Weiwei Lin,Songbo Wang,Wentai Wu,Dongdong Li,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tetci.2023.3290027

2023-01-01

IEEE Transactions on Emerging Topics in Computational Intelligence

Abstract:Anomaly detection, in recent years, has gained increasing attention in the research and practice of time series processing. However, the task is particularly challenging with multivariate time series which complicates the temporal dependency between observations and introduces complex inter-channel correlation. Meanwhile, in order to fit a broader range of applications, robustness during both training and detection is also a critical aspect. In this paper, we propose an unsupervised, hybrid model-driven anomaly detection scheme capable of (1) transforming sequences into a fused representation of temporal dependency embeddings and inter-channel correlation embeddings, and (2) achieving robust anomaly detection using a temporal prediction network for sample-wise posterior estimation combined with a data reconstruction network to assess the source of prediction. On this basis, we develop a probability density-based anomaly scoring mechanism for online detection in multivariate time series, where the anomaly score for each observation is rectified by the reliability of the prediction source. The results of extensive experiments on five publicly available datasets show that our proposed solution outperforms various state-of-the-art anomaly detection algorithms (including DL-based and non-DL-based), achieving a performance improvement (in F1-Score) by up to 10.42%.

Feiyi Chen,Yingying zhang,Zhen Qin,Lunting Fan,Renhe Jiang,Yuxuan Liang,Qingsong Wen,Shuiguang Deng

DOI: https://doi.org/10.1109/icde60146.2024.00047

2024-01-01

Abstract:Anomaly detection significantly enhances the robustness of cloud systems.While neural network-based methods have recently demonstrated strongadvantages, they encounter practical challenges in cloud environments: thecontradiction between the impracticality of maintaining a unique model for eachservice and the limited ability to deal with diverse normal patterns by aunified model, as well as issues with handling heavy traffic in real time andshort-term anomaly detection sensitivity. Thus, we propose MACE, a multi-normal-pattern accommodated and efficientanomaly detection method in the frequency domain for time series anomalydetection. There are three novel characteristics of it: (i) a patternextraction mechanism excelling at handling diverse normal patterns with aunified model, which enables the model to identify anomalies by examining thecorrelation between the data sample and its service normal pattern, instead ofsolely focusing on the data sample itself; (ii) a dualistic convolutionmechanism that amplifies short-term anomalies in the time domain and hindersthe reconstruction of anomalies in the frequency domain, which enlarges thereconstruction error disparity between anomaly and normality and facilitatesanomaly detection; (iii) leveraging the sparsity and parallelism of frequencydomain to enhance model efficiency. We theoretically and experimentally provethat using a strategically selected subset of Fourier bases can not only reducecomputational overhead but is also profitable to distinguish anomalies,compared to using the complete spectrum. Moreover, extensive experimentsdemonstrate MACE's effectiveness in handling diverse normal patterns with aunified model and it achieves state-of-the-art performance with highefficiency.

Kai Zhang,Chao Li,Qinmin Yang,Wei Lin,Linsong Yuan

DOI: https://doi.org/10.1109/ICIST59754.2023.10367117

2023-01-01

Abstract:Abnormal detection is crucial for maintaining critical processes' stability, security, and efficiency in various domains. Traditional methods for abnormal detection in time series data have limitations in capturing temporal dependencies and providing interpretable anomaly scores. The authors propose a Segmentation-based Adversarial Denoising Auto-encoder (SADA) model to address these challenges. The SADA model uses two individual auto-encoders to establish an adversarial training process and incorporates segmentation techniques and inter-correlation encoding units to capture temporal dependencies and inter-correlations in multivariate time series data. Experimental results on multiple datasets demonstrate the effectiveness of the SADA model in detecting anomalies and achieving high precision and recall rates. The proposed model shows promise in improving the adaptability of anomaly detection algorithms to different types of data.

Yu Zheng,Huan Yee Koh,Ming Jin,Lianhua Chi,Haishuai Wang,Khoa T. Phan,Yi-Ping Phoebe Chen,Shirui Pan,Wei Xiang

