Shiming He,Qingqing Guo,Genxin Li,Kun Xie,Pradip Kumar Sharma

DOI: https://doi.org/10.1109/tim.2024.3493890

IF: 5.6

2024-12-11

IEEE Transactions on Instrumentation and Measurement

Abstract:Multivariate time series anomaly detection (MTSAD) plays a crucial role in the Internet of Things (IoT), identifying device malfunction or system attacks. Graph neural networks (GNNs) are widely applied in MTSAD to capture the spatial features among sensors. However, GNN requires an explicit graph structure and cannot work when spatial relationships are lacking or sensor dependencies are unknown. Hence, graph structure learning (GSL) emerges as a promising solution, which learns graph structures with the downstream tasks without requiring spatial relationships. However, a general cascade effect occurs in the industrial scene. Moreover, an attack event changes sensor data sequentially instead of simultaneously due to the multiple serial process that occurs (i.e., delay correlation). Existing GSL-based anomaly detection methods fail to tackle delay correlation and focus on low prediction errors. However, the low prediction error distribution is always dispersed, making it difficult to differentiate between normal and abnormal samples based on a threshold. Therefore, we propose an MTSAD based on multiple spatiotemporal graph convolution (MSTGAD). MSTGAD uses dynamic time warping (DTW) distance as prior knowledge instead of Euclidean, guiding graph learning to capture delay correlations effectively. MSTGAD designs an ensemble predictor, which uses two subpredictors with a shared and learnable graph to ensure high prediction accuracy while maintaining stable anomaly scores. Furthermore, we conduct extensive experiments to evaluate the MSTGAD method's effectiveness. Our method outperforms existing GSL-based methods in anomaly detection on four publicly available real-world datasets, demonstrating our proposed approach's effectiveness. Compared with the best GSL-based method, MSTGAD achieves an additional 0.83% improvement on average.

engineering, electrical & electronic,instruments & instrumentation

Shiming He,Qingqing Guo,Genxin Li,Kun Xie,Pradip Kumar Sharma

DOI: https://doi.org/10.1109/tim.2024.3493890

IF: 5.6

2024-01-01

IEEE Transactions on Instrumentation and Measurement

Abstract:Multivariate time series anomaly detection (MTSAD) plays a crucial role in the Internet of things (IoT), identifying device malfunction or system attacks. Graph neural networks (GNNs) are widely applied in MTSAD to capture the spatial features among sensors. However, GNN requires an explicit graph structure and cannot work when spatial relationships are lacking or sensor dependencies are unknown. Hence, graph structure learning (GSL) emerges as a promising solution, which learns graph structures with the downstream tasks without requiring spatial relationships. However, a general cascade effect occurs in the industrial scene. Moreover, an attack event changes sensor data sequentially instead of simultaneously due to the multiple serial process that occur (i.e., delay correlation). Existing GSL-based anomaly detection methods fail to tackle delay correlation and focus on low prediction errors. However, the low prediction error distribution is always dispersed, making it difficult to differentiate between normal and abnormal samples based on a threshold. Therefore, we propose a multivariate time series anomaly detection based on multiple spatio-temporal graph convolution (MSTGAD). MSTGAD utilizes dynamic time warping distance as prior knowledge instead of Euclidean, guiding graph learning to capture delay correlations effectively. MSTGAD designs an ensemble predictor, which utilizes two sub-predictors with a shared and learnable graph to ensure high prediction accuracy while maintaining stable anomaly scores. Furthermore, we conduct extensive experiments to evaluate the MSTGAD method’s effectiveness. Our method outperforms existing GSL-based methods in anomaly detection on four publicly available real-world datasets, demonstrating our proposed approach’s effectiveness. Compared with the best GSL-based method, MSTGAD achieves an additional 0.83% improvement on average.

