Xianbo Zhang,Chao Wang,Jing Zhang,Feng Lin,Zezhou Li

DOI: https://doi.org/10.1109/ddcls55054.2022.9858500

2022-01-01

Abstract:The multivariate time series (MTS) is observed in various fields nowadays so as to monitor the operating status of equipment like server machines, satellites, engines, etc. Tasks like anomaly detection and anomaly pattern classification of MTS, accordingly, are of great importance to fault warning and system stability. Data-driven methods are increasingly becoming prevailing regarding these problems with a huge amount of input information. In this paper, we propose a new architecture where MTS is processed as images and fed into an attention-based CNN-LSTM network (AC-LSTM). CNN-LSTM network is responsible for extracting both spatial and temporal features among and within each dimension of MTS, while the modified attention mechanism helps promote reasonable weight allocations without the introduction of additional parameters. The proposed model firstly gives the result of anomaly detection and makes a further decision on anomaly classifications if the input is detected as an abnormal one. With the modified attention mechanism and the cooperation of CNN and LSTM, experiments on both public datasets and the operation data collected from real-world applications prove the effectiveness and promotion of the proposed model.

Xianbo Zhang,Jing Zhang,Chao Wang,Feng Lin,Zezhou Li

DOI: https://doi.org/10.1109/icsp54964.2022.9778305

2022-01-01

Abstract:Anomaly detection of multivariate time series has been an active research topic for decades owing to the broad application of time series in various fields including e-commerce, smart city, robotic systems, etc. Accurate detection is therefore of great importance to the operational stability of a system or corporation. In this paper, we propose a new model composed of convolutional neural networks and a modified attention mechanism. Snapshot pictures of multivariate time series are adopted as the input for convolutional process. Convolutional blocks are responsible for spatial information extraction. And the modified attention mechanism can well assign weights to input segments since this mechanism emphasizes important sequences while depressing irrelevant segments. The comparison work with multiple baselines is carried out on datasets collected from the public archive and real world. Experimental results of multiple evaluation metrics prove that our model not only obtains higher accuracy but also gains a better recall rate.

Di Ge,Yuhang Cheng,Shuangshuang Cao,Yanmei Ma,Yanwen Wu

DOI: https://doi.org/10.1007/s40747-023-01306-x

IF: 6.7

2024-01-06

Complex & Intelligent Systems

Abstract:Abstract The detection of anomalies in high-dimensional time-series has always played a crucial role in the domain of system security. Recently, with rapid advancements in transformer model and graph neural network (GNN) technologies, spatiotemporal modeling approaches for anomaly detection tasks have been greatly improved. However, most methods focus on optimizing upstream time-series prediction tasks by leveraging joint spatiotemporal features. Through experiments, we found that this modeling approach not only risks the loss of some original anomaly information during data preprocessing, but also focuses on optimizing the performance of the upstream prediction task and does not directly enhance the performance of the downstream detection task. We propose a spatiotemporal anomaly detection model that incorporates an improved attention mechanism in the process of temporal modeling. We adopt a heterogeneous graph contrastive learning approach in spatio modeling to compensate for the representation of anomalous behavioral information, thereby guiding the model through thorough training. Through validation on two widely used real-world datasets, we demonstrate that our model outperforms baseline methods. We also explore the impact of multivariate time-series prediction tasks on the detection task, and visualize the reasons behind the benefits gained by our model.

computer science, artificial intelligence

Pengfei Han,Huakang Li,Gang Xue,Chao Zhang

DOI: https://doi.org/10.1111/coin.12573

2023-04-23

Computational Intelligence

Abstract:Anomaly detection is a key step in ensuring the security and reliability of large‐scale distributed systems. Analyzing system logs through artificial intelligence methods can quickly detect anomalies and thus help maintenance personnel to maintain system security. Most of the current works only focus on the temporal or spatial features of distributed system logs, and they cannot sufficiently extract the global features of distributed system logs to achieve a good correct rate of anomaly detection. To further address the shortcomings of existing methods, this paper proposes a deep learning model with global spatiotemporal features to detect the presence of anomalies in distributed system logs. First, we extract semi‐structured log events from log templates and model them as natural language. In addition, we focus on the temporal characteristics of logs using the bidirectional long short‐term memory network and the spatial invocation characteristics of logs using the Transformer. Extensive experimental evaluations show the advantages of our proposed model for distributed system log anomaly detection tasks. The optimal F1‐Score on three open‐source datasets and our own collected distributed system datasets reach 98.04%, 94.34%, 88.16%, and 97.40%, respectively.

