Meng Bi,Jian Xu,Mo Wang,Fucai Zhou

DOI: https://doi.org/10.1007/s12652-015-0341-4

IF: 3.662

2016-01-21

Journal of Ambient Intelligence and Humanized Computing

Abstract:A new anomaly detection model which is based on principal component analysis (PCA) is proposed in this paper. Our schema proposes a method to extract the user’s behavior and analyzes the features selected as representative of the user’s access. The PCA method is introduced to the anomaly detection model which adopts its improvements to make it more consistent with anomaly detection system design to describe the user’s behavior more completely and to improve the efficiency and stability of the algorithm. This paper also uses our scheme to the anomaly detection of the database system. Finally, the data sets from the internet are used to test the feasibility of this model. The experimental results show that our model can detect normal and abnormal user behavior precisely and effectively.

computer science, information systems,telecommunications, artificial intelligence

Zhi Ma,Chung-Bang Yun,Hua-Ping Wan,Yanbin Shen,Feng Yu,Yaozhi Luo

DOI: https://doi.org/10.1002/stc.2698

2021-01-01

Abstract:Structures are subjected to various kinds of structural deterioration and damage with use over long periods of service life. For the safety assurance of structures, it is very important to have a long-term monitoring system and continuous assessments of structural integrity using the measured data. The objective of this paper is to develop an anomaly detection algorithm for a long-term structural health monitoring (SHM) system based on probabilistic principal component analysis (PPCA). Static stress data were measured and used in this monitoring system. A baseline PPCA model is built under various environmental loading conditions. Then, newly monitored data are projected onto the principal vectors. Anomaly indices and their probability distributions are evaluated to determine the presence of structural damage indicated by outliers. This method is also capable of dealing with incomplete data and recovering the missing data. First, numerical simulation studies of a revolving auditorium are carried out to validate the proposed PPCA-based method. Then, real monitoring data collected from the SHM system are used to detect the presence and locations of anomalies in the revolving auditorium.

Yu Sun,Gangfeng Yan,Xiasheng Shi

DOI: https://doi.org/10.1088/1757-899x/631/4/042046

2019-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Abstract Traditional methods for detecting data anomalies of power equipment fail to fully mine the data characteristics. And it has shortcomings such as complex calculation, poor flexibility and low accuracy. To solve the problem of abnormal fault detection of electric equipment, the abnormal detection algorithm based on statistical analysis and machine learning is used in the paper. The reconstruction method based on Long Short Term Memory (LSTM) time sequence is proposed for time series data abnormal detection. Experiments show that the new method is effective in detecting and correcting abnormal data, which reduces the detection time and improves the accuracy of state estimation results. There are huge differences within the positive samples in anomaly detection, so several methods are studied in the paper. One-class SVM algorithm is often used in novelty detection and isolation forest algorithm is used in outlier detection. Machine learning methods which is based on statistical analysis will play an increasingly important role in the fields of equipment monitoring and predictive maintenance, safety of electric equipment.

Jingxuan Pang,Xiaokun Pu,Chunguang Li

DOI: https://doi.org/10.1109/tii.2022.3145834

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Anomaly detection plays an important role in industry, especially in ensuring system safety and product quality. Due to the unavailability of anomalous data in many practical cases, anomaly detection is usually solved by one-class classification (OCC) methods using only normal data. As a classical OCC method, one-class support vector machine (OCSVM) is a popular discriminative approach for anomaly detection, which detects abnormal data points by establishing a decision boundary in the kernel space. However, the performance of OCSVM heavily relies on kernel parameters, whose selection is not trivial for anomaly detection problems. Moreover, for some uneven and complex data distributions, different data regions may have quite different densities and shapes, making it difficult for OCSVM to obtain good boundaries in all regions using a global kernel parameter. To address the above two issues, in this article, we propose a hybrid algorithm incorporating vector quantization and OCSVM (VQ-OCSVM). Specifically, vector quantization is used to extract distribution information of normal data, and the results are used to construct an explicit mapping function to map data into a high-dimensional feature space. Then, OCSVM is performed in the feature space to build a classifier. By introducing the explicit mapping into OCSVM, the proposed method can effectively bypass the kernel parameter selection problem of the classical OCSVM method. Furthermore, the constructed mapping carries the data distribution information, and the VQ-OCSVM model can be regarded as an integration of generative learning and discriminative learning. The complementary properties of these two paradigms make the proposed VQ-OCSVM algorithm have better generalization capacity for complex data distribution. Both qualitative and quantitative experimental results demonstrate the effectiveness and advantages of the proposed method.

