To see the other types of publications on this topic, follow the link: Anomaly Behavior Detection.
Journal articles on the topic 'Anomaly Behavior Detection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Anomaly Behavior Detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Zhang, Haiyan, Yonglong Luo, Qingying Yu, Liping Sun, Xuejing Li, and Zhenqiang Sun. "A Framework of Abnormal Behavior Detection and Classification Based on Big Trajectory Data for Mobile Networks." Security and Communication Networks 2020 (December 22, 2020): 1–15. http://dx.doi.org/10.1155/2020/8858444.
Full textAbstract:
Big trajectory data feature analysis for mobile networks is a popular big data analysis task. Due to the large coverage and complexity of the mobile networks, it is difficult to define and detect anomalies in urban motion behavior. Some existing methods are not suitable for the detection of abnormal urban vehicle trajectories because they use the limited single detection techniques, such as determining the common patterns. In this study, we propose a framework for urban trajectory modeling and anomaly detection. Our framework takes into account the fact that anomalous behavior manifests the overall shape of unusual locations and trajectories in the spatial domain as well as the way these locations appear. Therefore, this study determines the peripheral features required for anomaly detection, including spatial location, sequence, and behavioral features. Then, we explore sports behaviors from the three types of features and build a taxi trajectory model for anomaly detection. Anomaly detection, including sports behaviors, are (i) detour behavior detection using an algorithm for global router anomaly detection of trajectories having a pair of same starting and ending points; this method is based on the isolation forest algorithm; (ii) local speed anomaly detection based on the DBSCAN algorithm; and (iii) local shape anomaly detection based on the local outlier factor algorithm. Using a real-life dataset, we demonstrate the effectiveness of our methods in detecting outliers. Furthermore, experiments show that the proposed algorithms perform better than the classical algorithm in terms of high accuracy and recall rate; thus, the proposed methods can accurately detect drivers’ abnormal behavior.
2
Garcia, Olivia W., and James C. Brown. "LEVERAGING CONTEXT DISCOVERY FOR EFFECTIVE ANOMALY DETECTION IN COMPLEX SYSTEMS." Pinnacle Research Journal of Scientific and Management Sciences 2, no. 4 (2025): 1–7. https://doi.org/10.55640/tprjsms-v02i04-01.
Full textAbstract:
Anomaly detection is a fundamental task in various domains, such as cybersecurity, finance, healthcare, and sensor networks. Traditional methods often struggle to distinguish between normal and anomalous behaviors when contextual information is not properly considered. This paper explores context discovery as a key strategy for enhancing anomaly detection. By identifying and utilizing relevant contextual information, anomaly detection systems can more effectively differentiate between benign and anomalous patterns, improving both the accuracy and robustness of detection. We present an approach to context discovery, where contextual variables such as time, location, or user behavior are dynamically extracted from the data, and how they can be incorporated into existing anomaly detection algorithms. We demonstrate the effectiveness of our method through a series of experiments on synthetic and real-world datasets, highlighting improvements in detecting anomalies in complex, context-dependent environments.
3
Feng, Wenying, Yu Cao, Yilu Chen, et al. "Multi-Granularity User Anomalous Behavior Detection." Applied Sciences 15, no. 1 (2024): 128. https://doi.org/10.3390/app15010128.
Full textAbstract:
Insider threats pose significant risks to organizational security, often going undetected due to their familiarity with the systems. Detection of insider threats faces challenges of imbalanced data distributions and difficulties in fine-grained detection. Specifically, anomalous users and anomalous behaviors take up a very small fraction of all insider behavior data, making precise detection of anomalous users challenging. Moreover, not all behaviors of anomalous users are anomalous, so it is difficult to detect their behaviors by standardizing with single rules or models. To address these challenges, this paper presents a novel approach for insider threat detection, leveraging machine learning techniques to conduct multi-granularity anomaly detection. We introduce the Multi-Granularity User Anomalous Behavior Detection (MG-UABD) system, which combines coarse-grained and fine-grained anomaly detection to improve the accuracy and effectiveness of detecting anomalous behaviors. The coarse-grained module screens all of the user activities to identify potential anomalies, while the fine-grained module focuses on specific anomalous users to refine the detection process. Besides, MG-UABD employs a combination of oversampling and undersampling techniques to address the imbalance in the datasets, ensuring robust model performance. Through extensive experimentation on the commonly used dataset CERT R4.2, we demonstrate that the MG-UABD system achieves superior detection rate and precision. Compared to the suboptimal model, the accuracy has increased by 3.1% and the detection rate has increased by 4.1%. Our findings suggest that a multi-granularity approach for anomaly detection, combined with tailored sampling strategies, is highly effective in addressing insider threats.
4
Parres-Peredo, Alvaro, Ivan Piza-Davila, and Francisco Cervantes. "Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity." Applied Sciences 9, no. 20 (2019): 4381. http://dx.doi.org/10.3390/app9204381.
Full textAbstract:
Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.
5
Aarthi, G., S. Sharon Priya, and W. Aisha Banu. "KRF-AD: Innovating anomaly detection with KDE-KL and random forest fusion." Intelligent Decision Technologies 18, no. 3 (2024): 2275–87. http://dx.doi.org/10.3233/idt-240628.
Full textAbstract:
Anomaly detection in Intrusion Detection System (IDS) data refers to the process of identifying and flagging unusual or abnormal behavior within a network or system. In the context of IoT, anomaly detection helps in identifying any abnormal or unexpected behavior in the data generated by connected devices. Existing methods often struggle with accurately detecting anomalies amidst massive data volumes and diverse attack patterns. This paper proposes a novel approach, KDE-KL Anomaly Detection with Random Forest Integration (KRF-AD), which combines Kernel Density Estimation (KDE) and Kullback-Leibler (KL) divergence with Random Forest (RF) for effective anomaly detection. Additionally, Random Forest (RF) integration enables classification of data points as anomalies or normal based on features and anomaly scores. The combination of statistical divergence measurement and density estimation enhances the detection accuracy and robustness, contributing to more effective network security. Experimental results demonstrate that KRF-AD achieves 96% accuracy and outperforms other machine learning models in detecting anomalies, offering significant potential for enhancing network security.
6
Shayegan, Mohammad Javad, Hamid Reza Sabor, Mueen Uddin, and Chin-Ling Chen. "A Collective Anomaly Detection Technique to Detect Crypto Wallet Frauds on Bitcoin Network." Symmetry 14, no. 2 (2022): 328. http://dx.doi.org/10.3390/sym14020328.
Full textAbstract:
The popularity and remarkable attractiveness of cryptocurrencies, especially Bitcoin, absorb countless enthusiasts every day. Although Blockchain technology prevents fraudulent behavior, it cannot detect fraud on its own. There are always unimaginable ways to commit fraud, and the need to use anomaly detection methods to identify abnormal and fraudulent behaviors has become a necessity. The main purpose of this study is to use the Blockchain technology of symmetry and asymmetry in computer and engineering science to present a new method for detecting anomalies in Bitcoin with more appropriate efficiency. In this study, a collective anomaly approach was used. Instead of detecting the anomaly of individual addresses and wallets, the anomaly of users was examined. In addition to using the collective anomaly detection method, the trimmed_Kmeans algorithm was used for clustering. The results of this study show the anomalies are more visible among users who had multiple wallets. The proposed method revealed 14 users who had committed fraud, including 26 addresses in 9 cases, whereas previous works detected a maximum of 7 addresses in 5 cases of fraud. The suggested approach, in addition to reducing the processing overhead for extracting features, detect more abnormal users and anomaly behavior.