DOI: https://doi.org/10.1016/j.inffus.2024.102255

IF: 18.6

2024-01-16

Information Fusion

Abstract:The detection of anomalies in multivariate time series data is crucial for various practical applications, including smart power grids, traffic flow forecasting, and industrial process control. However, real-world time series data is usually not well-structured, posting significant challenges to existing approaches: (1) The existence of missing values in multivariate time series data along variable and time dimensions hinders the effective modeling of interwoven spatial and temporal dependencies, resulting in important patterns being overlooked during model training; (2) Anomaly scoring with irregularly-sampled observations is less explored, making it difficult to use existing detectors for multivariate series without fully-observed values. In this work, we introduce a novel framework called GST-Pro , which utilizes a g raph s patio t emporal pro cess and anomaly scorer to tackle the aforementioned challenges in detecting anomalies on irregularly-sampled multivariate time series. Our approach comprises two main components. First, we propose a graph spatiotemporal process based on neural controlled differential equations. This process enables effective modeling of multivariate time series from both spatial and temporal perspectives, even when the data contains missing values. Second, we present a novel distribution-based anomaly scoring mechanism that alleviates the reliance on complete uniform observations. By analyzing the predictions of the graph spatiotemporal process, our approach allows anomalies to be easily detected. Our experimental results show that the GST-Pro method can effectively detect anomalies in time series data and outperforms state-of-the-art methods, regardless of whether there are missing values present in the data. Our code is available: https://github.com/huankoh/GST-Pro .

computer science, artificial intelligence, theory & methods

Hang Zhao,Yujing Wang,Juanyong Duan,Congrui Huang,Defu Cao,Yunhai Tong,Bixiong Xu,Jing Bai,Jie Tong,Qi Zhang

DOI: https://doi.org/10.1109/icdm50108.2020.00093

2020-11-01

Abstract:Anomaly detection on multivariate time-series is of great importance in both data mining research and industrial applications. Recent approaches have achieved significant progress in this topic, but there is remaining limitations. One major limitation is that they do not capture the relationships between different time-series explicitly, resulting in inevitable false alarms. In this paper, we propose a novel self-supervised framework for multivariate time-series anomaly detection to address this issue. Our framework considers each univariate time-series as an individual feature and includes two graph attention layers in parallel to learn the complex dependencies of multivariate time-series in both temporal and feature dimensions. In addition, our approach jointly optimizes a forecasting-based model and a reconstruction-based model, obtaining better time-series representations through a combination of single-timestamp prediction and reconstruction of the entire time-series. We demonstrate the efficacy of our model through extensive experiments. The proposed method outperforms other state-of-the-art models on three real-world datasets. Further analysis shows that our method has good interpretability and is useful for anomaly diagnosis.

Haowei He,Jingzhao Zhang,Yanan Wang,Benben Jiang,Shaobo Huang,Chen Wang,Yang Zhang,Xuebing Han,Dongxu Guo,Guannan He,Minggao Ouyang

2023-01-01

Abstract:Real world systems---such as robots, weather, energy systems and stock markets---are complicated and high-dimensional. Hence, without prior knowledge of the system dynamics, detecting or forecasting abnormal events from the sequential observations of the system is challenging. In this work, we address the problem caused by high-dimensionality via viewing time series anomaly detection as hypothesis testing on dynamical systems. This perspective can avoid the dimension of the problem from increasing linearly with time horizon, and naturally leads to a novel anomaly detection model, termed as DyAD (Dynamical system Anomaly Detection). Furthermore, as existing time-series anomaly detection algorithms are usually evaluated on relatively small datasets, we released a large-scale one on detecting battery failures in electric vehicles. We benchmarked several popular algorithms on both public datasets and our released new dataset. Our experiments demonstrated that our proposed model achieves state-of-the-art results.

Stephan Rabanser,Tim Januschowski,Kashif Rasul,Oliver Borchert,Richard Kurle,Jan Gasthaus,Michael Bohlke-Schneider,Nicolas Papernot,Valentin Flunkert

DOI: https://doi.org/10.48550/arXiv.2206.14342

IF: 5.414

2022-06-29

Machine Learning

Abstract:We introduce a novel, practically relevant variation of the anomaly detection problem in multi-variate time series: intrinsic anomaly detection. It appears in diverse practical scenarios ranging from DevOps to IoT, where we want to recognize failures of a system that operates under the influence of a surrounding environment. Intrinsic anomalies are changes in the functional dependency structure between time series that represent an environment and time series that represent the internal state of a system that is placed in said environment. We formalize this problem, provide under-studied public and new purpose-built data sets for it, and present methods that handle intrinsic anomaly detection. These address the short-coming of existing anomaly detection methods that cannot differentiate between expected changes in the system's state and unexpected ones, i.e., changes in the system that deviate from the environment's influence. Our most promising approach is fully unsupervised and combines adversarial learning and time series representation learning, thereby addressing problems such as label sparsity and subjectivity, while allowing to navigate and improve notoriously problematic anomaly detection data sets.

