Machine Learning-based Anomaly Detection Research Articles

A Unified Seismicity Catalog Development for Saudi Arabia: Multi-Network Fusion and Machine Learning-Based Anomaly Detection

A Unified Seismicity Catalog Development for Saudi Arabia: Multi-Network Fusion and Machine Learning-Based Anomaly Detection

Machine Learning-Based Anomaly Detection on Seawater Temperature Data with Oversampling

Machine Learning-Based Anomaly Detection on Seawater Temperature Data with Oversampling

Machine Learning-based Anomaly Detection for Fraudulent Banking Activities

Abstract: In this research, we look at how class weight-tuning hyperparameters can be used to balance the relative weights of fraudulent and authentic transactions. We utilize Bayesian optimization to optimize hyperparameters while taking into account real-world issues like imbalanced data. We suggest weight-tuning as a pre-process for unbalanced data, as well as CatBoost and XGBoost, to improve the performance of the LightGBM method by addressing these real-world difficulties. Finally, we employ deep learning to adjust the hyperparameters (particularly our suggested weight-tuning technique) in order to increase overall performance. We do experiments on real-world data to validate the recommended approaches. In addition to the usual ROCAUC, we employ recall-precision measures to better address unbalanced datasets. CatBoost, LightGBM, and XGBoost are assessed independently using a 5-fold cross-validation methodology. Furthermore, the integrated algorithms' performance is evaluated using a majority voting ensemble learning approach. The findings indicate that LightGBM and XGBoost meet the optimum level condition of ROC-AUC = 0.95, precision 0.79, recall 0.80, F1 score 0.79, and MCC 0.79. Deep learning and Bayesian optimization are used to modify the hyperparameters, yielding ROC-AUC = 0.94, precision = 0.80, recall = 0.82, F1 score = 0.81, and MCC = 0.81. This represents a huge improvement over the cutting-edge techniques that we utilized for comparison.

Anomaly Detection in Meteorological Data Using a Hierarchical Temporal Memory Model: A Study on the Case of Kazakhstan

In meteorology, which studies atmospheric events, data representing various properties such as temperature, rainfall, and wind speed are collected regularly over a certain period. Unexpected trends in the data may indicate that an abnormal situation is approaching. Therefore, time series (TS) data play an essential role in the early detection of potential meteorological risks. However, applying effective models by considering many complex parameters in performing accurate analysis and anomaly detection (AD) is an important criterion. In this study, machine learning-based AD is performed using a dataset containing meteorological data on different features collected between January 1, 2019, and June 30, 2023, for Kazakhstan, which has the ninth-largest surface area in the world. The Hierarchical Temporal Memory (HTM) model was used for AD, which can provide more accurate forecasts by modeling long-term dependencies and producing effective results in solving TS problems. Detected anomalies are reported at various levels depending on threshold values. In addition, to analyze the ADs more precisely, correlations are calculated using the Spearman model, which allows us to determine the strength and direction of the monotonic relationship between variables. The study's findings show that the HTM is an effective model for AD using TS data on meteorological features.

Enhancing Cyber Security through Machine Learning-Based Anomaly Detection in IoT Networks

The rapid proliferation of IOT (Internet of Things) networks has brought transformative benefits to industries and everyday life. However, it has also introduced unprecedented cyber security challenges, necessitating advanced techniques for anomaly detection. This research focuses on enhancing cyber security through the application of machine learning-based anomaly detection methods, specifically One-Class Support Vector Machine (SVM) and Isolation Forest, in the context of IOT networks. While Isolation Forest effectively isolates anomalies by building isolation trees, One-Class SVM models the normal data distribution, effectively separating anomalies. To provide a strong security framework for IoT networks, we suggest a comprehensive strategy that combines both algorithms. Our method enables the detection of anomalies in real-time IOT data streams, facilitating prompt responses to new threats. Data collection, preprocessing, and model training are key components. This study helps protect IOT ecosystems and maintain data integrity and privacy in an increasingly connected world by utilizing the benefits of One-Class SVM and Isolation Forest.