Li Zhanchun,Li Zhitang,Li Yao

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.07.007

2006-01-01

Abstract:This article presents an anomaly detection method based on correlation eigen matrix and neural network.The method first creates a profile defining a normal user's behavior,and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or not.In order to avoid overfitting and reduce the computational burden,user behavior principal features are extracted by the(PCA) method.The neural network is used to distinguish valid user or intruder after training procedure has been completed by unsupervised learning and supervised learning.In the experiments for performance evaluation the system achieves a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%,which is consistent with the best results reports in the literature for the same data set and testing paradigm.

Hong-Wei Sun,Kwok-Yan Lam,Siu-Leung Chung,Ming Gu,Jia-Guang Sun

DOI: https://doi.org/10.1007/11534310_86

2005-01-01

Abstract:This paper proposes a new algorithm that improves the efficiency of the anomaly detection stage of a vector-based intrusion detection scheme. In general, intrusion detection schemes are based on the hypothesis that normal system/user behaviors are consistent and can be characterized by some behavior profiles such that deviations from the profiles are considered abnormal. In complicated computing environments, users may exhibit complicated usage patterns that the user profiles have to be established using sophisticated classification methods such as vector quantization (VQ) technique. However, anomaly detection based on the data set in a high dimension space is inefficient. In this paper we focus on the design of an algorithm that uses principal component analysis (PCA) to improve the anomaly detection efficiency. The main contribution of this research is to demonstrate how the efficiency of the anomaly detection can be raised while the effectiveness of the detection in terms of low false alarm rate and high detection rate can be maintained.

ZHAO Ri,LIU Liye,LI Junli

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.22.045

2017-01-01

Abstract:A principal component analysis(PCA)and Mahalanobis distance(MD)based anomaly gamma spectra detection method is developed to improve the reliability of radiation scanning of goods and human bodies. This method first extracts all the principal components(PCs)of large numbers of benign gamma spectra by PCA and selects several largest PCs to form a subspace. The algorithm then projects the benign, unknown gamma spectra to this subspace, calculates their MDs, and completes the anomaly detection by comparing these MDs. Monte Carlo simulations and actual tests show that the method is reliable and effective when the subspace has more than 99％of the original information.

Zhanchun Li,Zhitang Li,Yao Li,Bin Liu

DOI: https://doi.org/10.1007/11596981_46

2005-01-01

Abstract:This article presents a masquerade detection system based on principal component analysis (PCA) and radial basics function (RBF) neural network. The system first creates a profile defining a normal user’s behavior, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or masquerader. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the PCA method. RBF neural network is used to distinguish valid user or masquerader after training procedure has been completed by unsupervised learning and supervised learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%, which is consistent with the best results reports in the literature for the same data set and testing paradigm.

Feiyi Chen,Yingying zhang,Zhen Qin,Lunting Fan,Renhe Jiang,Yuxuan Liang,Qingsong Wen,Shuiguang Deng