Mayra Alexandra Macas Carrasco,Chunming Wu

DOI: https://doi.org/10.1109/icmla.2019.00212

2019-01-01

Abstract:Current Cyber-Physical Systems (CPSs) are sophisticated, complex, and equipped with networked sensors and actuators. As such, they have become further exposed to cyber-attacks. Recent catastrophic events have demonstrated that standard, human-based management of anomaly detection in complex systems is not efficient enough and have underlined the significance of automated detection, intelligent and rapid response. Nevertheless, existing anomaly detection frameworks usually are not capable of dealing with the dynamic and complicated nature of the CPSs. In this study, we introduce an unsupervised framework for anomaly detection based on an Attention-based Spatio-Temporal Autoencoder. In particular, we first construct statistical correlation matrices to characterize the system status across different time steps. Next, a 2D convolutional encoder is employed to encode the patterns of the correlation matrices, whereas an Attention-based Convolutional LSTM Encoder-Decoder (ConvLSTM-ED) is used to capture the temporal dependencies. More precisely, we introduce an input attention mechanism to adaptively select the most significant input features at each time step. Finally, the 2D convolutional decoder reconstructs the correlation matrices. The differences between the reconstructed correlation matrices and the original ones are used as indicators of anomalies. Extensive experimental analysis on data collected from all six stages of Secure Water Treatment (SWaT) testbed, a scaled-down version of a real-world industrial water treatment plant, demonstrates that the proposed model outperforms the state-of-the-art baseline techniques.

Haili Sun,Yan Huang,Lansheng Han,Cai Fu,Chunjie Zhou

2024-03-05

Abstract:Accurate detection and diagnosis of abnormal behaviors such as network attacks from multivariate time series (MTS) are crucial for ensuring the stable and effective operation of industrial cyber-physical systems (CPS). However, existing researches pay little attention to the logical dependencies among system working states, and have difficulties in explaining the evolution mechanisms of abnormal signals. To reveal the spatio-temporal association relationships and evolution mechanisms of the working states of industrial CPS, this paper proposes a fine-grained adaptive anomaly diagnosis method (i.e. MAD-Transformer) to identify and diagnose anomalies in MTS. MAD-Transformer first constructs a temporal state matrix to characterize and estimate the change patterns of the system states in the temporal dimension. Then, to better locate the anomalies, a spatial state matrix is also constructed to capture the inter-sensor state correlation relationships within the system. Subsequently, based on these two types of state matrices, a three-branch structure of series-temporal-spatial attention module is designed to simultaneously capture the series, temporal, and space dependencies among MTS. Afterwards, three associated alignment loss functions and a reconstruction loss are constructed to jointly optimize the model. Finally, anomalies are determined and diagnosed by comparing the residual matrices with the original matrices. We conducted comparative experiments on five publicly datasets spanning three application domains (service monitoring, spatial and earth exploration, and water treatment), along with a petroleum refining simulation dataset collected by ourselves. The results demonstrate that MAD-Transformer can adaptively detect fine-grained anomalies with short duration, and outperforms the state-of-the-art baselines in terms of noise robustness and localization performance.

Machine Learning,Artificial Intelligence,Cryptography and Security,Networking and Internet Architecture,Systems and Control

Zhiqiang Geng,Zhen Zhang,Yongming Han

DOI: https://doi.org/10.1109/TII.2023.3347000

IF: 12.3

2024-04-01

IEEE Transactions on Industrial Informatics

Abstract:Multivariate time series anomaly detection plays an important role for the safe operation of industrial devices and systems. At present, many effective methods have the major limitation that the changes in information propagation between variables are not considered when anomalies occur. Therefore, this article proposes a novel graph structure change-based anomaly detection on multivariate time series (GSC-MAD). First, a stable graph structure under normal conditions is obtained and a single-step prediction for all variables is achieved from a high-dimensional time-series embedding representation learned from the normal data. Then, anomaly detection is achieved by combining the variable behavior deviation reflected by prediction errors and the information propagation deviation between variables reflected by GSC. Extensive experiments on five real-world benchmarks are conducted to demonstrate the effectiveness of the proposed method and compared with current state-of-the-art (SOTA) baselines, a relative improvement of 6.64% on the average F1 is achieved. Moreover, an actual chemical industrial case is provided to verify the effect of the GSC-MAD and a relative improvement of 4.03% is achieved on the F1 metric compared with SOTA baselines. Comparison experiment results show that the proposed method achieves the SOTA results in terms of current baselines. Further experiment analysis shows the good interpretability of the proposed method for detected anomalies.