7
Tao Xiang and Shaogang Gong. "Video Behavior Profiling for Anomaly Detection." IEEE Transactions on Pattern Analysis and Machine Intelligence 30, no. 5 (2008): 893–908. http://dx.doi.org/10.1109/tpami.2007.70731.
Full text
8
Zhu, Xudong, and Zhijing Liu. "Human behavior clustering for anomaly detection." Frontiers of Computer Science in China 5, no. 3 (2011): 279–89. http://dx.doi.org/10.1007/s11704-011-0080-4.
Full text
9
Zhao, Ying, Junjun Chen, Di Wu, et al. "Network Anomaly Detection by Using a Time-Decay Closed Frequent Pattern." Information 10, no. 8 (2019): 262. http://dx.doi.org/10.3390/info10080262.
Full textAbstract:
Anomaly detection of network traffic flows is a non-trivial problem in the field of network security due to the complexity of network traffic. However, most machine learning-based detection methods focus on network anomaly detection but ignore the user anomaly behavior detection. In real scenarios, the anomaly network behavior may harm the user interests. In this paper, we propose an anomaly detection model based on time-decay closed frequent patterns to address this problem. The model mines closed frequent patterns from the network traffic of each user and uses a time-decay factor to distinguish the weight of current and historical network traffic. Because of the dynamic nature of user network behavior, a detection model update strategy is provided in the anomaly detection framework. Additionally, the closed frequent patterns can provide interpretable explanations for anomalies. Experimental results show that the proposed method can detect user behavior anomaly, and the network anomaly detection performance achieved by the proposed method is similar to the state-of-the-art methods and significantly better than the baseline methods.
10
Kumar, Sandeep, Muhammad Badruddin Khan, Mozaherul Hoque Abul Hasanat, Abdul Khader Jilani Saudagar, Abdullah AlTameem, and Mohammed AlKhathami. "An Anomaly Detection Framework for Twitter Data." Applied Sciences 12, no. 21 (2022): 11059. http://dx.doi.org/10.3390/app122111059.
Full textAbstract:
An anomaly indicates something unusual, related to detecting a sudden behavior change, and is also helpful in detecting irregular and malicious behavior. Anomaly detection identifies unusual events, suspicious objects, or observations that differ significantly from normal behavior or patterns. Discrepancies in data can be observed in different ways, such as outliers, standard deviation, and noise. Anomaly detection helps us understand the emergence of specific diseases based on health-related tweets. This paper aims to analyze tweets to detect the unusual emergence of healthcare-related tweets, especially pre-COVID-19 and during COVID-19. After pre-processing, this work collected more than 44 thousand tweets and performed topic modeling. Non-negative matrix factorization (NMF) and latent Dirichlet allocation (LDA) were deployed for topic modeling, and a query set was designed based on resultant topics. This query set was used for anomaly detection using a sentence transformer. K-means was also employed for clustering outlier tweets from the cleaned tweets based on similarity. Finally, an unusual cluster was selected to identify pandemic-like healthcare emergencies. Experimental results show that the proposed framework can detect a sudden rise of unusual tweets unrelated to regular tweets. The new framework was employed in two case studies for anomaly detection and performed with 78.57% and 70.19% accuracy.
11
Meng, Yongwei, Tao Qin, Shancang Li, and Pinghui Wang. "Behavior Pattern Mining from Traffic and Its Application to Network Anomaly Detection." Security and Communication Networks 2022 (June 29, 2022): 1–17. http://dx.doi.org/10.1155/2022/9139321.
Full textAbstract:
Accurately detecting and identifying abnormal behaviors on the Internet are a challenging task. In this work, an anomaly detection scheme is proposed that employs the behavior attribute matrix and adjacency matrix to characterize user behavior patterns. Then, anomaly detection is conducted by analyzing the residual matrix. By analyzing network traffic and anomaly characteristics, we construct the behavior attribute matrix, which incorporates seven features that characterize user behavior patterns. To include the effects of network environment, we employ the similarity between IP addresses to form the adjacency matrix. Further, we employ CUR matrix decomposition to mine the changing trends of the matrices and obtain the residual pattern characteristics that are used to detect anomalies. To validate the effectiveness and accuracy of the proposed scheme, two datasets are used: (1) the public MAWI dataset, collected from the WIDE backbone network, which is used to validate accuracy; (2) the campus network dataset, collected from the northwest center of Chinese Education and Research Network (CERNET), which is used to verify practicability. The experimental results demonstrate that the proposed scheme can not only accurately detect and identify abnormal behaviors but also trace the source of anomalies.
12
Wen-Jen Ho, Wen-Jen Ho, Hsin-Yuan Hsieh Wen-Jen Ho, and Chia-Wei Tsai Hsin-Yuan Hsieh. "Anomaly Detection Model of Time Segment Power Usage Behavior Using Unsupervised Learning." 網際網路技術學刊 25, no. 3 (2024): 455–63. http://dx.doi.org/10.53106/160792642024052503011.
Full textAbstract:
<p>In Taiwan, the current electricity prices for residential users remain relatively low. This results in a diminished incentive for these users to invest in energy-saving improvements. Consequently, devising strategies to encourage residential users to adopt energy-saving measures becomes a vital research area. Grounded in behavioral science, this study introduces a feasible approach where an energy management system provides alerts and corresponding energy-saving recommendations to residential users upon detecting abnormal electricity consumption behavior. To pinpoint anomalous electricity usage within specific time segments, this research employs an unsupervised machine learning method, developing an anomaly detection model for the overall electricity consumption behavior of residential users. The model focuses on analyzing 2-hour intervals of electricity consumption, enabling more effective detection of abnormal usage patterns. It is trained using power consumption data collected from five actual residential users as part of an experimental study. The results indicate that the proposed anomaly detection model achieves performance metrics such as Precision, Recall, and F1-score of 0.90 or above, showcasing its potential for practical implementation.</p> <p>&nbsp;</p>
13
Zhao, Zhijun, Chen Xu, and Bo Li. "A LSTM-Based Anomaly Detection Model for Log Analysis." Journal of Signal Processing Systems 93, no. 7 (2021): 745–51. http://dx.doi.org/10.1007/s11265-021-01644-4.
Full textAbstract:
AbstractSecurity devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.
14
Tazerouti, A., and A. Ikram. "Imposters anomaly detection." Journal of Fundamental and Applied Sciences 13, no. 1 (2021): 243–63. http://dx.doi.org/10.4314/jfas.v13i1.14.
Full textAbstract:
Over the last two decades the world of cyber security has grown immensely, but despite the state-of-the-art security detection systems and intrusion detection systems (IDSs), unwanted malicious users still find their way around these security measures and gain access to secure systems. This study consists of shedding some light on the security issues in the intrusion detection systems, their vulnerabilities and drawbacks. A hypothesis is proposed to help mitigate these issues and obtain a fast and a more precise method for the detection of different malicious intruders and imposters, study their behavior and make a statistical comparison of data from the used IDSs and throughout the process. This study will state the current available technologies of IDSs, site their challenges and implement a new software-based methodology to increase the detection and reduce false alarm rates for the IDS.
15
GUEVARA, MALDONADO CESAR BYRON, Peñas Matilde Santos, and López Victoria. "Negative selection and Knuth Morris Pratt algorithm for anomaly detection." IEEE Latin America Transactions 14 (March 1, 2016): 1473–79. https://doi.org/10.1109/TLA.2016.7459637.