Katrina Chen,Mingbin Feng,Tony S. Wirjanto

DOI: https://doi.org/10.48550/arXiv.2302.02051

IF: 5.414

2023-02-04

Machine Learning

Abstract:Anomalies in univariate time series often refer to abnormal values and deviations from the temporal patterns from majority of historical observations. In multivariate time series, anomalies also refer to abnormal changes in the inter-series relationship, such as correlation, over time. Existing studies have been able to model such inter-series relationships through graph neural networks. However, most works settle on learning a static graph globally or within a context window to assist a time series forecasting task or a reconstruction task, whose objective is not tailored to explicitly detect the abnormal relationship. Some other works detect anomalies based on reconstructing or forecasting a list of inter-series graphs, which inadvertently weakens their power to capture temporal patterns within the data due to the discrete nature of graphs. In this study, we propose DyGraphAD, a multivariate time series anomaly detection framework based upon a list of dynamic inter-series graphs. The core idea is to detect anomalies based on the deviation of inter-series relationships and intra-series temporal patterns from normal to anomalous states, by leveraging the evolving nature of the graphs in order to assist a graph forecasting task and a time series forecasting task simultaneously. Our numerical experiments on real-world datasets demonstrate that DyGraphAD has superior performance than baseline anomaly detection approaches.

Jinbo Li,Hesam Izakian,Witold Pedrycz,Iqbal Jamal

DOI: https://doi.org/10.1016/j.asoc.2020.106919

IF: 8.7

2021-03-01

Applied Soft Computing

Abstract:Multivariate time series data come as a collection of time series describing different aspects of a certain temporal phenomenon. Anomaly detection in this type of data constitutes a challenging problem yet with numerous applications in science and engineering because anomaly scores come from the simultaneous consideration of the temporal and variable relationships. In this paper, we propose a clustering-based approach to detect anomalies concerning the amplitude and the shape of multivariate time series. First, we use a sliding window to generate a set of multivariate subsequences and thereafter apply an extended fuzzy clustering to reveal a structure present within the generated multivariate subsequences. Finally, a reconstruction criterion is employed to reconstruct the multivariate subsequences with the optimal cluster centers and the partition matrix. We construct a confidence index to quantify a level of anomaly detected in the series and apply Particle Swarm Optimization as an optimization vehicle for the problem of anomaly detection. Experimental studies completed on several synthetic and six real-world datasets suggest that the proposed methods can detect the anomalies in multivariate time series. With the help of available clusters revealed by the extended fuzzy clustering, the proposed framework can detect anomalies in the multivariate time series and is suitable for identifying anomalous amplitude and shape patterns in various application domains such as health care, weather data analysis, finance, and disease outbreak detection.

computer science, artificial intelligence, interdisciplinary applications

Chunming Lin,Bowen Du,Leilei Sun,Linchao Li

DOI: https://doi.org/10.1109/tkde.2024.3360640

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Anomaly detection in multivariate time series is a critical research area, but it is also a challenging one due to its occurrence in various real-world scenarios, such as structural health monitoring and risk management. Traditional approaches for anomaly detection rely on deviating distribution and a static threshold that is set manually. However, static thresholds fail to detect contextual anomalies, leading to a high ratio of false anomalies. Therefore, a self-adaptive thresholding method is required to improve the accuracy of anomaly detection. In this study, we propose HCR-AdaAD, a multivariate anomaly detection framework that combines hierarchical context representation learning with deep learning methods. The core idea is to extract normal time-series patterns by transforming them into images, which can be used to extract spatial features and generate robust representations for normal time series. Next, we adopt Extreme Value Theory (EVT) to set self-adaptive thresholds in streaming time series, which can contribute to the ideal precision for anomaly detection and high interpretability with contextual information. We conducted evaluation experiments on three public datasets, and the results demonstrate the effectiveness and soundness of our proposed model. HCR-AdaAD offers a novel and effective approach to anomaly detection in multivariate time series that outperforms traditional methods, making it a promising solution for real-world applications in various domains.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Yinke Wang,Xu Zhong,Yimiao Shao,Jiangyi Hu,Taishan Xu,Yanhong Bao,Wenzhong Li

DOI: https://doi.org/10.1109/swc57546.2023.10448910

2023-01-01

Abstract:Anomaly detection on time series data is an important research topic in various domains, which enables information systems to prevent unexpected failures and enhance their security. While conventional time series anomaly detection mainly focuses on single-scale models, it remains challenges to develop a multi-scale model to detect diverse anomalies in the forms of point outliers, short-term failures, and long sequence anomalies. In this paper, we propose MSEAD, a multi-scale anomaly detection method based on ensemble learning, which improves the detection accuracy through the combination of multiple scale detectors. The proposed model trains several prediction models on different scales based on the mechanism of multi-scale convolution for feature extraction, and calculates the anomaly scores based on the predicted values on multiple scales. Finally, ensemble polling is used to vote for each point in the series to form the results of multi-scale anomaly detection. Extensive experiments based on five datasets show that the proposed model outperforms the state-of-the-art anomaly detection methods.