Computer Science,Engineering

Siwei Guan,Zhiwei He,Shenhui Ma,Mingyu Gao

DOI: https://doi.org/10.1016/j.cose.2024.103877

IF: 5.105

2024-04-28

Computers & Security

Abstract:Effective anomaly detection in multivariate time series (MTS) is very essential for modern complex physical equipment. A single anomaly in physical equipment can cause a series of failures due to fault propagation. Therefore, the equipment need to be comprehensively monitored by an anomaly detection system to ensure its health. However, given the rise in the size and complexity of the physical equipment, the number of sensors required to infer its health status has increased dramatically, and the complex temporal and spatial dependencies in sensors are difficult to capture. Aiming at the problem, this paper proposes a MTS anomaly detection algorithm called VSAD, which is based on spatial–temporal graph networks and variational autoencoder (VAE). It employs spatial–temporal graph networks to learn complex temporal and spatial dependencies in MTS. Moreover, its VAE architecture enables it to learn data distribution patterns in an unsupervised manner and its threshold are determined by an automatic threshold selection strategy. Finally, experimental results conducted on six publicly available benchmark datasets show that VSAD outperforms state-of-the-art methods for anomaly detection, with an average F1 scores improvement of about 7%.

computer science, information systems

Jun Zhan,Siqi Wang,Xiandong Ma,Chengkun Wu,Canqun Yang,Detian Zeng,Shilin Wang

DOI: https://doi.org/10.1109/icassp43922.2022.9747274

2022-01-01

Abstract:Anomaly detection in multivariate time series data is challenging due to complex temporal and feature correlations. This paper proposes a novel unsupervised multi-scale stacked spatial-temporal graph attention network for multivariate time series anomaly detection (STGAT-MAD). The core of our framework is to coherently capture the feature and temporal correlations among multivariate time-series data by stackable STGAT networks. Meanwhile, a multi-scale input network is exploited to capture the temporal correlations in different time-scales. Besides, a new dataset derived from a real-world wind farm is built and released for multivariate time series anomaly detection. Experiments on the proprietary dataset and three public datasets show that our method significantly outperforms existing baseline approaches, and provides interpretability for anomaly location.

Chaoyue Ding,Shiliang Sun,Jing Zhao

DOI: https://doi.org/10.1016/j.inffus.2022.08.011

2023-10-17

Abstract:Multimodal time series (MTS) anomaly detection is crucial for maintaining the safety and stability of working devices (e.g., water treatment system and spacecraft), whose data are characterized by multivariate time series with diverse modalities. Although recent deep learning methods show great potential in anomaly detection, they do not explicitly capture spatial-temporal relationships between univariate time series of different modalities, resulting in more false negatives and false positives. In this paper, we propose a multimodal spatial-temporal graph attention network (MST-GAT) to tackle this problem. MST-GAT first employs a multimodal graph attention network (M-GAT) and a temporal convolution network to capture the spatial-temporal correlation in multimodal time series. Specifically, M-GAT uses a multi-head attention module and two relational attention modules (i.e., intra- and inter-modal attention) to model modal correlations explicitly. Furthermore, MST-GAT optimizes the reconstruction and prediction modules simultaneously. Experimental results on four multimodal benchmarks demonstrate that MST-GAT outperforms the state-of-the-art baselines. Further analysis indicates that MST-GAT strengthens the interpretability of detected anomalies by locating the most anomalous univariate time series.

