Zicheng Liao,Yizhou Yu,Baoquan Chen

DOI: https://doi.org/10.1109/vast.2010.5652467

2010-01-01

Abstract:Modern machine learning techniques provide robust approaches for data-driven modeling and critical information extraction, while human experts hold the advantage of possessing high-level intelligence and domain-specific expertise. We combine the power of the two for anomaly detection in GPS data by integrating them through a visualization and human-computer interaction interface. In this paper we introduce GPSvas (GPS Visual Analytics System), a system that detects anomalies in GPS data using the approach of visual analytics: a conditional random field (CRF) model is used as the machine learning component for anomaly detection in streaming GPS traces. A visualization component and an interactive user interface are built to visualize the data stream, display significant analysis results (i.e., anomalies or uncertain predications) and hidden information extracted by the anomaly detection model, which enable human experts to observe the real-time data behavior and gain insights into the data flow. Human experts further provide guidance to the machine learning model through the interaction tools; the learning model is then incrementally improved through an active learning procedure.

Yang Shi,Yuyin Liu,Hanghang Tong,Jingrui He,Gang Yan,Nan Cao

DOI: https://doi.org/10.1109/tbdata.2020.2964169

2020-01-01

IEEE Transactions on Big Data

Abstract:With the pervasive use of information technologies, the increasing availability of data provides new opportunities for understanding user behaviors. Unearthing anomalies in user behavior is of particular importance as it helps signal harmful incidents such as network intrusions, terrorist activities, and financial frauds. In this article, we survey state-of-the-art research work in visual analytics of anomalous user behaviors and classify them into four application domains, which are social interaction, travel, network communication, and financial transaction. We further examine the research work in each category in terms of data types, visualization techniques, and interactive analysis methods. We hope that our survey can provide systematic guidelines for researchers and practitioners to find effective solutions to their research problems in specific application domains. Finally, we discuss trends of academic interest over the past decades and suggest potential directions across visual analytics of these user behaviors for future research.

Nan Cao,Yu-Ru Lin,David Gotz,Fan Du

DOI: https://doi.org/10.1177/1473871616686635

IF: 2.174

2017-01-01

Information Visualization

Abstract:Outlier analysis techniques are extensively used in many domains such as intrusion detection. Today, even with the most advanced statistical learning techniques, human judgment still plays an important role in outlier analysis tasks due to the difficulty of defining and collecting outlier examples. This work seeks to tackle this problem by introducing a new visualization design, “Z-Glyph,” a family of glyphs designed to facilitate human judgment in outlier analysis of multivariate data. By employing a location-scale transformation, a Z-Glyph represents the “normal” data using regular shapes (e.g. straight line and circle), such that the abnormal data can be revealed when deviating from the regular shapes. Extensive controlled experiment and case studies based on real-world datasets indicate the superior performance of the Z-Glyph family, compared with the baselines, suggesting that the proposed design is able to leverage human perceptional features with statistical characterization. This study contributes to a more fundamental understanding about designing visual representations for revealing outliers in multivariate data, which can be applied as a building block in many domain-specific anomaly detection applications.

Nan Cao,Chaoguang Lin,Qiuhan Zhu,Yu-Ru Lin,Xian Teng,Xidao Wen

DOI: https://doi.org/10.1109/tvcg.2017.2744419

IF: 5.2

2018-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:The increasing availability of spatiotemporal data continuously collected from various sources provides new opportunities for a timely understanding of the data in their spatial and temporal context. Finding abnormal patterns in such data poses significant challenges. Given that there is often no clear boundary between normal and abnormal patterns, existing solutions are limited in their capacity of identifying anomalies in large, dynamic and heterogeneous data, interpreting anomalies in their multifaceted, spatiotemporal context, and allowing users to provide feedback in the analysis loop. In this work, we introduce a unified visual interactive system and framework, Voila, for interactively detecting anomalies in spatiotemporal data collected from a streaming data source. The system is designed to meet two requirements in real-world applications, i.e., online monitoring and interactivity. We propose a novel tensor-based anomaly analysis algorithm with visualization and interaction design that dynamically produces contextualized, interpretable data summaries and allows for interactively ranking anomalous patterns based on user input. Using the “smart city” as an example scenario, we demonstrate the effectiveness of the proposed framework through quantitative evaluation and qualitative case studies.