Feng Xue,Weizhong Yan

DOI: https://doi.org/10.48550/arXiv.2207.00705

2022-07-02

Abstract:Given the scarcity of anomalies in real-world applications, the majority of literature has been focusing on modeling normality. The learned representations enable anomaly detection as the normality model is trained to capture certain key underlying data regularities under normal circumstances. In practical settings, particularly industrial time series anomaly detection, we often encounter situations where a large amount of normal operation data is available along with a small number of anomaly events collected over time. This practical situation calls for methodologies to leverage these small number of anomaly events to create a better anomaly detector. In this paper, we introduce two methodologies to address the needs of this practical situation and compared them with recently developed state of the art techniques. Our proposed methods anchor on representative learning of normal operation with autoregressive (AR) model along with loss components to encourage representations that separate normal versus few positive examples. We applied the proposed methods to two industrial anomaly detection datasets and demonstrated effective performance in comparison with approaches from literature. Our study also points out additional challenges with adopting such methods in practical applications.

Machine Learning,Artificial Intelligence,Neural and Evolutionary Computing

Kun Zhang,S. Hoi,Wenzhuo Yang

DOI: https://doi.org/10.48550/arXiv.2206.15033

Abstract:Anomaly detection in multivariate time series plays an important role in monitoring the behaviors of various real-world systems, e.g., IT system operations or manufacturing industry. Previous approaches model the joint distribution without considering the underlying mechanism of multivariate time series, making them complicated and computationally hungry. In this paper, we formulate the anomaly detection problem from a causal perspective and view anomalies as instances that do not follow the regular causal mechanism to generate the multivariate data. We then propose a causality-based anomaly detection approach, which first learns the causal structure from data and then infers whether an instance is an anomaly relative to the local causal mechanism to generate each variable from its direct causes, whose conditional distribution can be directly estimated from data. In light of the modularity property of causal systems, the original problem is divided into a series of separate low-dimensional anomaly detection problems so that where an anomaly happens can be directly identified. We evaluate our approach with both simulated and public datasets as well as a case study on real-world AIOps applications, showing its efficacy, robustness, and practical feasibility.

Computer Science

Feifei Cao,Xitong Guo

DOI: https://doi.org/10.1016/j.engappai.2024.108663

IF: 8

2024-09-01

Engineering Applications of Artificial Intelligence

Abstract:Financial multivariate time series anomaly detection has received widespread attention, which is crucial for the reliable and safe operation of the financial system. Based on this, multi-variable time series anomaly detection methods based on different network architectures have emerged, but these models are either based on a single anomaly hypothesis (such as point anomalies) or based on labeled data (such as supervised methods). This goes against the multimodal nature and complexity of real-world data, making these methods ineffective. To remedy these shortcomings, we propose a model selection framework based on curiosity search and experience replay mechanisms.This framework includes multiple anomaly assumptions and base models in a carefully designed search space. The agent explores this search space to guide each base model, leveraging its strengths in exotic types of time series data. The framework subsequently employs reinforcement learning to select the optimal model from these candidate models. Through multi-dimensional, multi-index experimental verification of four different types of data sets, our model search framework can select the optimal base model suitable for the current timestamp from the base model pool, thereby achieving superior detection performance and better than the current A model selection framework based on reinforcement learning.Additionally, we introduce self-imitation learning and utilize an experience replay mechanism to enhance the effectiveness of samples, thereby saving detection time. To better extend our approach to more complex real-world applications, we conduct interpretability analysis on the output of anomalies. This research assists in troubleshooting and analyzing anomalies.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Liwen Zhou,Qingkui Zeng,Bo Li