A machine learning-based Anomaly Detection Framework for building electricity consumption data

A suboptimal management or system malfunction can often lead to abnormal energy consumptions in buildings, which result in a significant waste of energy. For this reason, the adoption of advanced monitoring systems, based on Machine Learning (ML) and visualization techniques, is crucial to avoid possible deviations from the baseline energy consumption. However, the historical data on which analyses are based generally do not report the occurrence of anomalies. Therefore, the application of supervised ML techniques is limited and unsupervised approaches are favored. Moreover, domain experts find most Machine Learning (ML) techniques hard to interpret, and thus find it difficult to contextualize anomalies. To overcome these issues, this work proposes a machine learning-based Anomaly Detection Framework (ADF) that involves the use of two complementary semi-supervised ML applications to obtain a highly interpretable and accurate detection of anomalies. Both techniques use Symbolic Aggregate approXimation (SAX) encoding to extract the most relevant information from load profiles. The aim of the first approach is to maximize the interpretability of the definition and distinction between anomalous and normal behavior. This is achieved using a Classification And Regression Tree (CART), albeit at the expense of a coarser output granularity. The second approach exploits an Multi-Layer Perceptron (MLP) algorithm to obtain a higher and more accurate output resolution, although it leads to a less interpretable definition of any anomalous behavior. The ADF has been applied to a real case study using electricity consumption data provided by a large telecommunications service provider. The results show that combining both ML models enhances the accuracy and interpretability of the detected anomalies.

Simple Heuristics as a Viable Alternative to Machine Learning-Based Anomaly Detection in Industrial IoT

Simple Heuristics as a Viable Alternative to Machine Learning-Based Anomaly Detection in Industrial IoT

Machine Learning-Based Anomaly Detection in NFV: A Comprehensive Survey.

Network function virtualization (NFV) is a rapidly growing technology that enables the virtualization of traditional network hardware components, offering benefits such as cost reduction, increased flexibility, and efficient resource utilization. Moreover, NFV plays a crucial role in sensor and IoT networks by ensuring optimal resource usage and effective network management. However, adopting NFV in these networks also brings security challenges that must promptly and effectively address. This survey paper focuses on exploring the security challenges associated with NFV. It proposes the utilization of anomaly detection techniques as a means to mitigate the potential risks of cyber attacks. The research evaluates the strengths and weaknesses of various machine learning-based algorithms for detecting network-based anomalies in NFV networks. By providing insights into the most efficient algorithm for timely and effective anomaly detection in NFV networks, this study aims to assist network administrators and security professionals in enhancing the security of NFV deployments, thus safeguarding the integrity and performance of sensors and IoT systems.

A Machine Learning-Based Anomaly Detection Method and Blockchain-Based Secure Protection Technology in Collaborative Food Supply Chain

The complexity of the collaborative food supply chain has resulted in the frequent occurrence of food safety incidents, which harm people's health and life. Therefore, the maintenance of food safety has become a key value. This study expects to solve the food safety problem and bring more benefits to people using intelligent systems. To meet the safety needs of the collaborative food supply chain, this study designed a food safety protection system architecture which collects the supply and sales data of various suppliers, as well as the data of equipment used in production. The architecture can carry out anomaly detections with machine learning to make a preliminary judgement on whether a problem has occurred in this batch of food during the transaction, and then implement in-depth anomaly detections with the supplier's equipment to determine the stage at which this problem occurred. The proposed system can help food operators achieve effective food monitoring, prediction, prevention, and improvement, thereby improving food safety.

Aquila Optimization with Machine Learning-Based Anomaly Detection Technique in Cyber-Physical Systems