Machine Learning,Artificial Intelligence

Haili Sun,Yan Huang,Lansheng Han,Cai Fu,Hongle Liu,Xiang Long

DOI: https://doi.org/10.1016/j.cose.2023.103570

2023-11-04

Abstract:Deep generative models are promising in detecting novel cyber-physical attacks, mitigating the vulnerability of Cyber-physical systems (CPSs) without relying on labeled information. Nonetheless, these generative models face challenges in identifying attack behaviors that closely resemble normal data, or deviate from the normal data distribution but are in close proximity to the manifold of the normal cluster in latent space. To tackle this problem, this article proposes a novel unsupervised dual variational generative adversarial model named MST-DVGAN, to perform anomaly detection in multivariate time series data for CPS security. The central concept is to enhance the model's discriminative capability by widening the distinction between reconstructed abnormal samples and their normal counterparts. Specifically, we propose an augmented module by imposing contrastive constraints on the reconstruction process to obtain a more compact embedding. Then, by exploiting the distribution property and modeling the normal patterns of multivariate time series, a variational autoencoder is introduced to force the generative adversarial network (GAN) to generate diverse samples. Furthermore, two augmented loss functions are designed to extract essential characteristics in a self-supervised manner through mutual guidance between the augmented samples and original samples. Finally, a specific feature center loss is introduced for the generator network to enhance its stability. Empirical experiments are conducted on three public datasets, namely SWAT, WADI and NSL_KDD. Comparing with the state-of-the-art methods, the evaluation results show that the proposed MTS-DVGAN is more stable and can achieve consistent performance improvement.

Cryptography and Security,Artificial Intelligence,Systems and Control

Zhilei Zhao,Zhao Xiao,Jie Tao

DOI: https://doi.org/10.3390/s24227218

IF: 3.9

2024-11-12

Sensors

Abstract:A large number of sensors are typically installed in industrial plants to collect real-time operational data. These sensors monitor data with time series correlation and spatial correlation over time. In previous studies, GNN has built many successful models to deal with time series data, but most of these models have fixed perspectives and struggle to capture the dynamic correlations in time and space simultaneously. Therefore, this paper constructs a multi-scale dynamic graph neural network (MSDG) for anomaly detection in industrial sensor data. First, a multi-scale sliding window mechanism is proposed to input different scale sensor data into the corresponding network. Then, a dynamic graph neural network is constructed to capture the spatial–temporal dependencies of multivariate sensor data. Finally, the model comprehensively considers the extracted features for sequence reconstruction and utilizes the reconstruction errors for anomaly detection. Experiments have been conducted on three real public datasets, and the results show that the proposed method outperforms the mainstream methods.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qiucheng Miao,Dandan Wang,Chuanfu Xu,Jun Zhan,Chengkun Wu

DOI: https://doi.org/10.1109/jsen.2024.3383665

IF: 4.3

2024-01-01

IEEE Sensors Journal

Abstract:Anomaly detection of multivariate time series is critical in many applications. However, traditional statistical and machine learning models have limitations in modeling complex temporal dependencies and inter-sensor correlations. To address these limitations, graph neural networks (GNNs) have emerged as a powerful paradigm and have shown promising progress in anomaly detection. However, most existing GNN-based methods simplify sensor associations as fully connected graphs, contradicting real-world sparse connectivity. Moreover, while capturing intersensor dependencies, GNNs often overlook critical temporal dependencies in time series. To address these challenges, we propose an unsupervised long- and short-term sparse graph attention (LSGA) neural network. Specifically, we first use convolutional neural networks (CNNs) and skip-gate recurrent units (skip-GRUs) to extract local dependencies and long-term trends. Skip-GRU with time-skip connections effectively extends the span of information flow compared to traditional GRU. Due to the unknown graph structure between different sensors, we utilize node embedding to calculate the similarity between sensors and subsequently generate a dense similarity matrix. Then, we use the Gumbel-softmax sampling method to transform the similarity matrix into a sparse graph structure. To effectively fuse information from different sensors, we introduce a graph attention network (GAT), which can learn the relationships between sensors and dynamically fuse information based on the similarity of node embedding vectors. By means of sparse representation, we selectively focus on the information fusion of the sensors that have the greatest impact on themselves, thereby filtering out connections with low similarity between nodes and effectively removing redundant association information. Finally, we demonstrate with extensive experiments that our proposed method outperforms several state-of-the-art baseline methods in achieving better results on all four real datasets, improving average F1 by 0.97%, 7.7%, 1.92%, and 1.8%.