computer science, artificial intelligence

Rui Wang,Jiayao Li

DOI: https://doi.org/10.5755/j01.itc.53.1.34254

IF: 0.813

2024-03-22

Information Technology And Control

Abstract:Anomaly detection aims at detecting the data instances that deviate from the majority of data, and it is widely used in various fields for its ability to ensure the quality of the overall data. However, traditional anomaly detection methods face the problems such as low efficiency due to high data complexity and lack of data labels. At the same time, most methods only learn the forward features of time-series data, while lacking attention to the reverse features. For these disadvantages, this paper designs an anomaly detection approach called BiTCN-MHA based on the bidirectional temporal convolutional network (BiTCN) and multi-head attention (MHA) mechanism, which learns the features of anomalous data by capturing the forward and reverse temporal features in the time-series data, as well as solves the problems of feature information overload and neuron “death” by using MHA mechanism and ELU activation function, respectively, thereby quickly and accurately detecting anomalous data. Extensive experiments on six public datasets show that compared with eight state-of-the-arts, the proposed BiTCN-MHA method can improve the precision, recall, AUC and F1-Score by about 6.10%, 10.16%, 4.06% and 8.50%, respectively, especially having better detection performance on small time-series data.

computer science, information systems,automation & control systems, artificial intelligence

Ling-rui Yu,Qiu-hong Lu,Yang Xue

DOI: https://doi.org/10.1016/j.knosys.2024.111849

IF: 8.139

2024-04-26

Knowledge-Based Systems

Abstract:Anomaly detection techniques enable effective anomaly detection and diagnosis in multi-variate time series data, which are of major significance for today's industrial applications. However, establishing an anomaly detection system that can be rapidly and accurately located is a challenging problem due to the lack of anomaly labels, the high dimensional complexity of the data, memory bottlenecks in actual hardware, and the need for fast reasoning. In this paper, we propose an anomaly detection and diagnosis model, DTAAD, based on Transformer and Dual Temporal Convolutional Network (TCN). Our overall model is an integrated design in which an autoregressive model (AR) combines with an autoencoder (AE) structure. Scaling methods and feedback mechanisms are introduced to improve prediction accuracy and expand correlation differences. Constructed by us, the Dual TCN-Attention Network (DTA) uses only a single layer of Transformer encoder in our baseline experiment, belonging to an ultra-lightweight model. Our extensive experiments on seven public datasets validate that DTAAD exceeds the majority of currently advanced baseline methods in both detection and diagnostic performance. Specifically, DTAAD improved F1 scores by 8.38% and reduced training time by 99% compared to the baseline. The code and training scripts are publicly available on GitHub at https://github.com/Yu-Lingrui/DTAAD .

