Anomaly detection (AD) requires spectral and spatial information to differentiate anomalies from their surrounding data samples. To capture spatial information, a general approach is to utilize local ...windows in various forms to adapt local characteristics of the background (BKG) from which unknown anomalies can be detected. This article develops a new approach, called iterative spectral-spatial hyperspectral AD (ISSHAD), which can improve an anomaly detector in its performance via an iterative process. Its key idea is to include an iterative process that captures spectral and spatial information from AD maps (ADMaps) obtained in previous iterations and feeds these anomaly maps back to the current data cube to create a new data cube for the next iteration. To terminate the iterative process, a Tanimoto index (TI)-based automatic stopping rule is particularly designed. Three types of spectral and spatial information, ADMaps, foreground map (FGMap), and spatial filtered map (SFMap), are introduced to develop seven various versions of ISSHAD. To demonstrate its full utilization in improving AD performance, a large number of extensive experiments are performed for ISSHAD along with its detailed comprehensive analysis among several most recently developed anomaly detectors, including classic, dual-window-based, low-rank representation model-based, and tensor-based AD methods for validation.
Unsupervised anomaly detection holds a distinctive advantage in industrial fault detection applications, offering the ability to detect anomalies without relying on annotated images. However, our ...experiments on freight train fault detection unveil a significant observation: detectors tend to produce anomaly maps that exhibit spatial activations, leading to false alarms with obvious spatial patterns. To this end, we propose a novel Low-Rank Representation Spatial Activation Suppression (LRR-SAS) post-processing method. A tensor structure, namely the High Spatial Response Tensor, captures spatial activations from anomaly maps while preserving independence among sub-regions. A Kolda Horizontal Expansion-based dictionary construction method is proposed to construct a dictionary tensor of specified tensor size from training instances. Moreover, the low-rank and sparse representation-based spatial attention suppression method is developed. Experimental results demonstrate the effectiveness of our approach in eliminating false positives and improving comprehensive fault detection performance on freight train images compared with state-of-the-art detectors.
Deep learning approaches to anomaly detection (AD) have recently improved the state of the art in detection performance on complex data sets, such as large collections of images or text. These ...results have sparked a renewed interest in the AD problem and led to the introduction of a great variety of new methods. With the emergence of numerous such methods, including approaches based on generative models, one-class classification, and reconstruction, there is a growing need to bring methods of this field into a systematic and unified perspective. In this review, we aim to identify the common underlying principles and the assumptions that are often made implicitly by various methods. In particular, we draw connections between classic "shallow" and novel deep approaches and show how this relation might cross-fertilize or extend both directions. We further provide an empirical assessment of major existing methods that are enriched by the use of recent explainability techniques and present specific worked-through examples together with practical advice. Finally, we outline critical open challenges and identify specific paths for future research in AD.
•A reconstruction-by-inpainting-based anomaly detection method (RIAD) was proposed.•RIAD achieves state-of-the-art performance on anomaly detection and localization.•We compare RIAD anomaly detection ...results with recent anomaly detection methods.•The generality of RIAD is demonstrated by applying it on video anomaly detection.
Visual anomaly detection addresses the problem of classification or localization of regions in an image that deviate from their normal appearance. A popular approach trains an auto-encoder on anomaly-free images and performs anomaly detection by calculating the difference between the input and the reconstructed image. This approach assumes that the auto-encoder will be unable to accurately reconstruct anomalous regions. But in practice neural networks generalize well even to anomalies and reconstruct them sufficiently well, thus reducing the detection capabilities. Accurate reconstruction is far less likely if the anomaly pixels were not visible to the auto-encoder. We thus cast anomaly detection as a self-supervised reconstruction-by-inpainting problem. Our approach (RIAD) randomly removes partial image regions and reconstructs the image from partial inpaintings, thus addressing the drawbacks of auto-enocoding methods. RIAD is extensively evaluated on several benchmarks and sets a new state-of-the art on a recent highly challenging anomaly detection benchmark.
