial task in complex distributed systems. A thorough understanding of the requirements and challenges of anomaly detection is pivotal to the security of such systems, especially for real-world deployment. While there are many works and application domains that deal with this problem, few have attempted to provide an in-depth look at such systems. In this survey, we explore the potentials of graph-based algorithms to identify anomalies in distributed systems. These systems can be heterogeneous or homogeneous, which can result in distinct requirements. One of our objectives is to provide an in-depth look at graph-based approaches to conceptually analyze their capability to handle real-world challenges such as heterogeneity and dynamic structure. This study gives an overview of the State-of-the-Art (SotA) research articles in the field and compare and contrast their characteristics. To facilitate a more comprehensive understanding, we present three systems with varying abstractions as use cases. We examine the specific challenges involved in anomaly detection within such systems. Subsequently, we elucidate the efficacy of graphs in such systems and explicate their advantages. We then delve into the SotA methods and highlight their strength and weaknesses, pointing out the areas for possible improvements and future works.

Machine Learning

Nadun Wijesinghe,Hadi Hemmati

2023-10-31

Abstract:Most enterprise applications use logging as a mechanism to diagnose anomalies, which could help with reducing system downtime. Anomaly detection using software execution logs has been explored in several prior studies, using both classical and deep neural network-based machine learning models. In recent years, the research has largely focused in using variations of sequence-based deep neural networks (e.g., Long-Short Term Memory and Transformer-based models) for log-based anomaly detection on open-source data. However, they have not been applied in industrial datasets, as often. In addition, the studied open-source datasets are typically very large in size with logging statements that do not change much over time, which may not be the case with a dataset from an industrial service that is relatively new. In this paper, we evaluate several state-of-the-art anomaly detection models on an industrial dataset from our research partner, which is much smaller and loosely structured than most large scale open-source benchmark datasets. Results show that while all models are capable of detecting anomalies, certain models are better suited for less-structured datasets. We also see that model effectiveness changes when a common data leak associated with a random train-test split in some prior work is removed. A qualitative study of the defects' characteristics identified by the developers on the industrial dataset further shows strengths and weaknesses of the models in detecting different types of anomalies. Finally, we explore the effect of limited training data by gradually increasing the training set size, to evaluate if the model effectiveness does depend on the training set size.

Machine Learning,Software Engineering

Guansong Pang,Longbing Cao,Charu Aggarwal

DOI: https://doi.org/10.1145/3437963.3441659

2021-03-08

Abstract:In this tutorial we aim to present a comprehensive survey of the advances in deep learning techniques specifically designed for anomaly detection (deep anomaly detection for short). Deep learning has gained tremendous success in transforming many data mining and machine learning tasks, but popular deep learning techniques are inapplicable to anomaly detection due to some unique characteristics of anomalies, e.g., rarity, heterogeneity, boundless nature, and prohibitively high cost of collecting large-scale anomaly data. Through this tutorial, audiences would gain a systematic overview of this area, learn the key intuitions, objective functions, underlying assumptions, advantages and disadvantages of different categories of state-of-the-art deep anomaly detection methods, and recognize its broad real-world applicability in diverse domains. We also discuss what challenges the current deep anomaly detection methods can address and envision this area from multiple different perspectives. Any audience who may be interested in deep learning, anomaly/outlier/novelty detection, out-of-distribution detection, representation learning with limited labeled data, and self-supervised representation learning would find it very helpful in attending this tutorial. Researchers and practitioners in finance, cybersecurity, healthcare would also find the tutorial helpful in practice.

Alireza Vafaei Sadr,Bruce A. Bassett,Emmanuel Sekyi

DOI: https://doi.org/10.48550/arXiv.2210.16334

2022-10-29

Abstract:Anomaly detection algorithms are typically applied to static, unchanging, data features hand-crafted by the user. But how does a user systematically craft good features for anomalies that have never been seen? Here we couple deep learning with active learning -- in which an Oracle iteratively labels small amounts of data selected algorithmically over a series of rounds -- to automatically and dynamically improve the data features for efficient outlier detection. This approach, AHUNT, shows excellent performance on MNIST, CIFAR10, and Galaxy-DESI data, significantly outperforming both standard anomaly detection and active learning algorithms with static feature spaces. Beyond improved performance, AHUNT also allows the number of anomaly classes to grow organically in response to Oracle's evaluations. Extensive ablation studies explore the impact of Oracle question selection strategy and loss function on performance. We illustrate how the dynamic anomaly class taxonomy represents another step towards fully personalized rankings of different anomaly classes that reflect a user's interests, allowing the algorithm to learn to ignore statistically significant but uninteresting outliers (e.g., noise). This should prove useful in the era of massive astronomical datasets serving diverse sets of users who can only review a tiny subset of the incoming data.

