An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

Anomaly detection aims to identify the true anomalies from a given set of data instances. Unsupervised anomaly detection algorithms are applied to an unlabeled dataset by producing a ranked list based on anomaly scores. Unfortunately, due to the inherent limitations, many of the top-ranked instances by unsupervised algorithms are not anomalies or not interesting from an application perspective, which leads to high false-positive rates. Active anomaly discovery (AAD) is proposed to overcome this deficiency, which sequentially selects instances to get the labeling information and incorporate it into the anomaly detection algorithm to improve the detection accuracy iteratively. However, labeling is often costly. Therefore, the way to balance detection accuracy and labeling cost is essential. Along this line, this paper proposes a novel AAD method to achieve the goal. Our approach is based on the state-of-the-art unsupervised anomaly detection algorithm, namely, Isolation Forest, to extract features. Thereafter, the sparsity of the extracted features is utilized to improve its anomaly detection performance. To enforce the sparsity of the features and subsequent improvement of the detection analysis, a new algorithm based on online gradient descent, namely, Sparse Approximated Linear Anomaly Discovery (SALAD), is proposed with its theoretical Regret analysis. Extensive experiments on both open-source and additive manufacturing datasets demonstrate that the proposed algorithm significantly outperforms the state-of-the-art algorithms for anomaly detection.

Download Full-text

A Novel Active Anomaly Discovery Method and its Applications in Additive Manufacturing

10.36227/techrxiv.16674412 ◽

2021 ◽

Author(s):

Bo Shen ◽

Zhenyu Kong

Keyword(s):

Additive Manufacturing ◽

Anomaly Detection ◽

State Of The Art ◽

Detection Algorithm ◽

The State ◽

Detection Accuracy ◽

Detection Algorithms ◽

Detection Analysis ◽

Unsupervised Anomaly Detection ◽

Discovery Method

Anomaly detection aims to identify the true anomalies from a given set of data instances. Unsupervised anomaly detection algorithms are applied to an unlabeled dataset by producing a ranked list based on anomaly scores. Unfortunately, due to the inherent limitations, many of the top-ranked instances by unsupervised algorithms are not anomalies or not interesting from an application perspective, which leads to high false-positive rates. Active anomaly discovery (AAD) is proposed to overcome this deficiency, which sequentially selects instances to get the labeling information and incorporate it into the anomaly detection algorithm to improve the detection accuracy iteratively. However, labeling is often costly. Therefore, the way to balance detection accuracy and labeling cost is essential. Along this line, this paper proposes a novel AAD method to achieve the goal. Our approach is based on the state-of-the-art unsupervised anomaly detection algorithm, namely, Isolation Forest, to extract features. Thereafter, the sparsity of the extracted features is utilized to improve its anomaly detection performance. To enforce the sparsity of the features and subsequent improvement of the detection analysis, a new algorithm based on online gradient descent, namely, Sparse Approximated Linear Anomaly Discovery (SALAD), is proposed with its theoretical Regret analysis. Extensive experiments on both open-source and additive manufacturing datasets demonstrate that the proposed algorithm significantly outperforms the state-of-the-art algorithms for anomaly detection.

Download Full-text

Performance analysis of statistical anomaly detection algorithms

10.17918/d8t967 ◽

2021 ◽

Author(s):

Ni An

Keyword(s):

Performance Analysis ◽

Anomaly Detection ◽

Detection Algorithms ◽

Statistical Anomaly Detection

Download Full-text

Add-On Anomaly Threshold Technique for Improving Unsupervised Intrusion Detection on SCADA Data

Electronics ◽

10.3390/electronics9061017 ◽

2020 ◽

Vol 9 (6) ◽

pp. 1017 ◽

Cited By ~ 1

Author(s):

Abdulmohsen Almalawi ◽

Adil Fahad ◽

Zahir Tari ◽

Asif Irshad Khan ◽

Nouf Alzahrani ◽

...