Cyber intrusions to substations of a power grid are a source of vulnerability since most substations are unmanned and with limited protection of the physical security. In the worst case, simultaneous ...intrusions into multiple substations can lead to severe cascading events, causing catastrophic power outages. In this paper, an integrated Anomaly Detection System (ADS) is proposed which contains host- and network-based anomaly detection systems for the substations, and simultaneous anomaly detection for multiple substations. Potential scenarios of simultaneous intrusions into the substations have been simulated using a substation automation testbed. The host-based anomaly detection considers temporal anomalies in the substation facilities, e.g., user-interfaces, Intelligent Electronic Devices (IEDs) and circuit breakers. The malicious behaviors of substation automation based on multicast messages, e.g., Generic Object Oriented Substation Event (GOOSE) and Sampled Measured Value (SMV), are incorporated in the proposed network-based anomaly detection. The proposed simultaneous intrusion detection method is able to identify the same type of attacks at multiple substations and their locations. The result is a new integrated tool for detection and mitigation of cyber intrusions at a single substation or multiple substations of a power grid.
Video anomaly detection is a challenging task due to the unpredictable nature of abnormal actions, sophisticated semantics and a lack in training data. The visual representations of most existing ...approaches are limited by short-term sequences which cannot provide necessary clues for achieving reasonable detections. In this paper, we propose to comprehensively represent the motion patterns in human actions by learning from long-term sequences. Firstly, a Stacked State Machine (SSM) model with distinctive basis functions is proposed to represent the temporal dependencies which are consistent across long-term observations. Secondly, the dependencies are leveraged in filtering out problematic motion estimations which are influenced by short-term observation noises, plausible motion parameters are obtained in this way. Finally, SSM model predicts future states based on past ones, the divergence between the predictions with inherent normal patterns and observed ones determines anomalies which violate normal motion patterns. To address the challenges in drone-based surveillance, a dataset which is more diversified than existing ones is built. Extensive experiments are carried out to evaluate the proposed approach on the dataset and existing ones. Improvements over state-of-the-art methods can be observed. The proposed dataset will be made publicly available. Code is available at https://github.com/AllenYLJiang/Anomaly-Detection-in-Sequences.
Anomalies are rare observations (e.g., data records or events) that deviate significantly from the others in the sample. Over the past few decades, research on anomaly mining has received increasing ...interests due to the implications of these occurrences in a wide range of disciplines - for instance, security, finance, and medicine. For this reason, anomaly detection, which aims to identify these rare observations, has become one of the most vital tasks in the world and has shown its power in preventing detrimental events, such as financial fraud, network intrusions, and social spam. The detection task is typically solved by identifying outlying data points in the feature space, which, inherently, overlooks the relational information in real-world data. At the same time, graphs have been prevalently used to represent the structural/relational information, which raises the graph anomaly detection problem - identifying anomalous graph objects (i.e., nodes, edges and sub-graphs) in a single graph, or anomalous graphs in a set/database of graphs. Conventional anomaly detection techniques cannot tackle this problem well because of the complexity of graph data (e.g., irregular structures, relational dependencies, node/edge types/attributes/directions/multiplicities/weights, large scale, etc.). However, thanks to the advent of deep learning in breaking these limitations, graph anomaly detection with deep learning has received a growing attention recently. In this survey, we aim to provide a systematic and comprehensive review of the contemporary deep learning techniques for graph anomaly detection. Specifically, we provide a taxonomy that follows a task-driven strategy and categorizes existing work according to the anomalous graph objects that they can detect. We especially focus on the challenges in this research area and discuss the key intuitions, technical details as well as relative strengths and weaknesses of various techniques in each category. From the survey results, we highlight 12 future research directions spanning unsolved and emerging problems introduced by graph data, anomaly detection, deep learning and real-world applications. Additionally, to provide a wealth of useful resources for future studies, we have compiled a set of open-source implementations, public datasets, and commonly-used evaluation metrics. With this survey, our goal is to create a "one-stop-shop" that provides a unified understanding of the problem categories and existing approaches, publicly available hands-on resources, and high-impact open challenges for graph anomaly detection using deep learning.