Machine Learning,Instrumentation and Methods for Astrophysics,Artificial Intelligence,High Energy Physics - Experiment,Data Analysis, Statistics and Probability

Feng Xia,Leman Akoglu,Charu Aggarwal,Huan Liu

DOI: https://doi.org/10.1109/mis.2023.3255590

IF: 6.744

2023-05-02

IEEE Intelligent Systems

Abstract:Deep anomaly analytics is a rapidly evolving field that leverages the power of deep learning to identify anomalies in various datasets. The use of deep anomaly analytics has increased significantly in recent years due to the growing need to detect anomalies in complex data that traditional methods struggle to handle. Deep anomaly analytics has the potential to transform various industries, including, e.g., healthcare, finance, and cybersecurity, by providing valuable insights and helping to diagnose diseases, prevent fraud, and detect cyber threats. However, there are also many challenges associated with deep anomaly analytics. This editorial provides an overview of the field of deep anomaly analytics, and highlights a few key challenges facing this field, i.e., time series anomaly detection, graph anomaly detection, efficiency (of models), and solving real-world problems. Additionally, it serves as an introduction to this special issue that delves further into these topics.

computer science, artificial intelligence,engineering, electrical & electronic

Shubhomoy Das,Md Rakibul Islam,Nitthilan Kannappan Jayakodi,Janardhan Rao Doppa

2024-05-14

Abstract:In many real-world AD applications including computer security and fraud prevention, the anomaly detector must be configurable by the human analyst to minimize the effort on false positives. One important way to configure the detector is by providing true labels (nominal or anomaly) for a few instances. Recent work on active anomaly discovery has shown that greedily querying the top-scoring instance and tuning the weights of ensemble detectors based on label feedback allows us to quickly discover true anomalies.

Machine Learning

Thorben Finke,Marie Hein,Gregor Kasieczka,Michael Krämer,Alexander Mück,Parada Prangchaikul,Tobias Quadfasel,David Shih,Manuel Sommerhalder

2023-09-23

Abstract:Weakly supervised methods have emerged as a powerful tool for model-agnostic anomaly detection at the Large Hadron Collider (LHC). While these methods have shown remarkable performance on specific signatures such as di-jet resonances, their application in a more model-agnostic manner requires dealing with a larger number of potentially noisy input features. In this paper, we show that using boosted decision trees as classifiers in weakly supervised anomaly detection gives superior performance compared to deep neural networks. Boosted decision trees are well known for their effectiveness in tabular data analysis. Our results show that they not only offer significantly faster training and evaluation times, but they are also robust to a large number of noisy input features. By using advanced gradient boosted decision trees in combination with ensembling techniques and an extended set of features, we significantly improve the performance of weakly supervised methods for anomaly detection at the LHC. This advance is a crucial step towards a more model-agnostic search for new physics.

High Energy Physics - Phenomenology,High Energy Physics - Experiment,Data Analysis, Statistics and Probability

Shubhomoy Das,Weng-Keen Wong,Alan Fern,Thomas G. Dietterich,Md Amran Siddiqui

DOI: https://doi.org/10.48550/arXiv.1708.09441

2017-08-31

Abstract:Anomaly detectors are often used to produce a ranked list of statistical anomalies, which are examined by human analysts in order to extract the actual anomalies of interest. Unfortunately, in realworld applications, this process can be exceedingly difficult for the analyst since a large fraction of high-ranking anomalies are false positives and not interesting from the application perspective. In this paper, we aim to make the analyst's job easier by allowing for analyst feedback during the investigation process. Ideally, the feedback influences the ranking of the anomaly detector in a way that reduces the number of false positives that must be examined before discovering the anomalies of interest. In particular, we introduce a novel technique for incorporating simple binary feedback into tree-based anomaly detectors. We focus on the Isolation Forest algorithm as a representative tree-based anomaly detector, and show that we can significantly improve its performance by incorporating feedback, when compared with the baseline algorithm that does not incorporate feedback. Our technique is simple and scales well as the size of the data increases, which makes it suitable for interactive discovery of anomalies in large datasets.