DOI: https://doi.org/10.1109/access.2022.3167640

IF: 3.9

2022-01-01

IEEE Access

Abstract:In the real world, a large number of multivariate time series data are generated by Internet of Things systems, which are composed of many connected sensing devices. Therefore, it is impractical to consider only a single univariate time series for decision-making. High-dimensional time series decrease the performance of traditional anomaly detection methods. Moreover, many previously developed methods capture temporal correlations instead of spatial correlations. Therefore, it is necessary to learn the temporal and spatial correlations between different time series and timestamps. In this paper, to achieve improved anomaly detection performance for multivariate time series, we propose a novel architecture based on a graph attention network (GAT) with multihead dynamic attention (MDA). This framework simultaneously learns the dependencies between sensors in both the temporal and spatial dimensions. To tackle the overfitting problem in autoencoder (AE)-based methods, we propose a hybrid approach that combines a novel generative adversarial network (GAN) architecture as a reconstruction model with a multilayer perceptron (MLP) as a prediction-based model to detect anomalies together. The detection framework proposed in this paper is called the HAD-multihead dynamic GAT (MDGAT). Extensive experiments on different public benchmarks demonstrate the superior performance of HAD-MDGAT over state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lan Wang,Yusan Lin,Yuhang Wu,Huiyuan Chen,Fei Wang,Hao Yang

DOI: https://doi.org/10.48550/arXiv.2201.04792

2022-01-13

Abstract:Today's cyber-world is vastly multivariate. Metrics collected at extreme varieties demand multivariate algorithms to properly detect anomalies. However, forecast-based algorithms, as widely proven approaches, often perform sub-optimally or inconsistently across datasets. A key common issue is they strive to be one-size-fits-all but anomalies are distinctive in nature. We propose a method that tailors to such distinction. Presenting FMUAD - a Forecast-based, Multi-aspect, Unsupervised Anomaly Detection framework. FMUAD explicitly and separately captures the signature traits of anomaly types - spatial change, temporal change and correlation change - with independent modules. The modules then jointly learn an optimal feature representation, which is highly flexible and intuitive, unlike most other models in the category. Extensive experiments show our FMUAD framework consistently outperforms other state-of-the-art forecast-based anomaly detectors.

Machine Learning

Junqi Chen,Xu Tan,Sylwan Rahardja,Jiawei Yang,Susanto Rahardja

DOI: https://doi.org/10.1109/lsp.2024.3438078

2024-08-21

IEEE Signal Processing Letters

Abstract:Deep learning-based sequence models are extensively employed in Time Series Anomaly Detection (TSAD) tasks due to their effective sequential modeling capabilities. However, the ability of TSAD is limited by two key challenges: (i) the ability to model long-range dependency and (ii) the generalization issue in the presence of non-stationary data. To tackle these challenges, an anomaly detector that leverages the selective state space model known for its proficiency in capturing long-term dependencies across various domains is proposed. Additionally, a multi-stage detrending mechanism is introduced to mitigate the prominent trend component in non-stationary data to address the generalization issue. Extensive experiments conducted on real-world public datasets demonstrate that the proposed methods surpass all 12 compared baseline methods.

engineering, electrical & electronic

Alessandro Flaborea,Bardh Prenkaj,Bharti Munjal,Marco Aurelio Sterpa,Dario Aragona,Luca Podo,Fabio Galasso

DOI: https://doi.org/10.48550/arXiv.2211.09224

2023-04-12

Abstract:The progress in modelling time series and, more generally, sequences of structured data has recently revamped research in anomaly detection. The task stands for identifying abnormal behaviors in financial series, IT systems, aerospace measurements, and the medical domain, where anomaly detection may aid in isolating cases of depression and attend the elderly. Anomaly detection in time series is a complex task since anomalies are rare due to highly non-linear temporal correlations and since the definition of anomalous is sometimes subjective. Here we propose the novel use of Hyperbolic uncertainty for Anomaly Detection (HypAD). HypAD learns self-supervisedly to reconstruct the input signal. We adopt best practices from the state-of-the-art to encode the sequence by an LSTM, jointly learned with a decoder to reconstruct the signal, with the aid of GAN critics. Uncertainty is estimated end-to-end by means of a hyperbolic neural network. By using uncertainty, HypAD may assess whether it is certain about the input signal but it fails to reconstruct it because this is anomalous; or whether the reconstruction error does not necessarily imply anomaly, as the model is uncertain, e.g. a complex but regular input signal. The novel key idea is that a detectable anomaly is one where the model is certain but it predicts wrongly. HypAD outperforms the current state-of-the-art for univariate anomaly detection on established benchmarks based on data from NASA, Yahoo, Numenta, Amazon, and Twitter. It also yields state-of-the-art performance on a multivariate dataset of anomaly activities in elderly home residences, and it outperforms the baseline on SWaT. Overall, HypAD yields the lowest false alarms at the best performance rate, thanks to successfully identifying detectable anomalies.

Machine Learning,Computer Vision and Pattern Recognition