Anomaly detection is an important problem with multiple applications, and thus has been studied for decades in various research domains. In the past decade there has been a growing interest in ...anomaly detection in data represented as networks, or graphs, largely because of their robust expressiveness and their natural ability to represent complex relationships. Originally, techniques focused on anomaly detection in static graphs, which do not change and are capable of representing only a single snapshot of data. As real‐world networks are constantly changing, there has been a shift in focus to dynamic graphs, which evolve over time.
In this survey, we aim to provide a comprehensive overview of anomaly detection in dynamic networks, concentrating on the state‐of‐the‐art methods. We first describe four types of anomalies that arise in dynamic networks, providing an intuitive explanation, applications, and a concrete example for each. Having established an idea for what constitutes an anomaly, a general two‐stage approach to anomaly detection in dynamic networks that is common among the methods is presented. We then construct a two‐tiered taxonomy, first partitioning the methods based on the intuition behind their approach, and subsequently subdividing them based on the types of anomalies they detect. Within each of the tier one categories—community, compression, decomposition, distance, and probabilistic model based—we highlight the major similarities and differences, showing the wealth of techniques derived from similar conceptual approaches. WIREs Comput Stat 2015, 7:223–247. doi: 10.1002/wics.1347
This article is categorized under:
Algorithms and Computational Methods > Algorithms
Data: Types and Structure > Graph and Network Data
Statistical Learning and Exploratory Methods of the Data Sciences > Pattern Recognition
A data mining approach is presented for probabilistic characterization of maritime traffic and anomaly detection. The approach automatically groups historical traffic data provided by the Automatic ...Identification System in terms of ship types, sizes, final destinations and other characteristics that influence the maritime traffic patterns off the continental coast of Portugal. The approach consists of identifying relevant waypoints along a route where significant changes in the ships’ navigational behaviour are observed, such as changes in heading, using trajectory compression and clustering algorithms. This provides a vector-based representation of the ship routes consisting of straight legs and connecting turning sections that facilitates route probabilistic characterization and anomaly detection. The maritime traffic is characterized probabilistically at the identified route legs and waypoints in terms of lateral distribution of the trajectories and speed profile, which allows the characterization of the typical behaviour of a group of similar ships along a particular route. In the proposed approach heading changes are automatically detected using the Douglas and Peucker algorithm and clustered by the density-based spatial clustering of applications with noise algorithm. The proposed method is applied to the characterization of southbound maritime traffic from the traffic separation scheme off Cape Roca to the ports of Lisbon, Setúbal and Sines. Finally, an example of ship trajectory anomaly detection based on the developed maritime traffic probabilistic models is provided.
•A data mining approach is presented for probabilistic characterization of the maritime traffic off the coast of Portugal.•The approach automatically groups historical traffic data in terms of ship types, sizes, final destinations.•The approach is identifying relevant waypoints where significant changes on the ships' dynamic behaviour are observed.•An example of ship trajectory anomaly detection based on the developed maritime traffic probabilistic models is provided.
Space anomaly detection plays a critical role in safeguarding the integrity and reliability of space systems amid the rising tide of threats. This survey aims to deepen comprehension of space cyber ...threats through space threat modeling, and meticulously examine the unique challenges of space anomaly detection. The survey identifies scalability, real-time detection, limited labeled data availability, concept drift, and adversarial attacks as key challenges based on thorough literature analysis and synthesis. By extensively exploring state-of-the-art anomaly detection techniques, the study evaluates their applicability, strengths, and limitations within space networks. Going beyond analysis, a notable contribution of this work involves integrating stream-based and graph-based methods, tailored to capture the intricate temporal and structural relationships inherent in space networks. This innovative hybrid approach holds promise for heightened detection accuracy and sets the stage for future research endeavors. As space threats continue evolving in both number and sophistication, this survey timely provides insights, recommendations, and a clear roadmap for researchers, engineers, and practitioners to fortify space anomaly detection mechanisms.
•Identified unique challenges, threats and threat scenarios in space through threat modeling.•Analysed challenges, proposed space anomaly detection architecture and system via literature synthesis.•Introduced a fusion of stream-based and graph-based techniques for space anomaly detection.•Forwarded actionable recommendations and potential research paths to enhance space anomaly detection.