Yang Shi,Maoran Xu,Rongwen Zhao,Hao Fu,Tongshuang Wu,Nan Cao

DOI: https://doi.org/10.1109/THMS.2019.2925195

2019-01-01

IEEE Transactions on Human-Machine Systems

Abstract:Automatic anomaly detection techniques have been extensively used to support decision making in abnormal situations. However, existing approaches are limited in their capacity of effectively identifying anomalies due to the complexity of the real-world environment, the uncertainty of the data input, and the unavailability of ground truth. In this paper, we propose an interactive context-aware anomaly detection algorithm framework that incorporates human judgment in searching for anomalous regions within a large geographic environment. In specific, our framework, 1) estimates a focal region and detect anomalous situations in real time, through which the user can observe and analyze suspicious entities, 2) leverages user feedback to refine results and guide further analysis, and 3) tolerates potential fault feedback provided by the users and resignal dubious anomalous points. Based on the framework, we propose two algorithm implementations, respectively, employ Bayes’ theorem and metric learning. We demonstrate the effectiveness of the proposed framework and corresponding implementations through two controlled user studies and a case study with a domain expert.

Shunan Guo,Zhuochen Jin,Qing Chen,David Gotz,Hongyuan Zha,Nan Cao

DOI: https://doi.org/10.1109/tvcg.2021.3093585

IF: 5.2

2021-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Anomaly detection is a common analytical task that aims to identify rare cases that differ from the typical cases that make up the majority of a dataset. When analyzing event sequence data, the task of anomaly detection can be complex because the sequential and temporal nature of such data results in diverse definitions and flexible forms of anomalies. This, in turn, increases the difficulty in interpreting detected anomalies. In this article, we propose a visual analytic approach for detecting anomalous sequences in an event sequence dataset via an unsupervised anomaly detection algorithm based on Variational AutoEncoders. We further compare the anomalous sequences with their reconstructions and with the normal sequences through a sequence matching algorithm to identify event anomalies. A visual analytics system is developed to support interactive exploration and interpretations of anomalies through novel visualization designs that facilitate the comparison between anomalous sequences and normal sequences. Finally, we quantitatively evaluate the performance of our anomaly detection algorithm, demonstrate the effectiveness of our system through case studies, and report feedback collected from study participants.

Xin Fan,Chenlu Li,Xiaoru Yuan,Xiaoju Dong,Jie Liang

DOI: https://doi.org/10.1007/s12650-019-00580-7

IF: 1.7

2019-01-01

Journal of Visualization

Abstract:Network anomaly detection is an important means for safeguarding network security. On account of the difficulties encountered in traditional automatic detection methods such as lack of labeled data, expensive retraining costs for new data and non-explanation, we propose a novel smart labeling method, which combines active learning and visual interaction, to detect network anomalies through the iterative labeling process of the users. The algorithms and the visual interfaces are tightly integrated. The network behavior patterns are first learned by using the self-organizing incremental neural network. Then, the model uses a Fuzzy c-means-based algorithm to do classification on the basis of user feedback. After that, the visual interfaces are updated to present the improved results of the model, which can help users to choose meaningful candidates, judge anomalies and understand the model results. The experiments show that compared to labeling without our visualizations, our method can achieve a high accuracy rate of anomaly detection with fewer labeled samples.

Yunkang Cao,Xiaohao Xu,Jiangning Zhang,Yuqi Cheng,Xiaonan Huang,Guansong Pang,Weiming Shen

2024-01-30

Abstract:Visual Anomaly Detection (VAD) endeavors to pinpoint deviations from the concept of normality in visual data, widely applied across diverse domains, e.g., industrial defect inspection, and medical lesion detection. This survey comprehensively examines recent advancements in VAD by identifying three primary challenges: 1) scarcity of training data, 2) diversity of visual modalities, and 3) complexity of hierarchical anomalies. Starting with a brief overview of the VAD background and its generic concept definitions, we progressively categorize, emphasize, and discuss the latest VAD progress from the perspective of sample number, data modality, and anomaly hierarchy. Through an in-depth analysis of the VAD field, we finally summarize future developments for VAD and conclude the key findings and contributions of this survey.