DOI: https://doi.org/10.1109/icde60146.2024.00047

2024-01-01

Abstract:Anomaly detection significantly enhances the robustness of cloud systems.While neural network-based methods have recently demonstrated strongadvantages, they encounter practical challenges in cloud environments: thecontradiction between the impracticality of maintaining a unique model for eachservice and the limited ability to deal with diverse normal patterns by aunified model, as well as issues with handling heavy traffic in real time andshort-term anomaly detection sensitivity. Thus, we propose MACE, a multi-normal-pattern accommodated and efficientanomaly detection method in the frequency domain for time series anomalydetection. There are three novel characteristics of it: (i) a patternextraction mechanism excelling at handling diverse normal patterns with aunified model, which enables the model to identify anomalies by examining thecorrelation between the data sample and its service normal pattern, instead ofsolely focusing on the data sample itself; (ii) a dualistic convolutionmechanism that amplifies short-term anomalies in the time domain and hindersthe reconstruction of anomalies in the frequency domain, which enlarges thereconstruction error disparity between anomaly and normality and facilitatesanomaly detection; (iii) leveraging the sparsity and parallelism of frequencydomain to enhance model efficiency. We theoretically and experimentally provethat using a strategically selected subset of Fourier bases can not only reducecomputational overhead but is also profitable to distinguish anomalies,compared to using the complete spectrum. Moreover, extensive experimentsdemonstrate MACE's effectiveness in handling diverse normal patterns with aunified model and it achieves state-of-the-art performance with highefficiency.

Hq Wang,Zh Song,P Li

DOI: https://doi.org/10.1021/ie0007567

2002-01-01

Industrial & Engineering Chemistry Research

Abstract:Principal component analysis (PCA) is an effective approach to process monitoring, and substantial works in this field have been reported. However, the fault detection behavior and performance of PCA are still equivocal and frequently lead to incorrect understanding of the detection results. This issue is addressed in this paper from two directions simultaneously. First, the expectation formulas of T-2 and squared prediction error statistics are presented and their relations to the statistical parameters of process data are discussed. Based on these relationships, the process disturbances and faults can be differentiated, which makes further fault diagnosis more reliable. Second, detectability conditions of different faults both in the principal subspace and in residual subspace are given. A new conception of critical fault magnitude was introduced to provide a definite description about the fault detection performance of PCA. The acquired results were illustrated and verified by monitoring a simulated double-effective evaporator process.

Li Zhanchun,Li Zhitang,Liu Bin

DOI: https://doi.org/10.1109/ICCIAS.2006.294211

2007-01-01

Abstract:This article presents a masquerade detection system based on Correlation Eigen Matrix and support vector machine (SVM). The system first creates a profile defining a normal user's behavior by Correlation Eigen Matrix, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or masquerader. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the PCA method. SVM is used to distinguish valid user or Masquerader for user behavior after training procedure has been completed by learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 82.6% and a false detection rate equal to 3.0%, which is consistent with the best results reports in the literature for the same data set and testing paradigm. © 2006 IEEE.

Qiaojun Wen,Zhihuan Song,Aimin Miao

2011-01-01

Abstract:To monitor dynamical process, a novel method based on principal component analysis is proposed. The method builds a linear dynamic system in the principal component space. Monitoring statistics are constructed in both residual space of principal component analysis (PCA) and linear dynamic system of principal component space. The proposed algorithm is implemented in monitoring a numerical dynamic process. Compared with other methods, the method shows its advantage in both false alarm rate and fault detection rate.

Xuedan Miao,Ying Liu,Haiquan Zhao,Chunguang Li

DOI: https://doi.org/10.1109/tcyb.2018.2804940

IF: 11.8

2019-01-01

IEEE Transactions on Cybernetics

Abstract:Anomaly detection has attracted much attention in recent years since it plays a crucial role in many domains. Various anomaly detection approaches have been proposed, among which one-class support vector machine (OCSVM) is a popular one. In practice, data used for anomaly detection can be distributively collected via wireless sensor networks. Besides, as the data usually arrive at the nodes sequentially, online detection method that can process streaming data is preferred. In this paper, we formulate a distributed online OCSVM for anomaly detection over networks and get a decentralized cost function. To get the decentralized implementation without transmitting the original data, we use a random approximate function to replace the kernel function. Furthermore, to find an appropriate approximate dimension, we add a sparse constraint into the decentralized cost function to get another one. Then we minimize these two cost functions by stochastic gradient descent and derive two distributed algorithms. Some theoretical analysis and experiments are performed to show the effectiveness of the proposed algorithms. Experimental results on both synthetic and real datasets reveal that both of the proposed algorithms achieve low mis-detection rates and high true positive rates. Compared with other state-of-the-art anomaly detection methods, the proposed distributed algorithms not only show good anomaly detection performance, but also require relatively short running time and low CPU memory consumption.