Junpeng Bao,Han Gao,Chengpu Zhang,Wentao Jia,Junzhe Gao,Tongzhi Yang

DOI: https://doi.org/10.1007/978-3-031-63223-5_18

2024-01-01

Abstract:Anomaly detection for multivariate time series data is of great significance for practical applications. The existing anomaly detection methods mainly adopt a fixed length sliding window to extract data features and perform deep learning training. However, a single fixed length window of data makes it difficult to simultaneously detect anomalies in different scale, such as small-scale point anomalies and large-scale contextual anomalies. Additionally, the patterns in multivariate time series data may be more complex and diverse. This paper proposes an unsupervised multi-scale model for multivariate time series anomaly detection (MMTSAD) to address the above problem. We downsample the original data to obtain coarse-grained and fine-grained sequences in different scales, and design two autoencoder modules based on attentionmechanism to learn time series patterns at different scales. In addition, we introduce a GAT module in the coarse-grained autoencoder to capture the correlation between different variables. At the detection stage, we propose an anomaly score fusion method to comprehensively fuse the anomaly scores from different scale models. We conduct experiments on five real-world public datasets. The results show that MMTSAD outperforms most existing models.

Yunfei Shi,Bin Wang,Yanwei Yu,Xianfeng Tang,Chao Huang,Junyu Dong

DOI: https://doi.org/10.1016/j.knosys.2023.110725

IF: 8.139

2023-01-01

Knowledge-Based Systems

Abstract:Anomaly detection on multivariate time series (MTS) is of great importance in both data mining research and industrial applications. While a handful of anomaly detection models are developed for MTS data, most of them either ignore the potential correlations between different variables or overlook the different importance of variables at each time period in MTS, which leads to poor accuracy in anomaly detection. In this paper, we propose a novel unsupervised MUltivariate Time series ANomaly deTection framework (MUTANT), which simultaneously models the correlations between variables and the importance of variables at each time period. Specifically, we construct a feature graph for variables in each time window and perform graph convolutional network (GCN) to learn embeddings for all variables, which effectively captures the time-varying correlations between variables in MTS. Then, we propose an attention-based reconstruction model to learn robust latent representations to capture normal patterns of MTS by modeling the importance of variables based on time dependencies along with time dimension. Our evaluation experiments are conducted on four real-life datasets from different industrial domains. Experimental results show that MUTANT significantly outperforms state-of-the-art MTS anomaly detection methods, achieving an average anomaly detection F1-score higher than 0.96. The source code is available at https://github.com/Coac-syf/MUTANT.

Qian Yang,Jiaming Zhang,Junjie Zhang,Cailing Sun,Shanyi Xie,Shangdong Liu,Yimu Ji

DOI: https://doi.org/10.3390/electronics13112032

IF: 2.9

2024-05-24

Electronics

Abstract:Cyber–physical systems (CPSs) serve as the pivotal core of Internet of Things (IoT) infrastructures, such as smart grids and intelligent transportation, deploying interconnected sensing devices to monitor operating status. With increasing decentralization, the surge in sensor devices expands the potential vulnerability to cyber attacks. It is imperative to conduct anomaly detection research on the multivariate time series data that these sensors produce to bolster the security of distributed CPSs. However, the high dimensionality, absence of anomaly labels in real-world datasets, and intricate non-linear relationships among sensors present considerable challenges in formulating effective anomaly detection algorithms. Recent deep-learning methods have achieved progress in the field of anomaly detection. Yet, many methods either rely on statistical models that struggle to capture non-linear relationships or use conventional deep learning models like CNN and LSTM, which do not explicitly learn inter-variable correlations. In this study, we propose a novel unsupervised anomaly detection method that integrates Sparse Autoencoder with Graph Transformer network (SGTrans). SGTrans leverages Sparse Autoencoder for the dimensionality reduction and reconstruction of high-dimensional time series, thus extracting meaningful hidden representations. Then, the multivariate time series are mapped into a graph structure. We introduce a multi-head attention mechanism from Transformer into graph structure learning, constructing a Graph Transformer network forecasting module. This module performs attentive information propagation between long-distance sensor nodes and explicitly models the complex temporal dependencies among them to enhance the prediction of future behaviors. Extensive experiments and evaluations on three publicly available real-world datasets demonstrate the effectiveness of our approach.

engineering, electrical & electronic,computer science, information systems,physics, applied