Computer Vision and Pattern Recognition,Artificial Intelligence

Dongyu Liu,Sarah Alnegheimish,Alexandra Zytek,Kalyan Veeramachaneni

DOI: https://doi.org/10.48550/arXiv.2112.05734

2021-12-11

Abstract:Detecting anomalies in time-varying multivariate data is crucial in various industries for the predictive maintenance of equipment. Numerous machine learning (ML) algorithms have been proposed to support automated anomaly identification. However, a significant amount of human knowledge is still required to interpret, analyze, and calibrate the results of automated analysis. This paper investigates current practices used to detect and investigate anomalies in time series data in industrial contexts and identifies corresponding needs. Through iterative design and working with nine experts from two industry domains (aerospace and energy), we characterize six design elements required for a successful visualization system that supports effective detection, investigation, and annotation of time series anomalies. We summarize an ideal human-AI collaboration workflow that streamlines the process and supports efficient and collaborative analysis. We introduce MTV (Multivariate Time Series Visualization), a visual analytics system to support such workflow. The system incorporates a set of novel visualization and interaction designs to support multi-faceted time series exploration, efficient in-situ anomaly annotation, and insight communication. Two user studies, one with 6 spacecraft experts (with routine anomaly analysis tasks) and one with 25 general end-users (without such tasks), are conducted to demonstrate the effectiveness and usefulness of MTV.

Human-Computer Interaction

Xueyuan Wen,Kaiyan Dai,Qi Xiong,Lili Chen,Jian Zhang,Zhen Wang

DOI: https://doi.org/10.1016/j.jisa.2023.103557

IF: 4.96

2023-08-19

Journal of Information Security and Applications

Abstract:Years into the insider threat, it remains an universal challenge to predict and defend. Concerning this problem, there has been a multitude of solutions, including the detection of sentiment fluctuations of an entity to predict its abnormality degree. Previous research solely focus on the analysis of individual anomalies, but ignore the sociality of individual sentiments. Therefore, in this paper, we propose an approach to internal threats detection based on sentiment and network analysis. Above all, we use Natural Language ToolKit (NLTK) to analyze the sentiment of each preprocessed email, and thus we establish sentiment communication network. The graphs are reconstructed into series and reshaped as matrices. By the singular value decomposition (SVD), the matrix is decomposed into base networks, and we analyze the change in importance of important base networks over time to detect the company's internal conditions. When anomalies occur, we establish combination networks which consist of base networks and can represent the abnormal character patterns of this time. Then compare the eigenvector centrality of both combination networks and total network to identify the employees related to this anomaly. The experiment shows that it can locate the anomaly-related employees accurately, and according to the network graph, the top few of anomaly-related employees are associated in group internal threats. Our approach provides the anomaly-related rank of employees and the abnormal character pattern of the sentiment communication network at the moment of anomaly.

computer science, information systems

Xiaoqian Wu,Cheng Chen,Lili Quan

DOI: https://doi.org/10.3233/thc-232054

IF: 1.6

2024-06-15

Technology and Health Care

Abstract:BACKGROUND: Traditional methods have the limitations of low accuracy and inconvenient operation in analyzing students' abnormal behavior. Hence, a more intuitive, flexible, and user-friendly visualization tool is needed to help better understand students' behavior data. OBJECTIVE: In this study a visual analysis and interactive interface of students' abnormal behavior based on a clustering algorithm were examined and designed. METHODS: Firstly, this paper discusses the development of traditional methods for analyzing students' abnormal behavior and visualization technology and discusses its limitations. Then, the K-means clustering algorithm is selected as the solution to find potential abnormal patterns and groups from students' behaviors. By collecting a large number of students' behavior data and preprocessing them to extract relevant features, a K-means clustering algorithm is applied to cluster the data and obtain the clustering results of students' abnormal behaviors. To visually display the clustering results and help users analyze students' abnormal behaviors, a visual analysis method and an interactive interface are designed to present the clustering results to users. The interactive functions are provided, such as screening, zooming in and out, and correlation analysis, to support users' in-depth exploration and analysis of data. Finally, the experimental evaluation is carried out, and the effectiveness and practicability of the proposed method are verified by using big data to obtain real student behavior data. RESULTS: The experimental results show that this method can accurately detect and visualize students' abnormal behaviors and provide intuitive analysis results. CONCLUSION: This paper makes full use of the advantages of big data to understand students' behavior patterns more comprehensively and provides a new solution for students' management and behavior analysis in the field of education. Future research can further expand and improve this method to adapt to more complex students' behavior data and needs.