Romain Valla,Pavlo Mozharovskyi,Florence d'Alché-Buc

2023-12-27

Abstract:At the crossway of machine learning and data analysis, anomaly detection aims at identifying observations that exhibit abnormal behaviour. Be it measurement errors, disease development, severe weather, production quality default(s) (items) or failed equipment, financial frauds or crisis events, their on-time identification and isolation constitute an important task in almost any area of industry and science. While a substantial body of literature is devoted to detection of anomalies, little attention is payed to their explanation. This is the case mostly due to intrinsically non-supervised nature of the task and non-robustness of the exploratory methods like principal component analysis (PCA). We introduce a new statistical tool dedicated for exploratory analysis of abnormal observations using data depth as a score. Anomaly component analysis (shortly ACA) is a method that searches a low-dimensional data representation that best visualises and explains anomalies. This low-dimensional representation not only allows to distinguish groups of anomalies better than the methods of the state of the art, but as well provides a -- linear in variables and thus easily interpretable -- explanation for anomalies. In a comparative simulation and real-data study, ACA also proves advantageous for anomaly analysis with respect to methods present in the literature.

Methodology,Machine Learning

Mohammed Amin Almaiah,Omar Almomani,Adeeb Alsaaidah,Shaha Al-Otaibi,Nabeel Bani-Hani,Ahmad K. Al Hwaitat,Ali Al-Zahrani,Abdalwali Lutfi,Ali Bani Awad,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/electronics11213571

IF: 2.9

2022-11-02

Electronics

Abstract:The growing number of security threats has prompted the use of a variety of security techniques. The most common security tools for identifying and tracking intruders across diverse network domains are intrusion detection systems. Machine Learning classifiers have begun to be used in the detection of threats, thus increasing the intrusion detection systems' performance. In this paper, the investigation model for an intrusion detection systems model based on the Principal Component Analysis feature selection technique and a different Support Vector Machine kernels classifier is present. The impact of various kernel functions used in Support Vector Machines, namely linear, polynomial, Gaussian radial basis function, and Sigmoid, is investigated. The performance of the investigation model is measured in terms of detection accuracy, True Positive, True Negative, Precision, Sensitivity, and F-measure to choose an appropriate kernel function for the Support Vector Machine. The investigation model was examined and evaluated using the KDD Cup'99 and UNSW-NB15 datasets. The obtained results prove that the Gaussian radial basis function kernel is superior to the linear, polynomial, and sigmoid kernels in both used datasets. Obtained accuracy, Sensitivity, and, F-measure of the Gaussian radial basis function kernel for KDD CUP'99 were 99.11%, 98.97%, and 99.03%. for UNSW-NB15 datasets were 93.94%, 93.23%, and 94.44%.

engineering, electrical & electronic,computer science, information systems,physics, applied

ZHAO Chunhui,HU Chunmei,SHI Hong

DOI: https://doi.org/10.3969/j.issn.1006-7043.2011.01.020

2011-01-01

Abstract:Regarding the great difficulties created by the high dimensions and large volumes of a hyperspectral image,a new anomaly detection algorithm based on selective section principal component analysis(SSPCA) was introduced.First of all,the algorithm divided the spectral image of high dimensions into subset of low dimensions according to the correlation between spectral bands.Next,it performed PCA on every subset and selected one component with maximum singularity in every subset for KRX based on local average singularity(LAS).Numerical experiments were conducted on real hyperspectral images collected by AVIRIS.The result proves that the proposed algorithm outperformed the other algorithms and obtained a better effect of detection and a lower false alarm rate.