computer science, artificial intelligence

Guoying Wang,Jiafeng Ai,Lufeng Mo,Xiaomei Yi,Peng Wu,Xiaoping Wu,Linjun Kong

DOI: https://doi.org/10.3390/drones7050326

IF: 5.532

2023-05-19

Drones

Abstract:Anomaly detection has an important impact on the development of unmanned aerial vehicles, and effective anomaly detection is fundamental to their utilization. Traditional anomaly detection discriminates anomalies for single-dimensional factors of sensing data, which often performs poorly in multidimensional data scenarios due to weak computational scalability and the problem of dimensional catastrophe, ignoring potential correlations between sensing data and some important information of certain characteristics. In order to capture the correlation of multidimensional sensing data and improve the accuracy of anomaly detection effectively, GTAF, an anomaly detection model for multivariate sequences based on an improved graph neural network with a transformer, a graph attention mechanism and a multi-channel fusion mechanism, is proposed in this paper. First, we added a multi-channel transformer structure for intrinsic pattern extraction of different data. Then, we combined the multi-channel transformer structure with GDN’s original graph attention network (GAT) to attain better capture of features of time series, better learning of dependencies between time series and hence prediction of future values of adjacent time series. Finally, we added a multi-channel data fusion module, which utilizes channel attention to integrate global information and upgrade anomaly detection accuracy. The results of experiments show that the average accuracies of GTAF, the anomaly detection model proposed in this paper, are 92.83% and 96.59% on two datasets from unmanned systems, respectively, which has higher accuracy and computational efficiency compared with other methods.

Weixuan Xiong,Peng Wang,Xiaochen Sun,Jun Wang

DOI: https://doi.org/10.1016/j.knosys.2024.111928

IF: 8.139

2024-05-14

Knowledge-Based Systems

Abstract:Anomaly detection in a multivariate time series using unsupervised methods presents a formidable challenge. The existing strategies focused on delineating intrinsic patterns over a temporal dimension and outputting a better representation of the input series. Generally, anomaly detecting model derives a criterion, which is mostly the distance between the representations and the original data, for distinguishing anomalies. Anomaly Transformer is a recent model that achieves substantial advancements by introducing its proprietary criterion of association discrepancy. This new criterion leverages the fact that time points focus on their adjacent neighbors if normal; however, they lose this characteristic if they are anomalous. Anomaly Transformer focuses only on the association between time points and neglects the association between the sensors. In addition, the association discrepancy calculated by the attention score between time points and Gaussian distribution can sometimes be insufficient. To achieve better performance, we propose a spatial information enhanced transformer (SiET), which is a novel paradigm that integrates graph neural networks into the original Anomaly Transformer framework, engendering a high-dimensional association discrepancy. Theoretical proofs are provided to verify the reliability of our model. Further, SiET achieved results comparable to the state-of-the-art results on five unsupervised time-series anomaly detection benchmarks.

computer science, artificial intelligence

Zekai Chen,Dingshuo Chen,Xiao Zhang,Zixuan Yuan,Xiuzhen Cheng

DOI: https://doi.org/10.1109/JIOT.2021.3100509

2022-01-18

Abstract:Many real-world IoT systems, which include a variety of internet-connected sensory devices, produce substantial amounts of multivariate time series data. Meanwhile, vital IoT infrastructures like smart power grids and water distribution networks are frequently targeted by cyber-attacks, making anomaly detection an important study topic. Modeling such relatedness is, nevertheless, unavoidable for any efficient and effective anomaly detection system, given the intricate topological and nonlinear connections that are originally unknown among sensors. Furthermore, detecting anomalies in multivariate time series is difficult due to their temporal dependency and stochasticity. This paper presented GTA, a new framework for multivariate time series anomaly detection that involves automatically learning a graph structure, graph convolution, and modeling temporal dependency using a Transformer-based architecture. The connection learning policy, which is based on the Gumbel-softmax sampling approach to learn bi-directed links among sensors directly, is at the heart of learning graph structure. To describe the anomaly information flow between network nodes, we introduced a new graph convolution called Influence Propagation convolution. In addition, to tackle the quadratic complexity barrier, we suggested a multi-branch attention mechanism to replace the original multi-head self-attention method. Extensive experiments on four publicly available anomaly detection benchmarks further demonstrate the superiority of our approach over alternative state-of-the-arts. Codes are available at <a class="link-external link-https" href="https://github.com/ZEKAICHEN/GTA" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Cryptography and Security,Systems and Control