Cyber-physical system (CPS) is a concept that integrates every computer-driven system interacting closely with its physical environment. Internet-of-things (IoT) is a union of devices and technologies that provide universal interconnection mechanisms between the physical and digital worlds. Since the complexity level of the CPS increases, an adversary attack becomes possible in several ways. Assuring security is a vital aspect of the CPS environment. Due to the massive surge in the data size, the design of anomaly detection techniques becomes a challenging issue, and domain-specific knowledge can be applied to resolve it. This article develops an Aquila Optimizer with Parameter Tuned Machine Learning Based Anomaly Detection (AOPTML-AD) technique in the CPS environment. The presented AOPTML-AD model intends to recognize and detect abnormal behaviour in the CPS environment. The presented AOPTML-AD framework initially pre-processes the network data by converting them into a compatible format. Besides, the improved Aquila optimization algorithm-based feature selection (IAOA-FS) algorithm is designed to choose an optimal feature subset. Along with that, the chimp optimization algorithm (ChOA) with an adaptive neuro-fuzzy inference system (ANFIS) model can be employed to recognise anomalies in the CPS environment. The ChOA is applied for optimal adjusting of the membership function (MF) indulged in the ANFIS method. The performance validation of the AOPTML-AD algorithm is carried out using the benchmark dataset. The extensive comparative study reported the better performance of the AOPTML-AD technique compared to recent models, with an accuracy of 99.37%.

Machine Learning-Based Anomaly Detection Using K-Mean Array and Sequential Minimal Optimization

Recently, artificial intelligence (AI) techniques have been used to describe the characteristics of information, as they help in the process of data mining (DM) to analyze data and reveal rules and patterns. In DM, anomaly detection is an important area that helps discover hidden behavior within the data that is most vulnerable to attack. It also helps detect network intrusion. Algorithms such as hybrid K-mean array and sequential minimal optimization (SMO) rating can be used to improve the accuracy of the anomaly detection rate. This paper presents an anomaly detection model based on the machine learning (ML) technique. ML improves the detection rate, reduces the false-positive alarm rate, and is capable of enhancing the accuracy of intrusion classification. This study used a dataset known as network security-knowledge and data discovery (NSL-KDD) lab to evaluate a proposed hybrid ML technology. K-mean cluster and SMO were used for classification. In the study, the performance of the proposed anomaly detection was tested, and results showed that the use of K-mean and SMO enhances the rate of positive detection besides reducing the rate of false alarms and achieving a high accuracy at the same time. Moreover, the proposed algorithm outperformed recent and close work related to using similar variables and the environment by 14.48% and decreased false alarm probability (FAP) by (12%) in addition to giving a higher accuracy by 97.4%. These outcomes are attributed to the common algorithm providing an appropriate number of detectors to be generated with an acceptable accurate detection and a trivial false alarm probability (FAP). The proposed hybrid algorithm could be considered for anomaly detection in future data mining systems, where processing in real-time is highly likely to be reduced dramatically. The justification is that the hybrid algorithm can provide appropriate detectors numbers that can be generated with an acceptable detection accuracy and trivial FAP. Given to the low FAP, it is highly expected to reduce the time of the preprocessing and processing compared with the other algorithms.

Machine Learning-Based Anomaly Detection for Multivariate Time Series With Correlation Dependency

Recent advances in data collection facilitate the acquisition of large quantities of multivariate time series (MTS) data from various real-world systems. Anomaly detection in high-dimensional MTS data is essential to improving the productivity and safety of such systems; however, capturing the complex intercorrelations between different pairs of time series related to anomalous patterns is challenging. In this study, two different anomaly detection problems—mean shift and structural change—were defined based on the correlation dependency of MTS. Existing algorithms were experimentally analyzed and compared based on their correlation dependency encoding methods using synthetic datasets, with the results revealing that the explicit encoding of correlation dependency improves the predictive performance of anomaly detection in MTS data.

Towards Machine Learning-based Anomaly Detection on Time-Series Data

The complexity of network infrastructures is exponentially growing. Real-time monitoring of these infrastructures is essential to secure their reliable operation. The concept of telemetry has been introduced in recent years to foster this process by streaming time-series data that contain feature-rich information concerning the state of network components. In this paper, we focus on a particular application of telemetry — anomaly detection on time-series data. We rigorously examined state-of-the-art anomaly detection methods. Upon close inspection of the methods, we observed that none of them suits our requirements as they typically face several limitations when applied on time-series data. This paper presents Alter-Re2, an improved version of ReRe, a state-of-the-art Long Short- Term Memory-based machine learning algorithm. Throughout a systematic examination, we demonstrate that by introducing the concepts of ageing and sliding window, the major limitations of ReRe can be overcome. We assessed the efficacy of Alter-Re2 using ten different datasets and achieved promising results. Alter-Re2 performs three times better on average when compared to ReRe.