Full textAbstract:
n this paper an algorithm for detecting anomalous behavior on computer systems is proposed. The work is based on information from the behavior of authorized users who have performed various tasks on a computer system over two years. The study uses a dynamic data structure that can encode the current activities of users and their behaviors. The identification of the most and least frequent tasks, based on the historical database of each user, provides a simple way of creating a single profile of behavior. With this profile, we apply negative selection techniques to obtain a reasonable computational size set of anomalous detectors. We then apply the Knuth-Morris-Pratt algorithm for locating detectors of anomalies as indicators of fraudulent behavior. This procedure for detecting anomalous behavior has been tested on real data and the results prove the effectiveness of the proposal and motivate further research to improve the existing detection system.
16
Kim, Hyun-Soo, Yu Sung Edward Kim, Fania Ardelia Devira, and Mun Yong Yi. "Application of Anomaly Detection to Identifying Aggressive Pig Behaviors Using Reconstruction Loss Inversion." AgriEngineering 6, no. 4 (2024): 4442–59. http://dx.doi.org/10.3390/agriengineering6040252.
Full textAbstract:
Increasing concerns of animal welfare in the commercial pig industry include aggression between pigs as it affects their health and growth. Early detection of aggressive behaviors is essential for optimizing their living environment. A major challenge for detection is that these behaviors are observed occasionally in normal conditions. Under this circumstance, a limited amount of aggressive behavior data will lead to class imbalance issue, making it difficult to develop an effective classification model for the detection of aggressive behaviors. In order to address this issue, this study has been designed with the aim of developing an anomaly detection model for identifying aggressive behaviors in pigs, enabling better management of the imbalanced class distribution and effective detection of infrequent aggressive episodes. The model consists of a convolutional neural network (CNN) and a variational long short-term memory (LSTM) autoencoder. Additionally, we adopted a training method similar to weakly supervised anomaly detection and included a few aggressive behavior data in the training set for prior learning. To effectively utilize the aggressive behavior data, we introduced Reconstruction Loss Inversion, a novel objective function, to train the autoencoder-based model, which increases the reconstruction error for aggressive behaviors by inverting the loss function. This approach has improved detection accuracy in both AUC-ROC and AUC-PR, demonstrating a significant enhancement in distinguishing aggressive episodes from normal behavior. As a result, it outperforms traditional classification-based methods, effectively identifying aggressive behaviors in a natural pig-farming environment. This method offers a robust solution for detecting aggressive animal behaviors and contributes to improving their welfare.
17
Rahman, Fathu, Taufik Edy Sutanto, and Nina Fitriyati. "Web Traffic Anomaly Detection using Stacked Long Short-Term Memory." InPrime: Indonesian Journal of Pure and Applied Mathematics 3, no. 2 (2021): 112–21. http://dx.doi.org/10.15408/inprime.v3i2.21879.
Full textAbstract:
AbstractAn example of anomaly detection is detecting behavioral deviations in internet use. This behavior can be seen from web traffic, which is the amount of data sent and received by people who visit websites. In this study, anomaly detection was carried out using stacked Long Short-Term Memory (LSTM). First, stacked LSTM is used to create forecasting models using training data. Then the error value generated from the prediction on test data is used to perform anomaly detection. We conduct hyperparameter optimization on sliding window parameter. Sliding window is a sub-sequential data of time-series data used as input in the prediction model. The case study was conducted on the real Yahoo Webscope S5 web traffic dataset, consisting of 67 datasets, each of which has three features, namely timestamp, value, and anomaly label. The result shows that the average sensitivity is 0.834 and the average Area Under ROC Curve (AUC) is 0.931. In addition, for some of the data used, the window size selection can affect the sum of the sensitivity and AUC values. In this study, anomaly detection using stacked LSTM is described in detail and can be used for anomaly detection in other similar problems.Keywords: time-series data; sliding window; web traffic; window size. AbstrakSalah satu contoh deteksi anomali adalah mendeteksi penyimpangan perilaku dalam penggunaan internet. Perilaku ini dapat dilihat dari web traffic, yaitu jumlah data yang dikirim dan diterima oleh orang-orang yang mengunjungi situs web. Pada penelitian ini, deteksi anomali dilakukan menggunakan Long Short-Term Mermory (LSTM) bertumpuk. Pertama, LSTM bertumpuk digunakan untuk membuat model peramalan menggunakan data latih. Kemudian nilai error yang dihasilkan dari prediksi pada data uji digunakan untuk melakukan deteksi anomali. Kami melakukan optimasi hyperparameter pada parameter sliding window. Sliding window adalah data sub-sekuensial dari data runtun waktu yang digunakan sebagai input pada model prediksi. Studi kasus dilakukan pada dataset web traffic Yahoo Webscope S5 yang terdiri dari 67 dataset yang masing-masing memiliki tiga fitur yaitu timestamp, value, dan anomaly label. Hasil menunjukkan bahwa rata-rata sensitivitas sebesar 0.834 dan rata-rata Area Under ROC Curve (AUC) sebesar 0.931. Selain itu, untuk beberapa data yang digunakan, pemilihan window size dapat mempengaruhi jumlah dari nilai sensitivitas dan AUC. Pada penelitian ini, deteksi anomali menggunakan LSTM bertumpuk dijelaskan secara rinci dan dapat digunakan untuk deteksi anomali pada permasalahan lainnya yang serupa.Kata kunci: data runtun waktu; sliding window; web traffic; window size.
18
Dolgachev, M. V., and V. A. Kostyunin. "COMPREHENSIVE ANALYSIS OF WINDOWS SYSTEM BEHAVIOR FOR CYBER THREAT DETECTION." Voprosy kiberbezopasnosti 2, no. 66 (2025): 71–77. https://doi.org/10.21681/2311-3456-2025-2-71-77.
Full textAbstract:
Purpose of the article: development and analysis of anomaly detection methods on Windows system end hosts within a centralized solution of SIEM class, using machine learning and integrated approach, to improve the efficiency and accuracy of detection of potential security threats in the context of modern cyberattacks. Method: the research is based on a theoretical analysis of existing anomaly detection approaches, as well as a practical application of machine learning to analyze security event data collected through SIEM systems. The analysis includes studying the MITRE ATT&CK matrix to identify key events indicative of possible attacks and developing algorithms to detect them. Results: the results of the study show that the developed anomaly detection methodology, based on the analysis of key events of the Windows system and an integrated approach to anomaly detection, allows to significantly improve the accuracy and efficiency of detection of information security incidents in the network infrastructure. This facilitates faster and more accurate response to security threats. Application of the findings can improve anomaly detection systems in Security Operations Centers (SOCs), thus strengthening the overall cybersecurity of organizations. The scientific novelty: work offers a new perspective on anomaly detection, emphasizing the need for complex analysis and the use of machine learning to process large amounts of data collected from SIEM systems. It also emphasizes the importance of adapting anomaly detection techniques to Windows system specifics and taking into account recent trends in cybersecurity
19
Al-Mazrawe, Amer, and Bahaa Al-Musawi. "Anomaly Detection in Cloud Network: A Review." BIO Web of Conferences 97 (2024): 00019. http://dx.doi.org/10.1051/bioconf/20249700019.
Full textAbstract:
Cloud computing stands out as one of the fastest-growing technologies in the 21st century, offering enterprises opportunities to reduce costs, enhance scalability, and increase flexibility through rapid access to a shared pool of elastic computing resources. However, its security remains a significant challenge. As cloud networks grow in complexity and scale, the need for effective anomaly detection becomes crucial. Identifying anomalous behavior within cloud networks poses a challenge due to factors such as the voluminous data exchanged and the dynamic nature of underlying cloud infrastructures. Detecting anomalies helps prevent threats and maintain cloud operations. This literature review examines previous works in anomaly detection in the cloud that employ various strategies for anomaly detection, describes anomaly detection datasets, discusses the challenges of anomaly detection in cloud networks, and presents directions for future studies.