Liwen Zhou,Qingkui Zeng,Bo Li

DOI: https://doi.org/10.1109/access.2022.3167640

IF: 3.9

2022-01-01

IEEE Access

Abstract:In the real world, a large number of multivariate time series data are generated by Internet of Things systems, which are composed of many connected sensing devices. Therefore, it is impractical to consider only a single univariate time series for decision-making. High-dimensional time series decrease the performance of traditional anomaly detection methods. Moreover, many previously developed methods capture temporal correlations instead of spatial correlations. Therefore, it is necessary to learn the temporal and spatial correlations between different time series and timestamps. In this paper, to achieve improved anomaly detection performance for multivariate time series, we propose a novel architecture based on a graph attention network (GAT) with multihead dynamic attention (MDA). This framework simultaneously learns the dependencies between sensors in both the temporal and spatial dimensions. To tackle the overfitting problem in autoencoder (AE)-based methods, we propose a hybrid approach that combines a novel generative adversarial network (GAN) architecture as a reconstruction model with a multilayer perceptron (MLP) as a prediction-based model to detect anomalies together. The detection framework proposed in this paper is called the HAD-multihead dynamic GAT (MDGAT). Extensive experiments on different public benchmarks demonstrate the superior performance of HAD-MDGAT over state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuanyi Wang,Haifeng Sun,Chengsen Wang,Mengde Zhu,Jingyu Wang,Wei Tang,Qi Qi,Zirui Zhuang,Jianxin Liao

2024-10-11

Abstract:Anomaly detection in multivariate time series (MTS) is crucial for various applications in data mining and industry. Current industrial methods typically approach anomaly detection as an unsupervised learning task, aiming to identify deviations by estimating the normal distribution in noisy, label-free datasets. These methods increasingly incorporate interdependencies between channels through graph structures to enhance accuracy. However, the role of interdependencies is more critical than previously understood, as shifts in interdependencies between MTS channels from normal to anomalous data are significant. This observation suggests that \textit{anomalies could be detected by changes in these interdependency graph series}. To capitalize on this insight, we introduce MADGA (MTS Anomaly Detection via Graph Alignment), which redefines anomaly detection as a graph alignment (GA) problem that explicitly utilizes interdependencies for anomaly detection. MADGA dynamically transforms subsequences into graphs to capture the evolving interdependencies, and Graph alignment is performed between these graphs, optimizing an alignment plan that minimizes cost, effectively minimizing the distance for normal data and maximizing it for anomalous data. Uniquely, our GA approach involves explicit alignment of both nodes and edges, employing Wasserstein distance for nodes and Gromov-Wasserstein distance for edges. To our knowledge, this is the first application of GA to MTS anomaly detection that explicitly leverages interdependency for this purpose. Extensive experiments on diverse real-world datasets validate the effectiveness of MADGA, demonstrating its capability to detect anomalies and differentiate interdependencies, consistently achieving state-of-the-art across various scenarios.

Machine Learning,Databases,Information Retrieval,Multimedia

Kang Xu,Yuan Li,Yixuan Li,Liyan Xu,Ruiyao Li,Zhenjiang Dong

DOI: https://doi.org/10.3390/s23177552

IF: 3.9

2023-08-31

Sensors

Abstract:Anomaly detection has been widely used in grid operation and maintenance, machine fault detection, and so on. In these applications, the multivariate time-series data from multiple sensors with latent relationships are always high-dimensional, which makes multivariate time-series anomaly detection particularly challenging. In existing unsupervised anomaly detection methods for multivariate time series, it is difficult to capture the complex associations among multiple sensors. Graph neural networks (GNNs) can model complex relations in the form of a graph, but the observed time-series data from multiple sensors lack explicit graph structures. GNNs cannot automatically learn the complex correlations in the multivariate time-series data or make good use of the latent relationships among time-series data. In this paper, we propose a new method—masked graph neural networks for unsupervised anomaly detection (MGUAD). MGUAD can learn the structure of the unobserved causality among sensors to detect anomalies. To robustly learn the temporal context from adjacent time points of time-series data from the same sensor, MGUAD randomly masks some points of the time-series data from the sensor and reconstructs the masked time points. Similarly, to robustly learn the graph-level context from adjacent nodes or edges in the relation graph of multivariate time series, MGUAD masks some nodes or edges in the graph under the framework of a GNN. Comprehensive experiments are conducted on three public datasets. According to the experimental findings, MGUAD outperforms state-of-the-art anomaly detection methods.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shiming He,Genxin Li,Kun Xie,Pradip Kumar Sharma