Self-Diagnosis of Multiphase Flow Meters through Machine Learning-Based Anomaly Detection

Measuring systems are becoming increasingly sophisticated in order to tackle the challenges of modern industrial problems. In particular, the Multiphase Flow Meter (MPFM) combines different sensors and data fusion techniques to estimate quantities that are difficult to be measured like the water or gas content of a multiphase flow, coming from an oil well. The evaluation of the flow composition is essential for the well productivity prediction and management, and for this reason, the quantification of the meter measurement quality is crucial. While instrument complexity is increasing, demands for confidence levels in the provided measures are becoming increasingly more common. In this work, we propose an Anomaly Detection approach, based on unsupervised Machine Learning algorithms, that enables the metrology system to detect outliers and to provide a statistical level of confidence in the measures. The proposed approach, called AD4MPFM (Anomaly Detection for Multiphase Flow Meters), is designed for embedded implementation and for multivariate time-series data streams. The approach is validated both on real and synthetic data.

Efficient Distributed Preprocessing Model for Machine Learning-Based Anomaly Detection over Large-Scale Cybersecurity Datasets

New computational and technological paradigms that currently guide developments in the information society, i.e., Internet of things, pervasive technology, or Ubicomp, favor the appearance of new intrusion vectors that can directly affect people’s daily lives. This, together with advances in techniques and methods used for developing new cyber-attacks, exponentially increases the number of cyber threats which affect the information society. Because of this, the development and improvement of technology that assists cybersecurity experts to prevent and detect attacks arose as a fundamental pillar in the field of cybersecurity. Specifically, intrusion detection systems are now a fundamental tool in the provision of services through the internet. However, these systems have certain limitations, i.e., false positives, real-time analytics, etc., which require their operation to be supervised. Therefore, it is necessary to offer architectures and systems that favor an efficient analysis of the data handled by these tools. In this sense, this paper presents a new model of data preprocessing based on a novel distributed computing architecture focused on large-scale datasets such as UGR’16. In addition, the paper analyzes the use of machine learning techniques in order to improve the response and efficiency of the proposed preprocessing model. Thus, the solution developed achieves good results in terms of computer performance. Finally, the proposal shows the adequateness of decision tree algorithms for training a machine learning model by using a large dataset when compared with a multilayer perceptron neural network.

Machine Learning-based Anomaly Detection of Ganglia Monitoring Data in HEP Data Center

This paper introduces a generic and scalable anomaly detection framework. Anomaly detection can improve operation and maintenance efficiency and assure experiments can be carried out effectively. The framework facilitates common tasks such as data sample building, retagging and visualization, deviation measurement and performance measurement for machine learning-based anomaly detection methods. The samples we used are sourced from Ganglia monitoring data. There are several anomaly detection methods to handle spatial and temporal anomalies within the framework. Finally, we show the rudimental application of the framework on Lustre distributed file systems in daily operation and maintenance.

Machine Learning-Based Anomaly Detection for Load Forecasting Under Cyberattacks

Accurate load forecasting can create both economic and reliability benefits for power system operators. However, the cyberattack on load forecasting may mislead operators to make unsuitable operational decisions for the electricity delivery. To effectively and accurately detect these cyberattacks, this paper develops a machine learning-based anomaly detection (MLAD) methodology. First, load forecasts provided by neural networks are used to reconstruct the benchmark and scaling data by using the k-means clustering. Second, the cyberattack template is estimated by the naive Bayes classification based on the cumulative distribution function and statistical features of the scaling data. Finally, the dynamic programming is utilized to calculate both the occurrence and parameter of one cyberattack on load forecasting data. A widely used symbolic aggregation approximation method is compared with the developed MLAD method. Numerical simulations on the publicly load data show that the MLAD method can effectively detect cyberattacks for load forecasting data with relatively high accuracy. Also, the robustness of MLAD is verified by thousands of attack scenarios based on Monte Carlo simulation.