20
Savran, Efe, Esin Karpat, and Fatih Karpat. "Energy-Efficient Anomaly Detection and Chaoticity in Electric Vehicle Driving Behavior." Sensors 24, no. 17 (2024): 5628. http://dx.doi.org/10.3390/s24175628.
Full textAbstract:
Detection of abnormal situations in mobile systems not only provides predictions about risky situations but also has the potential to increase energy efficiency. In this study, two real-world drives of a battery electric vehicle and unsupervised hybrid anomaly detection approaches were developed. The anomaly detection performances of hybrid models created with the combination of Long Short-Term Memory (LSTM)-Autoencoder, the Local Outlier Factor (LOF), and the Mahalanobis distance were evaluated with the silhouette score, Davies–Bouldin index, and Calinski–Harabasz index, and the potential energy recovery rates were also determined. Two driving datasets were evaluated in terms of chaotic aspects using the Lyapunov exponent, Kolmogorov–Sinai entropy, and fractal dimension metrics. The developed hybrid models are superior to the sub-methods in anomaly detection. Hybrid Model-2 had 2.92% more successful results in anomaly detection compared to Hybrid Model-1. In terms of potential energy saving, Hybrid Model-1 provided 31.26% superiority, while Hybrid Model-2 provided 31.48%. It was also observed that there is a close relationship between anomaly and chaoticity. In the literature where cyber security and visual sources dominate in anomaly detection, a strategy was developed that provides energy efficiency-based anomaly detection and chaotic analysis from data obtained without additional sensor data.
21
Vincent, Vercruyssen, Meert Wannes, and Davis Jesse. "Transfer Learning for Anomaly Detection through Localized and Unsupervised Instance Selection." Proceedings of the AAAI Conference on Artificial Intelligence 34, no. 04 (2020): 6054–61. http://dx.doi.org/10.1609/aaai.v34i04.6068.
Full textAbstract:
Anomaly detection attempts to identify instances that deviate from expected behavior. Constructing performant anomaly detectors on real-world problems often requires some labeled data, which can be difficult and costly to obtain. However, often one considers multiple, related anomaly detection tasks. Therefore, it may be possible to transfer labeled instances from a related anomaly detection task to the problem at hand. This paper proposes a novel transfer learning algorithm for anomaly detection that selects and transfers relevant labeled instances from a source anomaly detection task to a target one. Then, it classifies target instances using a novel semi-supervised nearest-neighbors technique that considers both unlabeled target and transferred, labeled source instances. The algorithm outperforms a multitude of state-of-the-art transfer learning methods and unsupervised anomaly detection methods on a large benchmark. Furthermore, it outperforms its rivals on a real-world task of detecting anomalous water usage in retail stores.
22
Suo, Yongfeng, Yan Wang, and Lei Cui. "Ship Anomalous Behavior Detection Based on BPEF Mining and Text Similarity." Journal of Marine Science and Engineering 13, no. 2 (2025): 251. https://doi.org/10.3390/jmse13020251.
Full textAbstract:
Maritime behavior detection is vital for maritime surveillance and management, ensuring safe ship navigation, normal port operations, marine environmental protection, and the prevention of illegal activities on water. Current methods for detecting anomalous vessel behaviors primarily rely on single time series data or feature point analysis, which struggle to capture the relationships between vessel behaviors, limiting anomaly identification accuracy. To address this challenge, we proposed a novel vessel anomaly detection framework, which is called the BPEF-TSD framework. It integrates a ship behavior pattern recognition algorithm, Smith–Waterman, and text similarity measurement methods. Specifically, we first introduced the BPEF mining framework to extract vessel behavior events from AIS data, then generated complete vessel behavior sequence chains through temporal combinations. Simultaneously, we employed the Smith–Waterman algorithm to achieve local alignment between the test vessel and known anomalous vessel behavior sequences. Finally, we evaluated the overall similarity between behavior chains based on the text similarity measure strategy, with vessels exceeding a predefined threshold being flagged as anomalous. The results demonstrate that the BPEF-TSD framework achieves over 90% accuracy in detecting abnormal trajectories in the waters of Xiamen Port, outperforming alternative methods such as LSTM, iForest, and HDBSCAN. This study contributes valuable insights for enhancing maritime safety and advancing intelligent supervision while introducing a novel research perspective on detecting anomalous vessel behavior through maritime big data mining.
23
Benzagouta, Mohamed-Lamine, Hasnaâ Aniss, Hacène Fouchal, and Nour-Eddin El Faouzi. "Road-Side Unit Anomaly Detection." Vehicles 5, no. 4 (2023): 1467–81. http://dx.doi.org/10.3390/vehicles5040080.
Full textAbstract:
Actors of the Cooperative Intelligent Transport Systems (C-ITS) generate various amounts of data. Useful information on various issues such as anomalies, failures, road profiles, etc., could be revealed from the analysis of these data. The analysis, could be managed by operators and vehicles, and its output could be very helpful for future decision making. In this study, we collected real data extracted from road operators. We analyzed these streams in order to verify whether abnormal behaviors could be observed in the data. Our main target was a very sensitive C-ITS failure, which is when a road-side unit (RSU) experiences transmission failure. The detection of such failure is to be achieved by end users (vehicles), which in turn would inform road operators which would then recover the failure. The data we analyzed were collected from various roads in Europe (France, Germany, and Italy) with the aim of studying the RSUs’ behavior. Our mechanism offers compelling results regarding the early detection of RSU failures. We also proposed a new C-ITS message dedicated to raise alerts to road operators when required.
24
Sun, Fusheng, Jiahao Zhang, Xiaodong Wu, Zhong Zheng, and Xiaowen Yang. "Video Anomaly Detection Based on Global–Local Convolutional Autoencoder." Electronics 13, no. 22 (2024): 4415. http://dx.doi.org/10.3390/electronics13224415.
Full textAbstract:
Video anomaly detection (VAD) plays a crucial role in fields such as security, production, and transportation. To address the issue of overgeneralization in anomaly behavior prediction by deep neural networks, we propose a network called AMFCFBMem-Net (appearance and motion feature cross-fusion block memory network), which combines appearance and motion feature cross-fusion blocks. Firstly, dual encoders for appearance and motion are employed to separately extract these features, which are then integrated into the skip connection layer to mitigate the model’s tendency to predict abnormal behavior, ultimately enhancing the prediction accuracy for abnormal samples. Secondly, a motion foreground extraction module is integrated into the network to generate a foreground mask map based on speed differences, thereby widening the prediction error margin between normal and abnormal behaviors. To capture the latent features of various models for normal samples, a memory module is introduced at the bottleneck of the encoder and decoder structures. This further enhances the model’s anomaly detection capabilities and diminishes its predictive generalization towards abnormal samples. The experimental results on the UCSD Pedestrian dataset 2 (UCSD Ped2) and CUHK Avenue anomaly detection dataset (CUHK Avenue) demonstrate that, compared to current cutting-edge video anomaly detection algorithms, our proposed method achieves frame-level AUCs of 97.5% and 88.8%, respectively, effectively enhancing anomaly detection capabilities.