Keyword(s):

Anomaly Detection ◽

Supervisory Control ◽

State Of The Art ◽

Current Approach ◽

Industrial Processes ◽

Parameter Choice ◽

Detection Algorithms ◽

Detection Approach ◽

Unsupervised Anomaly Detection ◽

Threshold Technique

Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is sensitive to parameter choices, especially when the boundaries between normal and abnormal behaviours are not clearly distinguishable. Therefore, the current approach in detecting anomaly for SCADA is based on the assumptions by which anomalies are defined; these assumptions are controlled by a parameter choice. This paper proposes an add-on anomaly threshold technique to identify the observations whose anomaly scores are extreme and significantly deviate from others, and then such observations are assumed to be ”abnormal”. The observations whose anomaly scores are significantly distant from ”abnormal” ones will be assumed as ”normal”. Then, the ensemble-based supervised learning is proposed to find a global and efficient anomaly threshold using the information of both ”normal”/”abnormal” behaviours. The proposed technique can be used for any unsupervised anomaly detection approach to mitigate the sensitivity of such parameters and improve the performance of the SCADA unsupervised anomaly detection approaches. Experimental results confirm that the proposed technique achieved a significant improvement compared to the state-of-the-art of two unsupervised anomaly detection algorithms.

Download Full-text

Deep Learning Based Surveillance System for Open Critical Areas

Inventions ◽

10.3390/inventions3040069 ◽

2018 ◽

Vol 3 (4) ◽

pp. 69 ◽

Cited By ~ 1

Author(s):

Francesco Turchini ◽

Lorenzo Seidenari ◽

Tiberio Uricchio ◽

Alberto Del Bimbo

Keyword(s):

Anomaly Detection ◽

State Of The Art ◽

Detection System ◽

Tracking System ◽

Critical Areas ◽

Parking Lot ◽

Recent Computer ◽

Quantitative Results ◽

Public Dataset ◽

Statistical Anomaly Detection

How to automatically monitor wide critical open areas is a challenge to be addressed. Recent computer vision algorithms can be exploited to avoid the deployment of a large amount of expensive sensors. In this work, we propose our object tracking system which, combined with our recently developed anomaly detection system. can provide intelligence and protection for critical areas. In this work. we report two case studies: an international pier and a city parking lot. We acquire sequences to evaluate the effectiveness of the approach in challenging conditions. We report quantitative results for object counting, detection, parking analysis, and anomaly detection. Moreover, we report state-of-the-art results for statistical anomaly detection on a public dataset.

Download Full-text

Unsupervised Anomalous Sound Detection for Machine Condition Monitoring Using Classification-Based Methods

Applied Sciences ◽

10.3390/app112311128 ◽

2021 ◽

Vol 11 (23) ◽

pp. 11128

Author(s):

Yaoguang Wang ◽

Yaohao Zheng ◽

Yunxiang Zhang ◽

Yongsheng Xie ◽

Sen Xu ◽

...

Keyword(s):

Anomaly Detection ◽

Condition Monitoring ◽

State Of The Art ◽

Area Under The Curve ◽

The State ◽

Ensemble Method ◽

Training Data ◽

Machine Condition ◽

Machine Condition Monitoring ◽

Sound Detection

The task of unsupervised anomalous sound detection (ASD) is challenging for detecting anomalous sounds from a large audio database without any annotated anomalous training data. Many unsupervised methods were proposed, but previous works have confirmed that the classification-based models far exceeds the unsupervised models in ASD. In this paper, we adopt two classification-based anomaly detection models: (1) Outlier classifier is to distinguish anomalous sounds or outliers from the normal; (2) ID classifier identifies anomalies using both the confidence of classification and the similarity of hidden embeddings. We conduct experiments in task 2 of DCASE 2020 challenge, and our ensemble method achieves an averaged area under the curve (AUC) of 95.82% and averaged partial AUC (pAUC) of 92.32%, which outperforms the state-of-the-art models.