Liwen Zhou,Qingkui Zeng,Bo Li

DOI: https://doi.org/10.1109/access.2022.3167640

IF: 3.9

2022-01-01

IEEE Access

Abstract:In the real world, a large number of multivariate time series data are generated by Internet of Things systems, which are composed of many connected sensing devices. Therefore, it is impractical to consider only a single univariate time series for decision-making. High-dimensional time series decrease the performance of traditional anomaly detection methods. Moreover, many previously developed methods capture temporal correlations instead of spatial correlations. Therefore, it is necessary to learn the temporal and spatial correlations between different time series and timestamps. In this paper, to achieve improved anomaly detection performance for multivariate time series, we propose a novel architecture based on a graph attention network (GAT) with multihead dynamic attention (MDA). This framework simultaneously learns the dependencies between sensors in both the temporal and spatial dimensions. To tackle the overfitting problem in autoencoder (AE)-based methods, we propose a hybrid approach that combines a novel generative adversarial network (GAN) architecture as a reconstruction model with a multilayer perceptron (MLP) as a prediction-based model to detect anomalies together. The detection framework proposed in this paper is called the HAD-multihead dynamic GAT (MDGAT). Extensive experiments on different public benchmarks demonstrate the superior performance of HAD-MDGAT over state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jasmin Bogatinovski,Sasho Nedelkoski

DOI: https://doi.org/10.48550/arXiv.2101.04977

IF: 5.414

2021-01-13

Machine Learning

Abstract:The multi-source data generated by distributed systems, provide a holistic description of the system. Harnessing the joint distribution of the different modalities by a learning model can be beneficial for critical applications for maintenance of the distributed systems. One such important task is the task of anomaly detection where we are interested in detecting the deviation of the current behaviour of the system from the theoretically expected. In this work, we utilize the joint representation from the distributed traces and system log data for the task of anomaly detection in distributed systems. We demonstrate that the joint utilization of traces and logs produced better results compared to the single modality anomaly detection methods. Furthermore, we formalize a learning task - next template prediction NTP, that is used as a generalization for anomaly detection for both logs and distributed trace. Finally, we demonstrate that this formalization allows for the learning of template embedding for both the traces and logs. The joint embeddings can be reused in other applications as good initialization for spans and logs.

Hang Zhao,Yujing Wang,Juanyong Duan,Congrui Huang,Defu Cao,Yunhai Tong,Bixiong Xu,Jing Bai,Jie Tong,Qi Zhang

DOI: https://doi.org/10.1109/icdm50108.2020.00093

2020-11-01

Abstract:Anomaly detection on multivariate time-series is of great importance in both data mining research and industrial applications. Recent approaches have achieved significant progress in this topic, but there is remaining limitations. One major limitation is that they do not capture the relationships between different time-series explicitly, resulting in inevitable false alarms. In this paper, we propose a novel self-supervised framework for multivariate time-series anomaly detection to address this issue. Our framework considers each univariate time-series as an individual feature and includes two graph attention layers in parallel to learn the complex dependencies of multivariate time-series in both temporal and feature dimensions. In addition, our approach jointly optimizes a forecasting-based model and a reconstruction-based model, obtaining better time-series representations through a combination of single-timestamp prediction and reconstruction of the entire time-series. We demonstrate the efficacy of our model through extensive experiments. The proposed method outperforms other state-of-the-art models on three real-world datasets. Further analysis shows that our method has good interpretability and is useful for anomaly diagnosis.