25
Liao, Liping, Ke Zhu, Jianzhen Luo, and Jun Cai. "LogBASA: Log Anomaly Detection Based on System Behavior Analysis and Global Semantic Awareness." International Journal of Intelligent Systems 2023 (September 20, 2023): 1–18. http://dx.doi.org/10.1155/2023/3777826.
Full textAbstract:
System log anomaly detection is important for ensuring stable system operation and achieving rapid fault diagnosis. System log sequences include data on the execution paths and time stamps of system tasks in addition to a large amount of semantic information, which enhances the reliability and effectiveness of anomaly detection. At the same time, considering the correlation between system log sequences can effectively improve fault diagnosis efficiency. However, the existing system log anomaly detection methods mostly consider only the sequence patterns or semantic information on the logs, so their anomaly detection results show a high rate of missed and false alarms. To solve these problems, this paper proposed an unsupervised log anomaly detection model (LogBASA) based on the system behavior analysis and global semantic awareness, aiming to decrease the leakage rate and increase the log sequence anomaly detection accuracy. First, a system log knowledge graph was constructed based on massive, unstructured, and multilevel system log data to represent log sequence patterns, which facilitates subsequent anomaly detection and localization. Then, a self-attention encoder-decoder transformer model was developed for log spatiotemporal association analysis. This model combines semantic mapping and spatiotemporal features of log sequences to analyze system behavior and log semantics in multiple dimensions. Furthermore, a system log anomaly detection method that combines adaptive spatial boundary delineation and sequence reconstruction objective functions was proposed. This method uses special words to characterize the log sequence states, delineates anomaly boundaries automatically, and reconstructs log sequences through unsupervised training for anomaly detection. Finally, the proposed method was verified by numerous experiments on three real datasets. The results indicate that the proposed method can achieve an accuracy rate of 99.3%, 95.1%, and 97.2% on HDFS, BGL, and Thunderbird datasets, which proves the effectiveness and superiority of the LogBASA model.
26
Mazzariello, Claudio, Paolo De Lutiis, and Dario Lombardo. "Clustering NGN user behavior for anomaly detection." Information Security Technical Report 16, no. 1 (2011): 20–28. http://dx.doi.org/10.1016/j.istr.2010.10.011.
Full text
27
Hua, Caijian, Kun Luo, Yadong Wu, and Rui Shi. "YOLO-ABD: A Multi-Scale Detection Model for Pedestrian Anomaly Behavior Detection." Symmetry 16, no. 8 (2024): 1003. http://dx.doi.org/10.3390/sym16081003.
Full textAbstract:
Public safety and intelligent surveillance systems rely on anomaly detection for effective monitoring. In real-world pedestrian detection scenarios, Pedestrians often exhibit various symmetrical features such as body contours, facial features, posture, and clothing. However, the accuracy of pedestrian anomaly detection is affected by factors such as complex backgrounds, pedestrian obstruction, and small target sizes. To address these issues, this study introduced YOLO-ABD, a lightweight method for anomaly behavior detection that integrated small object detection and channel shuffling. This approach enhanced the YOLOv8n baseline model by integrating a small-object detection mechanism at the head and employing the symmetric GSConv convolutional module in the backbone network to improve perceptual capabilities. Furthermore, it incorporated the SimAM attention mechanism to mitigate complex background interference and thus enhance target detection performance. Evaluation on the IITB-Corridor dataset showed mAP50 and mAP50-95 scores of 89.3% and 60.6%, respectively. Generalization testing on the street-view-gdogo dataset further underscored the superiority of YOLO-ABD over advanced detection algorithms, demonstrating its effectiveness and generalization capabilities. With relatively fewer parameters, YOLO-ABD provided an excellent lightweight solution for pedestrian anomaly detection.
28
Hu, Huimin, Wenping Ma, and Wei Luo. "A Method for Detecting Large-scale Network Anomaly Behavior." ITM Web of Conferences 17 (2018): 01012. http://dx.doi.org/10.1051/itmconf/20181701012.
Full textAbstract:
A clustering model identification method based on the statistics has been proposed to improve the ability to detect scale anomaly behavior of the traditional anomaly detection technology. By analyzing the distribution of the distance between each clustering objects and clustering center to identify anomaly behavior. It ensures scale abnormal behavior identification while keeping the processing mechanism of the traditional anomaly detection technology for isolation, and breaking through the limitation of the traditional anomaly detection method assumes that abnormal data is the isolation. In order to improve the precision of clustering, we correct the Euclidean distance with the entropy value method to weight the attribute of the data, it optimizes the similarity evaluating electric of the nearest neighbor clustering algorithm, and simulated. Experimental results show that the statistical method and the improved clustering method is more efficient and self-adaptive.
29
A, Nandini. "Anomaly Detection Using CNN with I3D Feature Extraction." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 03 (2024): 1–5. http://dx.doi.org/10.55041/ijsrem29371.
Full textAbstract:
Anomaly detection is a critical task in various fields such as surveillance, healthcare, and industrial monitoring, aiming to identify patterns that deviate significantly from normal behavior.Video anomaly detection is inherently difficult due to visual complexity and variability. This work proposes a unique anomaly detection technique leveraging Convolutional Neural Networks (CNN) with Inflated 3D Convolutional Networks (I3D) for feature extraction. This involves training the CNN on a large dataset to learn normal behavior, enabling it to identify anomalies by recognizing deviations from learned patterns. Furthermore, our approach exhibits promising results in detecting various types of anomalies, including sudden changes, abnormal trajectories, and rare events. Upon detection of such activity, mail(notification) can be raised concerned people who can take immediate action.This research contributes a significant advancement in the field of anomaly detection, and holds potential for applications in surveillance, security, and industrial monitoring systems. Keywords—Anomaly detection,I3D(Inflated3D) feature extraction,Convolutional neural network, Spatio-Temporal Features,Normal and abnormal event detection.
30
Tkach, Volodymyr, Anton Kudin, Victor R. Kebande, Oleksii Baranovskyi, and Ivan Kudin. "Non-Pattern-Based Anomaly Detection in Time-Series." Electronics 12, no. 3 (2023): 721. http://dx.doi.org/10.3390/electronics12030721.
Full textAbstract:
Anomaly detection across critical infrastructures is not only a key step towards detecting threats but also gives early warnings of the likelihood of potential cyber-attacks, faults, or infrastructure failures. Owing to the heterogeneity and complexity of the cybersecurity field, several anomaly detection algorithms have been suggested in the recent past based on the literature; however, there still exists little or no research that points or focuses on Non-Pattern Anomaly Detection (NP-AD) in Time-Series at the time of writing this paper. Most of the existing anomaly detection approaches refer to the initial profiling, i.e., defining which behavior represented by time series is “normal”, whereas everything that does not meet the criteria of “normality” is set as “abnormal” or anomalous. Such a definition does not reflect the complexity and sophistication of anomaly nature. Under different conditions, the same behavior may or may not be anomalous. Therefore, the authors of this paper posit the need for NP-AD in Time-Series as a step toward showing the relevance of deviating or not conforming to expected behaviors. Non-Pattern (NP), in the context of this paper, illustrates non-conforming patterns or a technique of deviating with respect to some characteristics while dynamically adapting to changes. Based on the experiments that have been conducted in this paper, it has been observed that the likelihood of NP-AD in Time-Series is a significant approach based on the margins of data streams that have been used from the perspective of non-seasonal time series with outliers, the Numenta Anomaly Benchmark (NAB) dataset and the SIEM SPLUNK machine learning toolkit. It is the authors’ opinion that this approach provides a significant step toward predicting futuristic anomalies across diverse cyber, critical infrastructures, and other complex settings.