DOI: https://doi.org/10.1109/tifs.2024.3459631

IF: 7.231

2024-10-02

IEEE Transactions on Information Forensics and Security

Abstract:Multivariate time series anomaly detection (MTSAD) plays a crucial role in the Internet of Things (IoT) to identify device malfunction or system attacks. Graph neural networks (GNN) are widely applied in MTSAD to capture the spatial features among sensors. However, GNNs depend on a graph structure and explicit graph structures are not always available. To solve the problem of missing explicit graph structure, graph structure learning is introduced to learn an accurate graph structure joint with a GNNs-based anomaly detection task. However, the existing GSL-based methods provide only a partial view of the graph structure and cannot represent multiple and complex relationships. The noise of data also brings noisy edges. Therefore, we propose a fusion graph structure learning-based multivariate time-series anomaly detection with structured prior knowledge (FuGLAD). To the best of our knowledge, it appears to be the first application of fusion graphs in time series anomaly detection. FuGLAD selects three kinds of typical graph structure learners to learn as many relationship types among sensors as possible and exploits the prior similarity to evaluate the importance of all learned graphs and adaptively learn the fusion weight instead of the direct average weight. To handle noise in raw data, FuGLAD compares the neighbors of nodes by Jaccard similarity to identify and remove the noisy edges in the prior graph. Extensive experiments demonstrate that our approach outperforms state-of-the-art single-graph structure learning techniques in detection performance across four public and real-world datasets.

computer science, theory & methods,engineering, electrical & electronic

Zefei Ning,Zhuolun Jiang,Hao Miao,Li Wang

DOI: https://doi.org/10.1007/978-3-031-25158-0_29

2023-01-01

Abstract:Anomaly detection in time is an important task in many applications. Sensors are deployed in the industrial site to monitor the condition of different attributes or different places in real time, which generate multivariate time series. Recently, many methods were proposed to detect anomalies with multivariate time series, but they focused on the sequence attributes or spatial and temporal correlation, ignoring the characteristic of single sensor time series. In this paper, we propose a novel model MST-GNN that builds each sensor representation from Multi-Scale Temporal (MST) view, and use Graph Neural Network to mine their latent correlation to improve the performance of anomaly detection. In the MST representation, shapelets learning is introduced to extract its distinguishing features, a recurrent-skip neural network is used to extract the local temporal dependence relationship, and the raw data retains the original features of time series. These three features are fused to form the multi-scale temporal-enhanced features. Subsequently, the graph neural network is adopted to capture the potential interdependencies between multivariate time series and obtain the optimal representation of time series. Finally, bias assessment and anomaly detection are carried out. Extensive experiments on real-world datasets show that MST-GNN outperforms other state-of-the-art methods consistently, which provides an effective solution for anomaly detection in multivariate time series.

Jun Kong,Kang Wang,Min Jiang,Xuefeng Tao

DOI: https://doi.org/10.1007/s13042-024-02482-z

2024-12-08

International Journal of Machine Learning and Cybernetics

Abstract:The graph neural network-based model aims to explore the interaction patterns between sequences in multivariate time series anomaly detection. Current approach pursues learning more accurate graph structures. However, in reconstruction-based models, these methods often overlook the over-generalization of graph structure learning, leading to abnormal over-reconstruction. In addition, the increase in the number of graph convolutional layers can also lead to over-smoothing of information. To address these issues, we propose a graph matching learning model for multivariate time series anomaly detection, named GMAD. Firstly, to alleviate graph structure learning over-generalization, the interaction pattern pool is designed to store the representative graph structure, which is used for matching and selecting representative node interaction patterns during the testing phase. The matching degree is also used to calculate the anomaly score. Secondly, a gated selection mechanism is introduced to adaptive preserve raw node information, so as to avoid the over-smoothing of node features. Finally, experimental studies on four real-world datasets show that our method outperforms several existing competitive baselines.

computer science, artificial intelligence