Machine Learning,Artificial Intelligence

Saikiran Bulusu,B. Kailkhura,Bo Li,P. Varshney,D. Song

2020-03-16

Abstract:Deep Learning (DL) is vulnerable to out-of-distribution and adversarial examples resulting in incorrect outputs. To make DL more robust, several posthoc anomaly detection techniques to detect (and discard) these anomalous samples have been proposed in the recent past. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection for DL based applications. We provide a taxonomy for existing techniques based on their underlying assumptions and adopted approaches. We discuss various techniques in each of the categories and provide the relative strengths and weaknesses of the approaches. Our goal in this survey is to provide an easier yet better understanding of the techniques belonging to different categories in which research has been done on this topic. Finally, we highlight the unsolved research challenges while applying anomaly detection techniques in DL systems and present some high-impact future research directions.

Mathematics

Mykola Tsiutsiura,Andriy Kovalenko

DOI: https://doi.org/10.32347/2412-9933.2024.58.80-85

2024-06-28

Management of Development of Complex Systems

Abstract:This article discusses how anomaly detection is an important problem in various areas of software products in the modern world, anomaly detection can be useful in cybersecurity, the Internet of Things, and financial transaction analysis. Above all, anomalies can signal the need to take some action to avoid negative consequences. In addition, the importance of anomaly detection for business intelligence and risk management is explored. Much attention is paid to the study of different types of anomalies, including point, contextual and collective, with examples in different contexts. The importance of using intelligent machine learning algorithms to detect anomalies in large amounts of data and quickly process information with warnings to staff is emphasized. Anomaly detection using machine learning is an urgent problem in the modern world when dealing with large amounts of data and ever-growing threats in the field of cybersecurity, financial fraud, medical diagnostics, industrial safety and other industries. With the proliferation of the Internet of Things (IoT) and the large amount of data it generates, detecting unusual, anomalous, or suspicious events is becoming increasingly challenging for traditional data processing methods. Machine learning automates the anomaly detection process by using algorithms to analyze and classify data. This improves the efficiency and speed of anomaly detection, reduces the cost of manual analysis, and facilitates a more accurate and rapid response to potential threats or issues. With the in-depth development of machine learning technologies such as neural networks, deep learning algorithms, and the constant growth of machine learning models, anomaly detection capabilities are becoming more accurate and diverse. This makes it possible to detect anomalies in real time and ensure a reliable level of security in various fields of activity, which is extremely important in today's digital world. There are three situations in which the algorithm can be applied: supervised learning, semi-supervised learning, and unsupervised learning. The classification is based on algorithmic access, including probabilistic methods, distance and density methods, clustering methods, activity-based methods, and reconstruction and spectral methods. To choose the best approach to anomaly detection, it is important to consider various factors. The article provides illustrative examples of anomaly detection algorithms based on real data.

James Zhang,Ilija Vukotic,Robert Gardner

DOI: https://doi.org/10.48550/arXiv.1801.10094

2018-01-31

Abstract:Anomaly detection is the practice of identifying items or events that do not conform to an expected behavior or do not correlate with other items in a dataset. It has previously been applied to areas such as intrusion detection, system health monitoring, and fraud detection in credit card transactions. In this paper, we describe a new method for detecting anomalous behavior over network performance data, gathered by perfSONAR, using two machine learning algorithms: Boosted Decision Trees (BDT) and Simple Feedforward Neural Network. The effectiveness of each algorithm was evaluated and compared. Both have shown sufficient performance and sensitivity.

Networking and Internet Architecture,Machine Learning

Saikiran Bulusu,Bhavya Kailkhura,Bo Li,Pramod K. Varshney,Dawn Song

DOI: https://doi.org/10.48550/arXiv.2003.06979

2021-02-20

Abstract:Deep Learning (DL) is vulnerable to out-of-distribution and adversarial examples resulting in incorrect outputs. To make DL more robust, several posthoc (or runtime) anomaly detection techniques to detect (and discard) these anomalous samples have been proposed in the recent past. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection for DL based applications. We provide a taxonomy for existing techniques based on their underlying assumptions and adopted approaches. We discuss various techniques in each of the categories and provide the relative strengths and weaknesses of the approaches. Our goal in this survey is to provide an easier yet better understanding of the techniques belonging to different categories in which research has been done on this topic. Finally, we highlight the unsolved research challenges while applying anomaly detection techniques in DL systems and present some high-impact future research directions.