31
He, Ruifeng, Mingtian Xie, and Aixing He. "Video anomaly detection based on hybrid attention mechanism." Applied and Computational Engineering 57, no. 1 (2024): 212–17. http://dx.doi.org/10.54254/2755-2721/57/20241336.
Full textAbstract:
To improve the ability of video anomaly detection models to extract normal behavior features of samples and suppress abnormal behaviors, this paper proposes an unsupervised video anomaly detection model, which takes advantage of spatio-temporal feature fusion, storage module, attention mechanism, and 3D autoencoder model. The model utilizes autoencoder to capture scene feature maps to enhance anomaly feature extraction. These maps are merged with the original video frames, forming fundamental units constituting continuous sequences serving as the model's input. Moreover, the attention mechanism is integrated into the 3D convolutional neural network to strengthen the network's capability in extracting channel and spatial features from videos. Experimental validation is performed on a publicly accessible campus dataset, illustrating the model's superior accuracy in anomaly detection.
32
Kim, Donghyun, Sangbong Lee, and Jihwan Lee. "An Ensemble-Based Approach to Anomaly Detection in Marine Engine Sensor Streams for Efficient Condition Monitoring and Analysis." Sensors 20, no. 24 (2020): 7285. http://dx.doi.org/10.3390/s20247285.
Full textAbstract:
This study proposes an unsupervised anomaly detection method using sensor streams from the marine engine to detect the anomalous system behavior, which may be a possible sign of system failure. Previous works on marine engine anomaly detection proposed a clustering-based or statistical control chart-based approach that is unstable according to the choice of hyperparameters, or cannot fit well to the high-dimensional dataset. As a remedy to this limitation, this study adopts an ensemble-based approach to anomaly detection. The idea is to train several anomaly detectors with varying hyperparameters in parallel and then combine its result in the anomaly detection phase. Because the anomaly is detected by the combination of different detectors, it is robust to the choice of hyperparameters without loss of accuracy. To demonstrate our methodology, an actual dataset obtained from a 200,000-ton cargo vessel from a Korean shipping company that uses two-stroke diesel engine is analyzed. As a result, anomalies were successfully detected from the high-dimensional and large-scale dataset. After detecting the anomaly, clustering analysis was conducted to the anomalous observation to examine anomaly patterns. By investigating each cluster’s feature distribution, several common patterns of abnormal behavior were successfully visualized. Although we analyzed the data from two-stroke diesel engine, our method can be applied to various types of marine engine.
33
Zhou, Xiaojun, Zhen Xu, Liming Wang, Kai Chen, Cong Chen, and Wei Zhang. "Behavior Based Anomaly Detection Model in SCADA System." MATEC Web of Conferences 173 (2018): 01011. http://dx.doi.org/10.1051/matecconf/201817301011.
Full textAbstract:
With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.
34
Edelen, Jonathan P., and Christopher C. Hall. "Autoencoder Based Analysis of RF Parameters in the Fermilab Low Energy Linac." Information 12, no. 6 (2021): 238. http://dx.doi.org/10.3390/info12060238.
Full textAbstract:
Machine learning (ML) has the potential for significant impact on the modeling, operation, and control of particle accelerators due to its ability to model nonlinear behavior, interpolate on complicated surfaces, and adapt to system changes over time. Anomaly detection in particular has been highlighted as an area where ML can significantly impact the operation of accelerators. These algorithms work by identifying subtle behaviors of key variables prior to negative events. Efforts to apply ML to anomaly detection have largely focused on subsystems such as RF cavities, superconducting magnets, and losses in rings. However, dedicated efforts to understand how to apply ML for anomaly detection in linear accelerators have been limited. In this paper the use of autoencoders is explored to identify anomalous behavior in measured data from the Fermilab low-energy linear accelerator.
35
Zoppi, Tommaso, Andrea Ceccarelli, Tommaso Capecchi, and Andrea Bondavalli. "Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape." ACM/IMS Transactions on Data Science 2, no. 2 (2021): 1–26. http://dx.doi.org/10.1145/3441140.
Full textAbstract:
Anomaly detection aims at identifying unexpected fluctuations in the expected behavior of a given system. It is acknowledged as a reliable answer to the identification of zero-day attacks to such extent, several ML algorithms that suit for binary classification have been proposed throughout years. However, the experimental comparison of a wide pool of unsupervised algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets was not investigated yet. To fill such gap, we exercise 17 unsupervised anomaly detection algorithms on 11 attack datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We conclude that algorithms as Isolation Forests, One-Class Support Vector Machines, and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Further, we detail how attacks with unstable, distributed, or non-repeatable behavior such as Fuzzing, Worms, and Botnets are more difficult to detect. Ultimately, we digress on capabilities of algorithms in detecting anomalies generated by a wide pool of unknown attacks, showing that achieved metric scores do not vary with respect to identifying single attacks.
36
Zhang, Lixiang, Yian Zhu, Jie Ren, Wei Lu, and Ye Yao. "A method for detecting abnormal behavior of ships based on multi-dimensional density distance and an abnormal isolation mechanism." Mathematical Biosciences and Engineering 20, no. 8 (2023): 13921–46. http://dx.doi.org/10.3934/mbe.2023620.
Full textAbstract:
<abstract> <p>Abnormal ship behavior detection is essential for maritime navigation safety. Most existing abnormal ship behavior detection methods only build A ship trajectory position outlier detection model; however, the construction of a ship speed outlier detection model is also significant for maritime navigation safety. In addition, in most existing methods for detecting a ship's abnormal behavior based on abnormal thresholds, one unsuitable threshold leads to the risk of the ship not being minimized as much as possible. In this paper, we proposed an abnormal ship behavior detection method based on distance measurement and an isolation mechanism. First, to address the problem of traditional trajectory compression methods and density clustering methods only using ship position information, the minimum description length principle based on acceleration (AMDL) algorithm and Multi-Dimensional Density Clustering (MDDBSCAN) algorithm is used in this study. These algorithms not only considered the position information of the ship, but also the speed information. Second, regarding the issue of the difficulty in determining the anomaly threshold, one method for determining the anomaly threshold based on the relationship between the velocity weights and noise points of the MDDBSCAN algorithm has been introduced. Finally, due to the randomness issue of the selected segmentation value in iForest, a strategy of selectively constructing isolated trees was proposed, thus further improving the efficiency of abnormal ship behavior detection. The experimental results on the historical automatic identification system data set of Xiamen port prove the practicality and effectiveness of our proposed method. Our experiment results show that the proposed method achieves an improvement of about 10% over the trajectory outlier detection based on the local outlier fraction method, about 14% over the isolation-based online anomalous trajectory method in terms of the accuracy of ship position information anomaly detection, and about 3% over the feature fusion method in terms of the accuracy of ship speed anomaly detection. This method improves algorithm efficiency by about 5% compared to the traditional isolation forest anomaly detection algorithm.</p> </abstract>
37
Nkiru, Ezefosie, and Ohemu Monday Fredrick. "A Data Driven Anomaly Based Behavior Detection Method for Advanced Persistent Threats (APT)." International Journal of Science and Research (IJSR) 10, no. 8 (2021): 663–67. https://doi.org/10.21275/sr21726172522.
Full text
38
Neha, Sharma, Kumar D. Pradeep, Kumar Rohit, and Dutt Tripathi Shiv. "Anomaly Detection in Human Behavior using Video Surveillance." International Journal of Engineering and Advanced Technology (IJEAT) 9, no. 2 (2019): 328–32. https://doi.org/10.35940/ijeat.B3133.129219.