Yuxin Zhang,Yiqiang Chen,Jindong Wang,Zhiwen Pan

DOI: https://doi.org/10.48550/arXiv.2107.12626

IF: 14.4

2021-07-27

Artificial Intelligence

Abstract:Nowadays, multi-sensor technologies are applied in many fields, e.g., Health Care (HC), Human Activity Recognition (HAR), and Industrial Control System (ICS). These sensors can generate a substantial amount of multivariate time-series data. Unsupervised anomaly detection on multi-sensor time-series data has been proven critical in machine learning researches. The key challenge is to discover generalized normal patterns by capturing spatial-temporal correlation in multi-sensor data. Beyond this challenge, the noisy data is often intertwined with the training data, which is likely to mislead the model by making it hard to distinguish between the normal, abnormal, and noisy data. Few of previous researches can jointly address these two challenges. In this paper, we propose a novel deep learning-based anomaly detection algorithm called Deep Convolutional Autoencoding Memory network (CAE-M). We first build a Deep Convolutional Autoencoder to characterize spatial dependence of multi-sensor data with a Maximum Mean Discrepancy (MMD) to better distinguish between the noisy, normal, and abnormal data. Then, we construct a Memory Network consisting of linear (Autoregressive Model) and non-linear predictions (Bidirectional LSTM with Attention) to capture temporal dependence from time-series data. Finally, CAE-M jointly optimizes these two subnetworks. We empirically compare the proposed approach with several state-of-the-art anomaly detection methods on HAR and HC datasets. Experimental results demonstrate that our proposed model outperforms these existing methods.

Chen, Junfu

DOI: https://doi.org/10.1007/s10489-024-05395-0

IF: 5.3

2024-03-23

Applied Intelligence

Abstract:Sensors in complex industrial systems generate multivariate time series data, frequently leading to diverse abnormal patterns that pose challenges for detection. The existing multivariate abnormal detection methods may encounter difficulties when applied to datasets with low dimensions or sparse relationships between variables. To address these issues, this study proposes a two-stage adversarial Transformer-based anomaly detection method. On the one hand, an autoregressive temporal convolutional network component is embedded before the multi-head attention module to capture features encompassing long-term and local information. Besides, this component utilizes a trainable neural network instead of the vanilla Transformer's absolute position encoding, resulting in enhanced position information. On the other hand, the proposed two-stage adversarial learning strategy allows the model to effectively learn intricate multivariate data patterns via constraining latent space, thereby enhancing anomaly detection performance. Our method achieves F 1 scores of 0.9679, 0.7947, and 0.6452 on a real-world dataset and two public industrial sensor datasets, demonstrating superior overall anomaly detection performance compared to recent advanced works.

computer science, artificial intelligence

Keqi Liu,Yizhuo Guo,Anyi Zhang,Peng Xu

DOI: https://doi.org/10.1109/ICCC57788.2023.10233434

2023-08-10

Abstract:The integration of multiple sensors in industrial systems and subsequent anomaly detection based on the sensor-collected data has emerged as one of the most popular applications of the Internet of Things. Therefore, it is highly significant to conduct anomaly detection based on multi-source subsequence data. However, existing research either deals with anomaly detection for multi-source data fusion or anomaly detection for subsequences. In this paper, we propose a novel Anomaly Detection method based on multi-source subsequence multi-View data that overcomes the limitations of the existing methods. Specifically, we introduce an improved shape-based subsequence mapping method for the representation of multi-source subsequences, followed by a multi-view based feature fusion matrix construction method. Finally, we propose an anomaly scoring method based on property attribute fusion, which is the first of its kind to introduce a source importance factor that takes into account the importance of different data sources for adjusting the impact weight. Our experimental results demonstrate that the proposed method outperforms traditional anomaly detection methods.

Computer Science,Engineering

Qinghao Zhang,Miao Ye,Xiaofang Deng

DOI: https://doi.org/10.1080/09540091.2022.2078281

2022-06-16

Connection Science

Abstract:Anomaly detection is a critical technique that ensures the reliability of WSNs. However, most existing anomaly detectionmethods only consider the case of single modal data flow anomaly detection for each node or multiple modal time series data flowanomaly detection for a single node and do not consider the case of multiple nodes and multiple time series data flow simultaneously,and it limited the ability of anomaly detection. In this paper, a novel anomaly detection model is proposed for multimodal WSN data flows. First, the temporal features and modal correlation features extracted from each sensor node are fused into one vectorrepresentation, then it is further aggregated with the spatial features represented the spatial position relationship of the nodes; finally,the current time-series data of WSN nodes are predicted, and abnormal states are identified according to the fusion features. Thesimulation results obtained on a public dataset show that the proposed approach can significantly improve upon existing methods interms of robustness, and its F1 score reaches 0.90, which is 14.2% higher than that of the graph convolution network (GCN) with longshort-term memory (LSTM).