engineering, biomedical,health care sciences & services

Jian Zhao,Nan Cao,Zhen Wen,Yale Song,Yu-Ru Lin,Christopher Collins

DOI: https://doi.org/10.1109/TVCG.2014.2346922

Abstract:We present FluxFlow, an interactive visual analysis system for revealing and analyzing anomalous information spreading in social media. Everyday, millions of messages are created, commented, and shared by people on social media websites, such as Twitter and Facebook. This provides valuable data for researchers and practitioners in many application domains, such as marketing, to inform decision-making. Distilling valuable social signals from the huge crowd's messages, however, is challenging, due to the heterogeneous and dynamic crowd behaviors. The challenge is rooted in data analysts' capability of discerning the anomalous information behaviors, such as the spreading of rumors or misinformation, from the rest that are more conventional patterns, such as popular topics and newsworthy events, in a timely fashion. FluxFlow incorporates advanced machine learning algorithms to detect anomalies, and offers a set of novel visualization designs for presenting the detected threads for deeper analysis. We evaluated FluxFlow with real datasets containing the Twitter feeds captured during significant events such as Hurricane Sandy. Through quantitative measurements of the algorithmic performance and qualitative interviews with domain experts, the results show that the back-end anomaly detection model is effective in identifying anomalous retweeting threads, and its front-end interactive visualizations are intuitive and useful for analysts to discover insights in data and comprehend the underlying analytical model.

Ke Xu,Meng Xia,Xing Mu,Yun Wang,Nan Cao

DOI: https://doi.org/10.1109/tvcg.2018.2864825

IF: 5.2

2018-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:The results of anomaly detection are sensitive to the choice of detection algorithms as they are specialized for different properties of data, especially for multidimensional data. Thus, it is vital to select the algorithm appropriately. To systematically select the algorithms, ensemble analysis techniques have been developed to support the assembly and comparison of heterogeneous algorithms. However, challenges remain due to the absence of the ground truth, interpretation, or evaluation of these anomaly detectors. In this paper, we present a visual analytics system named EnsembleLens that evaluates anomaly detection algorithms based on the ensemble analysis process. The system visualizes the ensemble processes and results by a set of novel visual designs and multiple coordinated contextual views to meet the requirements of correlation analysis, assessment and reasoning of anomaly detection algorithms. We also introduce an interactive analysis workflow that dynamically produces contextualized and interpretable data summaries that allow further refinements of exploration results based on user feedback. We demonstrate the effectiveness of EnsembleLens through a quantitative evaluation, three case studies with real-world data and interviews with two domain experts.

Maggie Celeste Goulden,Eric Gronda,Yurou Yang,Zihang Zhang,Jun Tao,Chaoli Wang,Xiaojing Duan,G. Alex Ambrose,Kevin Abbott,Patrick Miller

DOI: https://doi.org/10.2352/issn.2470-1173.2019.1.vda-681

2019-01-01

Electronic Imaging

Abstract:As more and more college classrooms utilize online platforms to facilitate teaching and learning activities, analyzing student online behaviors becomes increasingly important for instructors to effectively monitor and manage student progress and performance. In this paper, we present CCVis, a visual analytics tool for analyzing the course clickstream data and exploring student online learning behaviors. Targeting a large college introductory course with over two thousand student enrollments, our goal is to investigate student behavior patterns and discover the possible relationships between student clickstream behaviors and their course performance. We employ higher-order network and structural identity classification to enable visual analytics of behavior patterns from the massive clickstream data. CCVis includes four coordinated views (the behavior pattern, behavior breakdown, clickstream comparative, and grade distribution views) for user interaction and exploration. We demonstrate the effectiveness of CCVis through case studies along with an ad-hoc expert evaluation. Finally, we discuss the limitation and extension of this work.

David Savage,Xiuzhen Zhang,Xinghuo Yu,Pauline Chou,Qingmai Wang

DOI: https://doi.org/10.48550/arXiv.1608.00301

2016-08-01

Abstract:Anomalies in online social networks can signify irregular, and often illegal behaviour. Anomalies in online social networks can signify irregular, and often illegal behaviour. Detection of such anomalies has been used to identify malicious individuals, including spammers, sexual predators, and online fraudsters. In this paper we survey existing computational techniques for detecting anomalies in online social networks. We characterise anomalies as being either static or dynamic, and as being labelled or unlabelled, and survey methods for detecting these different types of anomalies. We suggest that the detection of anomalies in online social networks is composed of two sub-processes; the selection and calculation of network features, and the classification of observations from this feature space. In addition, this paper provides an overview of the types of problems that anomaly detection can address and identifies key areas of future research.