Chang Liu,Guijin Wang,Wenxin Ning,Xinggang Lin,Liang Li,Zhou Liu

DOI: https://doi.org/10.1109/ICIP.2010.5651958

2010-01-01

ICIP

Abstract:A novel approach for detecting anomaly in visual surveillance system is proposed in this paper. It is composed of three parts:(a) a dense motion field and motion statistics method, (b) one-class SVM for one-class classification, (c) motion directional PCA for feature dimensionality reduction. Experiments demonstrate the effectiveness of proposed algorithm in detecting abnormal events in surveillance video, while keeping a low false alarm rate. Moreover, it works well in complicated situation where the common tracking or detection module won't work.

Bin Zhang,Jia-Hai Yang,Jian-Ping Wu,Ying-Wu Zhu

DOI: https://doi.org/10.1007/s11390-012-1225-0

2012-01-01

Abstract:Network traffic anomalies are unusual changes in a network, so diagnosing anomalies is important for network management. Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing packet header features. PCA-subspace method (Principal Component Analysis) has been verified as an efficient feature-based way in network-wide anomaly detection. Despite the powerful ability of PCA-subspace method for network-wide traffic detection, it cannot be effectively used for detection on a single link. In this paper, different from most works focusing on detection on flow-level traffic, based on observations of six traffic features for packet-level traffic, we propose a new approach B6-SVM to detect anomalies for packet-level traffic on a single link. The basic idea of B6-SVM is to diagnose anomalies in a multi-dimensional view of traffic features using Support Vector Machine (SVM). Through two-phase classification, B6-SVM can detect anomalies with high detection rate and low false alarm rate. The test results demonstrate the effectiveness and potential of our technique in diagnosing anomalies. Further, compared to previous feature-based anomaly detection approaches, B6-SVM provides a framework to automatically identify possible anomalous types. The framework of B6-SVM is generic and therefore, we expect the derived insights will be helpful for similar future research efforts.

Jiang Wu,Aoran Lv,Hejie Li,Mingxu Jin,Hanheng He,Yuanpeng Zhu,Zexin Zhao,Fengyi Chen,Zijiang Wen,Yu-bin Zhong

DOI: https://doi.org/10.1109/ACCESS.2020.3044610

IF: 3.9

IEEE Access

Abstract:Microservice architecture (MSA) is a new software architecture, which divides a large single application and service into dozens of supporting microservices. With the increasingly popularity of MSA, the security issues of MSA get a lot of attention. In this paper, we propose an algorithm for mining causality and the root cause. Our algorithm consists of two parts: invocation chain anomaly analysis based on robust principal component analysis (RPCA) and a single indicator anomaly detection algorithm. The single indicator anomaly detection algorithm is composed of Isolation Forest (IF) algorithm, One-Class Support Vector Machine (SVM) algorithm, Local Outlier Factor (LOF) algorithm, and $3\sigma $ principle. For general and network time-consuming anomaly in the process of the MSA, we formulate different anomaly time-consuming detection strategies. We select a batch of sample data and three batches of test data of the 2020 International AIOps Challenge to debug our algorithm. According to the scoring criteria of the competition organizers, our algorithm has an average score of 0.8304 (The full score is 1) in the four batches of data. Our proposed algorithm has higher accuracy than some traditional machine learning algorithms in anomaly detection.

Computer Science

LIU Yong,SUN Dong-hong,CHEN You,WANG Wan-shan

DOI: https://doi.org/10.3969/j.issn.1005-3026.2010.07.006

2010-01-01

Abstract:A feature selection algorithm can improve efficiently the detection speed and result, with irrelevant and redundant data eliminated and denoised in an intrusion detection system. Taking advantage of the algorithm, a new hybrid feature selection algorithm based on the principal component analysis (PCA) in combination with decision tree algorithm (C4.5) was proposed to develop a lightweight intrusion detection system. Verifying the proposed algorithm in detail via tests with the KDD 1999 dataset, the algorithm was proved that it is available to not only ensure the high detection rate and low false alarm rate but also improve obviously the training/testing time of the intrusion detection system. Furthermore, as a result of comparative tests, the algorithm is superior to GA-SVM algorithm in training/testing time, detection rate and false alarm rate.