computer science, artificial intelligence, theory & methods

Qian Yang,Jiaming Zhang,Junjie Zhang,Cailing Sun,Shanyi Xie,Shangdong Liu,Yimu Ji

DOI: https://doi.org/10.3390/electronics13112032

IF: 2.9

2024-05-24

Electronics

Abstract:Cyber–physical systems (CPSs) serve as the pivotal core of Internet of Things (IoT) infrastructures, such as smart grids and intelligent transportation, deploying interconnected sensing devices to monitor operating status. With increasing decentralization, the surge in sensor devices expands the potential vulnerability to cyber attacks. It is imperative to conduct anomaly detection research on the multivariate time series data that these sensors produce to bolster the security of distributed CPSs. However, the high dimensionality, absence of anomaly labels in real-world datasets, and intricate non-linear relationships among sensors present considerable challenges in formulating effective anomaly detection algorithms. Recent deep-learning methods have achieved progress in the field of anomaly detection. Yet, many methods either rely on statistical models that struggle to capture non-linear relationships or use conventional deep learning models like CNN and LSTM, which do not explicitly learn inter-variable correlations. In this study, we propose a novel unsupervised anomaly detection method that integrates Sparse Autoencoder with Graph Transformer network (SGTrans). SGTrans leverages Sparse Autoencoder for the dimensionality reduction and reconstruction of high-dimensional time series, thus extracting meaningful hidden representations. Then, the multivariate time series are mapped into a graph structure. We introduce a multi-head attention mechanism from Transformer into graph structure learning, constructing a Graph Transformer network forecasting module. This module performs attentive information propagation between long-distance sensor nodes and explicitly models the complex temporal dependencies among them to enhance the prediction of future behaviors. Extensive experiments and evaluations on three publicly available real-world datasets demonstrate the effectiveness of our approach.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhaocai Dong,Kun Liu,Dongyu Han,Yuan Cao,Yuanqing Xia

DOI: https://doi.org/10.1109/iai55780.2022.9976844

2022-01-01

Abstract:This paper considers anomaly detection for cyber-physical systems, in which the multivariate time series data collected from different sensors have complex temporal dependencies and inter-sensor correlations. We firstly propose an improved unsupervised anomaly detection framework which extracts the temporal and spatial patterns based on the autoencoder and the attention-based convolutional long-short term memory networks. In particular, the original data are fused into the input signature matrices to avoid information loss and an improved sample-based threshold setting approach is proposed to estimate the optimal threshold automatically. Finally, the experiments on two sensor datasets illustrate that our model achieves superior performance over state-of-the-art methods.

Zhe Liu,Xiang Huang,Jingyun Zhang,Zhifeng Hao,Li Sun,Hao Peng

DOI: https://doi.org/10.1145/3627673.3679614

2024-08-23

Abstract:Unsupervised anomaly detection in time series is essential in industrial applications, as it significantly reduces the need for manual intervention. Multivariate time series pose a complex challenge due to their feature and temporal dimensions. Traditional methods use Graph Neural Networks (GNNs) or Transformers to analyze spatial while RNNs to model temporal dependencies. These methods focus narrowly on one dimension or engage in coarse-grained feature extraction, which can be inadequate for large datasets characterized by intricate relationships and dynamic changes. This paper introduces a novel temporal model built on an enhanced Graph Attention Network (GAT) for multivariate time series anomaly detection called TopoGDN. Our model analyzes both time and feature dimensions from a fine-grained perspective. First, we introduce a multi-scale temporal convolution module to extract detailed temporal features. Additionally, we present an augmented GAT to manage complex inter-feature dependencies, which incorporates graph topology into node features across multiple scales, a versatile, plug-and-play enhancement that significantly boosts the performance of GAT. Our experimental results confirm that our approach surpasses the baseline models on four datasets, demonstrating its potential for widespread application in fields requiring robust anomaly detection. The code is available at <a class="link-external link-https" href="https://github.com/ljj-cyber/TopoGDN" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Artificial Intelligence