Social and Information Networks,Physics and Society

Xi Xiangyu,Zhang Tong,Ye Wei,Wen Zhao,Zhang Shikun,Du Dongdong,Gao Qing

DOI: https://doi.org/10.1142/s0218194018400211

2018-01-01

Abstract:An intruder of a company’s network may use stolen login credentials to silently collect sensitive data. Such malicious user behavior is difficult to detect as long as it does not trigger access violation or data leak alert. In this paper, we propose to use an ensemble of three unsupervised anomaly detection algorithms, namely OCSVM, RNN and Isolation Forest, to detect abnormal user behavior patterns. Besides, an User Behavior Analytics (UBA) Platform is proposed to collect logs, extract features and conduct experiments. The experiment results indicate that our algorithm outperforms each individual algorithm with recall of 96.55% and precision of 91.24% on average, while both OCSVM and RNN suffer from anomalies in the training set, and [Formula: see text] produces more false positives and false negatives in prediction.

Luchuan Song,Bin Liu,Huihui Zhu,Qi Chu,Nenghai Yu

DOI: https://doi.org/10.48550/arXiv.2107.13706

2021-07-29

Abstract:Abnormal behavior detection in surveillance video is a pivotal part of the intelligent city. Most existing methods only consider how to detect anomalies, with less considering to explain the reason of the anomalies. We investigate an orthogonal perspective based on the reason of these abnormal behaviors. To this end, we propose a multivariate fusion method that analyzes each target through three branches: object, action and motion. The object branch focuses on the appearance information, the motion branch focuses on the distribution of the motion features, and the action branch focuses on the action category of the target. The information that these branches focus on is different, and they can complement each other and jointly detect abnormal behavior. The final abnormal score can then be obtained by combining the abnormal scores of the three branches.

Computer Vision and Pattern Recognition

Tao Zhang,Qi Liao,Lei Shi

DOI: https://doi.org/10.1109/PacificVis.2014.22

2014-01-01

Abstract:Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers.

Zekun Wu,Shahin Doroudian,Aidong Lu

2023-12-04

Abstract:The understanding of visual analytics process can benefit visualization researchers from multiple aspects, including improving visual designs and developing advanced interaction functions. However, the log files of user behaviors are still hard to analyze due to the complexity of sensemaking and our lack of knowledge on the related user behaviors. This work presents a study on a comprehensive data collection of user behaviors, and our analysis approach with time-series classification methods. We have chosen a classical visualization application, Covid-19 data analysis, with common analysis tasks covering geo-spatial, time-series and multi-attributes. Our user study collects user behaviors on a diverse set of visualization tasks with two comparable systems, desktop and immersive visualizations. We summarize the classification results with three time-series machine learning algorithms at two scales, and explore the influences of behavior features. Our results reveal that user behaviors can be distinguished during the process of visual analytics and there is a potentially strong association between the physical behaviors of users and the visualization tasks they perform. We also demonstrate the usage of our models by interpreting open sessions of visual analytics, which provides an automatic way to study sensemaking without tedious manual annotations.

Human-Computer Interaction,Computer Vision and Pattern Recognition,Machine Learning

Yingcai Wu,Nan Cao,David Gotz,Yap-Peng Tan,Daniel A. Keim

DOI: https://doi.org/10.1109/tmm.2016.2614220

IF: 7.3

2016-01-01

IEEE Transactions on Multimedia

Abstract:The unprecedented availability of social media data offers substantial opportunities for data owners, system operators, solution providers, and end users to explore and understand social dynamics. However, the exponential growth in the volume, velocity, and variability of social media data prevents people from fully utilizing such data. Visual analytics, which is an emerging research direction, has received considerable attention in recent years. Many visual analytics methods have been proposed across disciplines to understand large-scale structured and unstructured social media data. This objective, however, also poses significant challenges for researchers to obtain a comprehensive picture of the area, understand research challenges, and develop new techniques. In this paper, we present a comprehensive survey to characterize this fast-growing area and summarize the state-of-the-art techniques for analyzing social media data. In particular, we classify existing techniques into two categories: gathering information and understanding user behaviors. We aim to provide a clear overview of the research area through the established taxonomy. We then explore the design space and identify the research trends. Finally, we discuss challenges and open questions for future studies.