Full textAbstract:
Conventional static surveillance has proved to be quite ineffective as the huge number of cameras to keep an eye on most often outstrips the monitor’s ability to do so. Furthermore, the amount of focus needed to constantly monitor the surveillance video cameras is often overbearing. The review paper focuses on solving the problem of anomaly detection in video sequence through semi-supervised techniques. Each video is defined as sequence of frames. The model is trained with goal to minimize the reconstruction error which later on is used to detect anomaly in the test sample videos. The model was trained and tested on most commonly used benchmarking dataset Avenue dataset. Experiment results confirm that the model detects anomaly in a video with a reasonably good accuracy in presence of some noise in dataset.
39
Wang, Yunge, Lingling Zhang, Tong Si, Graham Bishop, and Haijun Gong. "Anomaly Detection in High-Dimensional Time Series Data with Scaled Bregman Divergence." Algorithms 18, no. 2 (2025): 62. https://doi.org/10.3390/a18020062.
Full textAbstract:
The purpose of anomaly detection is to identify special data points or patterns that significantly deviate from the expected or typical behavior of the majority of the data, and it has a wide range of applications across various domains. Most existing statistical and machine learning-based anomaly detection algorithms face challenges when applied to high-dimensional data. For instance, the unconstrained least-squares importance fitting (uLSIF) method, a state-of-the-art anomaly detection approach, encounters the unboundedness problem under certain conditions. In this study, we propose a scaled Bregman divergence-based anomaly detection algorithm using both least absolute deviation and least-squares loss for parameter learning. This new algorithm effectively addresses the unboundedness problem, making it particularly suitable for high-dimensional data. The proposed technique was evaluated on both synthetic and real-world high-dimensional time series datasets, demonstrating its effectiveness in detecting anomalies. Its performance was also compared to other density ratio estimation-based anomaly detection methods.
40
Sarpate, Dikshendra, Isha Tadas, Radhesh Khaire, Mokshad Antapurkar, and Amisha Sonone. "Unveiling Anomaly : Empowering Video Surveillance through Intelligent Anomaly Detection." International Journal of Scientific Research in Science, Engineering and Technology 11, no. 2 (2024): 312–20. http://dx.doi.org/10.32628/ijsrset2411248.
Full textAbstract:
Video surveillance has become a cornerstone of security for public spaces and private property. However, the effectiveness of this approach is hampered by the limitations of manual monitoring. Human analysts face challenges such as fatigue, distraction, and the sheer volume of video data, leading to missed incidents and inefficient use of resources. This research project proposes a revolutionary solution: intelligent anomaly detection through artificial intelligence (AI). This system transcends the constraints of human observation by automatically identifying deviations from established patterns within video footage. The core concept lies in leveraging the power of AI to analyze various aspects of video data. This includes movement analysis, object recognition, and scene dynamics. Through this comprehensive approach, the system can detect anomalous events that might escape human notice – activities such as loitering, intrusions, or suspicious behavior. This project delves into the design and development of this intelligent anomaly detection system. It explores the vast potential of machine learning techniques, specifically focusing on unsupervised learning and deep learning algorithms. These algorithms play a crucial role in modeling normal behavior within video data. The system then utilizes these models to identify deviations that fall outside the established patterns. By flagging these anomalies, the system empowers security personnel to prioritize their attention on critical events. This significantly enhances overall security efficiency by allowing human analysts to focus on investigating the most relevant situations. This research project seeks to contribute significantly to the advancement of video surveillance technology. By harnessing the power of AI and machine learning, this intelligent anomaly detection system offers a promising approach to enhancing security in public spaces and private property.
41
Ma, Yangfeifei, Xinyun Zhu, Jilong Lu, Pan Yang, and Jianzhong Sun. "Construction of Data-Driven Performance Digital Twin for a Real-World Gas Turbine Anomaly Detection Considering Uncertainty." Sensors 23, no. 15 (2023): 6660. http://dx.doi.org/10.3390/s23156660.
Full textAbstract:
Anomaly detection and failure prediction of gas turbines is of great importance for ensuring reliable operation. This work presents a novel approach for anomaly detection based on a data-driven performance digital twin of gas turbine engines. The developed digital twin consists of two parts: uncertain performance digital twin (UPDT) and fault detection capability. UPDT is a probabilistic digital representation of the expected performance behavior of real-world gas turbine engines operating under various conditions. Fault detection capability is developed based on detecting UPDT outputs that have low probability under the training distribution. A novel anomaly measure based on the first Wasserstein distance is proposed to characterize the entire flight data, and a threshold can be applied to this measure to detect anomaly flights. The proposed UPDT with uncertainty quantification is trained with the sensor data from an individual physical reality and the outcome of the UPDT is intended to deliver the health assessment and fault detection results to support operation and maintenance decision-making. The proposed method is demonstrated on a real-world dataset from a typical type of commercial turbofan engine and the result shows that the F1 score reaches a maximum of 0.99 with a threshold of 0.45. The case study demonstrated that the proposed novel anomaly detection method can effectively identify the abnormal samples, and it is also possible to isolate anomalous behavior in a single performance signal, which is helpful for further fault diagnosis once an anomaly is detected.
42
Kim, Tae Hoon, Stephen Ojo, Moez Krichen, and Meznah A. Alamro. "Single and Mixed Sensory Anomaly Detection in Connected and Automated Vehicle Sensor Networks." Electronics 13, no. 10 (2024): 1885. http://dx.doi.org/10.3390/electronics13101885.
Full textAbstract:
Connected and automated vehicles (CAVs), integrated with sensors, cameras, and communication networks, are transforming the transportation industry and providing new opportunities for consumers to enjoy personalized and seamless experiences. The fast proliferation of connected vehicles on the road and the growing trend of autonomous driving create vast amounts of data that need to be analyzed in real time. Anomaly detection in CAVs refers to identifying any unusual or unforeseen behavior in the data generated by vehicles’ various sensors and components. Anomaly detection aims to identify any unusual behavior that might indicate a problem or a malfunction in the vehicle. To identify and detect anomalies efficiently, a method must deal with noisy data, missing data, dynamic frequency data, and low- and high-magnitude data, and it must be accurate enough to detect anomalies in a dynamic sensor streaming environment. Therefore, this paper proposes a fast and efficient hard-voting-based technique named FT-HV, comprising three fine-tuned machine learning algorithms to detect and classify anomaly behavior in CAVs for single and mixed sensory datasets. In experiments, we evaluate our approach on the benchmark Sensor Anomaly dataset that contains data from various vehicle sensors at low and high magnitudes. Further, it contains single and mixed anomaly types that are challenging to detect and identify. The results reveal that the proposed approach outperforms existing solutions for detecting single anomaly types at low magnitudes and detecting mixed anomaly types in all settings. Furthermore, this research is envisioned to help detect and identify anomalies early and efficiently promote safer and more resilient CAVs.
43
Basheer, Muhammad Yunus Iqbal, Azliza Mohd Ali, Rozianawaty Osman, et al. "Empowering anomaly detection algorithm: a review." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 9–22. https://doi.org/10.11591/ijai.v13.i1.pp9-22.