Download Full-text

A DOUBLE-SHRINK AUTOENCODER FOR NETWORK ANOMALY DETECTION

Journal of Computer Science and Cybernetics ◽

10.15625/1813-9663/36/2/14578 ◽

2020 ◽

Vol 36 (2) ◽

pp. 159-172

Author(s):

Cong Thanh Bui ◽

Loi Cao Van ◽

Minh Hoang ◽

Quang Uy Nguyen

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

State Of The Art ◽

The State ◽

The Internet ◽

Learning Methods ◽

Network Attacks ◽

Machine Learning Methods ◽

Pull Out ◽

Network Anomaly Detection

The rapid development of the Internet and the wide spread of its applications has affected many aspects of our life. However, this development also makes the cyberspace more vulnerable to various attacks. Thus, detecting and preventing these attacks are crucial for the next development of the Internet and its services. Recently, machine learning methods have been widely adopted in detecting network attacks. Among many machine learning methods, AutoEncoders (AEs) are known as the state-of-the-art techniques for network anomaly detection. Although, AEs have been successfully applied to detect many types of attacks, it is often unable to detect some difficult attacks that attempt to mimic the normal network traffic. In order to handle this issue, we propose a new model based on AutoEncoder called Double-Shrink AutoEncoder (DSAE). DSAE put more shrinkage on the normal data in the middle hidden layer. This helps to pull out some anomalies that are very similar to normal data. DSAE are evaluated on six well-known network attacks datasets. The experimental results show that our model performs competitively to the state-of-the-art model, and often out-performs this model on the attacks group that is difficult for the previous methods.

Download Full-text

Nonoverlapping Blocks Based Copy-Move Forgery Detection

Security and Communication Networks ◽

10.1155/2018/1301290 ◽

2018 ◽

Vol 2018 ◽

pp. 1-11 ◽

Cited By ~ 7

Author(s):

Yu Sun ◽

Rongrong Ni ◽

Yao Zhao

Keyword(s):

Computational Complexity ◽

State Of The Art ◽

The State ◽

Experimental Results ◽

Forgery Detection ◽

Detection Algorithms ◽

Smooth Part ◽

Block Based ◽

Copy Move Forgery Detection ◽

High Computational Complexity

In order to solve the problem of high computational complexity in block-based methods for copy-move forgery detection, we divide image into texture part and smooth part to deal with them separately. Keypoints are extracted and matched in texture regions. Instead of using all the overlapping blocks, we use nonoverlapping blocks as candidates in smooth regions. Clustering blocks with similar color into a group can be regarded as a preprocessing operation. To avoid mismatching due to misalignment, we update candidate blocks by registration before projecting them into hash space. In this way, we can reduce computational complexity and improve the accuracy of matching at the same time. Experimental results show that the proposed method achieves better performance via comparing with the state-of-the-art copy-move forgery detection algorithms and exhibits robustness against JPEG compression, rotation, and scaling.

Download Full-text

Practical Picture Processing

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100051700 ◽

1974 ◽

Vol 32 ◽

pp. 338-339

Author(s):

T. A. Welton

Keyword(s):

Radiation Damage ◽

Coherence Length ◽

Spatial Information ◽

State Of The Art ◽

Coherent Radiation ◽

The State ◽

Energy Spread ◽

Electron Micrograph ◽

Picture Processing ◽

Molecular Skeleton

Various authors have emphasized the spatial information resident in an electron micrograph taken with adequately coherent radiation. In view of the completion of at least one such instrument, this opportunity is taken to summarize the state of the art of processing such micrographs. We use the usual symbols for the aberration coefficients, and supplement these with £ and 6 for the transverse coherence length and the fractional energy spread respectively. He also assume a weak, biologically interesting sample, with principal interest lying in the molecular skeleton remaining after obvious hydrogen loss and other radiation damage has occurred.

Download Full-text

Hypothesis-Evidence Coordination: The State of the Art

Contemporary Psychology ◽

10.1037/000988 ◽

2003 ◽

Vol 48 (6) ◽

pp. 826-829 ◽

Cited By ~ 1

Author(s):

Eric Amsel

Keyword(s):

State Of The Art ◽

The State

Download Full-text