Machine Learning,Cryptography and Security,Computer Vision and Pattern Recognition

Michaela Mašková,Matěj Zorek,Tomáš Pevný,Václav Šmídl

DOI: https://doi.org/10.1016/j.patcog.2024.110381

IF: 8

2024-03-03

Pattern Recognition

Abstract:Detecting anomalous samples in set data is a problem attracting increased interest due to novel modalities, such as point-cloud data produced by lidars. Novel methods including those based on deep neural networks are often tuned for a single purpose prohibiting intuition of how relevant they are for another purpose or application domains. The aim of this survey is to: (i) review elementary concepts of anomaly detection of set data, (ii) identify the building blocks of deep anomaly detectors, and (iii) analyze the impact of these blocks on performance. The impact is studied in a large experimental comparison on a variety of benchmark datasets. The results reveal that the main factor determining the performance is the type of anomalies in the dataset. While deep methods embedding the whole set to a single fixed vector perform well on point cloud data, the methods embedding each feature vector independently are better for datasets from multi-instance learning. Moreover, sophisticated methods utilizing transformer blocks are frequently inferior to simple models with properly optimized hyperparameters. An independent factor in performance is the cardinality of sets, the proper treatment of which remains an open problem, as the existing analytical solution was found to be inaccurate.

computer science, artificial intelligence,engineering, electrical & electronic

Haolong Xiang,Xuyun Zhang,Mark Dras,Amin Beheshti,Wanchun Dou,Xiaolong Xu

DOI: https://doi.org/10.1109/icdm58522.2023.00077

2023-01-01

Abstract:Anomaly detection is one of the crucial research topics in artificial intelligence, encompassing various fields such as health monitoring, network intrusion detection, and fraud detection in financial transactions. Deep anomaly detection (DAD) methods are considered as the effective approaches for addressing complex anomaly detection problems. Among them, the deep isolation forest methods have gained rapid development recently due to their simplicity in parameter turning and efficiency in model training. The existing deep isolation forest approaches are all based on representation learning, while OptiForest theoretically proves the crucial role of the tree structure in isolation forest based methods. In this paper, we analyse the search space of isolation trees under specific data instances and address the challenges in finding optimal isolation forest. Based on the theoretical underpinning and genetic algorithm, we design a deep model DOIForest with two mutation schemes and solution selection, which learns the optimal isolation forest and optimises the parameters in data partitioning. Extensive experiments on both synthetic dataset and a series of real-world datasets demonstrate that our approach can achieve better detection accuracy and robustness than the state-of-the-arts.

Indrajit Mukherjee,Nilesh Kumar Sahu,Sudip Kumar Sahana

DOI: https://doi.org/10.1007/s10776-021-00542-7

2022-01-05

International Journal of Wireless Information Networks

Abstract:Today we are living in an era where everything is changing to be smart, whether it be a smart home, smart industries, smart irrigation, or a smart meter, where the word smart refers to the involvement of the Internet of Things (IoT). The increased use of IoT infrastructure in these fields has led to the failure of the nodes, increase in threats, attacks, abnormalities, and spying, which is the primary concern and an important domain of an IoT. The main objective of this paper is to use a supervised learning model to predict anomalies in the historical data which can later be incorporated into real-world scenarios to block the upcoming anomalies and attacks. This paper predicts the anomalies on the 350 K data set using the Machine Learning models and compares its performance based on the state of arts. In this paper, two different approaches are used based on the analysis done on the dataset. The classification algorithms were applied to the whole dataset in the first, and then the same classification algorithms were applied after excluding the data points having binary values (0 and 1) in the feature "value" and have achieved an average of 99.4% accuracy for the first case and 99.99% accuracy for the later.

Chaoli Zhang,Yingying Zhang,Lanshu Peng,Qingsong Wen,Yiyuan Yang,Chong-Jiong Fan,Minqi Jiang,Lunting Fan,Liang Sun

DOI: https://doi.org/10.1145/3627673.3679128

2024-01-01

Abstract:Time series anomaly detection is of significant importance in many real-world applications, including finance, healthcare, network security, industrial equipment, complex computing systems, and space probes. Most of these applications involve multi-sensor systems, thus how to perform multivariate time series anomaly detection (MTSAD) has garnered widespread attention. This broad attention has fueled extensive research endeavors aimed to innovate and develop methods and techniques to improve the efficiency and precision of anomaly detection on multivariate time series data, including both classic machine learning methods and deep learning methods. However, evaluating the performance of these methods remains challenging due to the limited availability of public benchmark datasets for MTSAD, which are often criticized for various reasons. Additionally, there is no consensus on the best metrics for time series anomaly detection, further complicating MTSAD research. In this paper, we advance the benchmarking of time series anomaly detection by addressing datasets, evaluation metrics, and algorithm comparison. To the best of our knowledge, we have generated the largest real-world datasets for MTSAD using the Hologres AIOps system in the Alibaba Cloud platform. We review and compare popular evaluation metrics including recently proposed ones. To evaluate classic machine learning and recent deep learning methods fairly, we have conducted extensive comparisons of these methods on various datasets. We believe that our benchmarks and datasets will promote reproducible results and accelerate the progress of MTSAD research.