Full textAbstract:
Detecting anomalies in a data stream relevant to domains like intrusion detection, fraud detection, security in sensor networks, or event detection in internet of things (IoT) environments is a growing field of research. For instance, the use of surveillance cameras installed everywhere that is usually governed by human experts. However, when many cameras are involved, more human expertise is needed, thus making it expensive. Hence, researchers worldwide are trying to invent the best-automated algorithm to detect abnormal behavior using real-time data. The designed algorithm for this purpose may contain gaps that could differentiate the qualities in specific domains. Therefore, this study presents a review of anomaly detection algorithms, introducing the gap that presents the advantages and disadvantages of these algorithms. Since many works of literature were reviewed in this review, it is expected to aid researchers in closing this gap in the future.
44
Yin, Yong, Qiannan Liu, and Shibiao Mao. "Global Anomaly Crowd Behavior Detection Using Crowd Behavior Feature Vector." International Journal of Smart Home 9, no. 12 (2015): 149–60. http://dx.doi.org/10.14257/ijsh.2015.9.12.16.
Full text
45
Iqbal Basheer, Muhammad Yunus, Azliza Mohd Ali, Rozianawaty Osman, et al. "Empowering anomaly detection algorithm: a review." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 9. http://dx.doi.org/10.11591/ijai.v13.i1.pp9-22.
Full textAbstract:
<span lang="EN-US">Detecting anomalies in a data stream relevant to domains like intrusion detection, fraud detection, security in sensor networks, or event detection in internet of things (IoT) environments is a growing field of research. For instance, the use of surveillance cameras installed everywhere that is usually governed by human experts. However, when many cameras are involved, more human expertise is needed, thus making it expensive. Hence, researchers worldwide are trying to invent the best-automated algorithm to detect abnormal behavior using real-time data. The designed algorithm for this purpose may contain gaps that could differentiate the qualities in specific domains. Therefore, this study presents a review of anomaly detection algorithms, introducing the gap that presents the advantages and disadvantages of these algorithms. Since many works of literature were reviewed in this review, it is expected to aid researchers in closing this gap in the future.</span>
46
Nazat, Sazid, Osvaldo Arreche, and Mustafa Abdallah. "On Evaluating Black-Box Explainable AI Methods for Enhancing Anomaly Detection in Autonomous Driving Systems." Sensors 24, no. 11 (2024): 3515. http://dx.doi.org/10.3390/s24113515.
Full textAbstract:
The recent advancements in autonomous driving come with the associated cybersecurity issue of compromising networks of autonomous vehicles (AVs), motivating the use of AI models for detecting anomalies on these networks. In this context, the usage of explainable AI (XAI) for explaining the behavior of these anomaly detection AI models is crucial. This work introduces a comprehensive framework to assess black-box XAI techniques for anomaly detection within AVs, facilitating the examination of both global and local XAI methods to elucidate the decisions made by XAI techniques that explain the behavior of AI models classifying anomalous AV behavior. By considering six evaluation metrics (descriptive accuracy, sparsity, stability, efficiency, robustness, and completeness), the framework evaluates two well-known black-box XAI techniques, SHAP and LIME, involving applying XAI techniques to identify primary features crucial for anomaly classification, followed by extensive experiments assessing SHAP and LIME across the six metrics using two prevalent autonomous driving datasets, VeReMi and Sensor. This study advances the deployment of black-box XAI methods for real-world anomaly detection in autonomous driving systems, contributing valuable insights into the strengths and limitations of current black-box XAI methods within this critical domain.
47
Prasath, V., K. Deepak, and S. Chandrakala. "Traffic Anomalies in Surveillance Videos: Recent Trends." Journal of Computational and Theoretical Nanoscience 17, no. 1 (2020): 13–20. http://dx.doi.org/10.1166/jctn.2020.8622.
Full textAbstract:
There is an increasing demand for automated traffic surveillance with a wide range of threats in road safety and less man power to monitor them. Especially, detecting anomalous behavior in traffic surveillance is challenging because of the presence of occlusion, weather conditions, and pose variations. This paper reviews the recent trends on vision based traffic anomaly detection. Various features, modeling techniques and data sets used in traffic anomaly detection are reviewed.
48
Tian, Yu, Haihua Liao, Jing Xu, Ya Wang, Shuai Yuan, and Naijin Liu. "Unsupervised Spectrum Anomaly Detection Method for Unauthorized Bands." Space: Science & Technology 2022 (February 21, 2022): 1–10. http://dx.doi.org/10.34133/2022/9865016.
Full textAbstract:
With the rapid development of wireless communication, spectrum plays increasingly important role in both military and civilian fields. Spectrum anomaly detection aims at detecting emerging anomaly signals and spectrum usage behavior in the environment, which is indispensable to secure safety and improve spectrum efficiency. However, spectrum anomaly detection faces many difficulties, especially for unauthorized frequency bands. In unauthorized bands, the composition of spectrum is complex and the anomaly usage patterns are unknown in prior. In this paper, a Variational Autoencoder- (VAE-) based method is proposed for spectrum anomaly detection in unauthorized bands. First of all, we theoretically prove that the anomalies in unauthorized bands will introduce Background Noise Enhancement (BNE) effect and Anomaly Signal Disappearance (ASD) effects after VAE reconstruction. Then, we introduce a novel anomaly metric termed as percentile (PER) score, which focuses on capturing the distribution variation of reconstruction error caused by ASD and BNE. In order to verify the effectiveness of our method, we developed an ISM Anomaly Detection (IAD) dataset. The proposed PER score achieves superior performance against different type of anomalies. For QPSK type anomaly, our method increases the recall rate from 80% to 93% while keeping a false alarm rate of 5%. The proposed method is beneficial to broadband spectrum sensing and massive spectrum data processing. The code will be released at :QXSLAB/vae_ism_ano.git.
49
Li, Xiaoshan, and Mingming Chen. "RT-Cabi: an Internet of Things based framework for anomaly behavior detection with data correction through edge collaboration and dynamic feature fusion." PeerJ Computer Science 10 (October 21, 2024): e2306. http://dx.doi.org/10.7717/peerj-cs.2306.
Full textAbstract:
The rapid advancement of Internet of Things (IoT) technologies brings forth new security challenges, particularly in anomaly behavior detection in traffic flow. To address these challenges, this study introduces RT-Cabi (Real-Time Cyber-Intelligence Behavioral Anomaly Identifier), an innovative framework for IoT traffic anomaly detection that leverages edge computing to enhance the data processing and analysis capabilities, thereby improving the accuracy and efficiency of anomaly detection. RT-Cabi incorporates an adaptive edge collaboration mechanism, dynamic feature fusion and selection techniques, and optimized lightweight convolutional neural network (CNN) frameworks to address the limitations of traditional models in resource-constrained edge devices. Experiments conducted on two public datasets, Edge-IIoT and UNSW_NB15, demonstrate that RT-Cabi achieves a detection accuracy of 98.45% and 90.94%, respectively, significantly outperforming existing methods. These contributions not only validate the effectiveness of the RT-Cabi model in identifying anomalous behaviors in IoT traffic but also offer new perspectives and technological pathways for future research in IoT security.
50
Sagade, Omkar Dhananjay, Atharva Dnyaneshwar Ubhe, and Prof Prerna Siddharth Patil. "Host Based-Intrusion Detection System (Anomaly Detection System)." IOSR Journal of Computer Engineering 26, no. 6 (2024): 08–13. http://dx.doi.org/10.9790/0661-2606010813.
Full textAbstract:
The objective of our statistical anomaly detection project is to develop an IDS that notices behavior which is based on observed action, detects abnormalities or possible intrusions. The system utilizes statistical analysis techniques, specifically features to discover anomalous patterns of activity, and receives input data in the form of stats.txt and event.txt files. The project's goal is to offer a dependable and efficient IDS that can assist in identifying and averting cyberattacks on networks and computer systems