Anomaly detection: A survey

@article{Chandola2009AnomalyDA,
  title={Anomaly detection: A survey},
  author={Varun Chandola and Arindam Banerjee and Vipin Kumar},
  journal={ACM Comput. Surv.},
  year={2009},
  volume={41},
  pages={15:1-15:58}
}
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. [...] Key Method This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this…Expand
TR 09-015 Anomaly Detection for Discrete Sequences : A Survey
TLDR
This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete sequences and highlights the applicability of the techniques that handle discrete sequences to other related areas such as online anomaly detection and time series anomaly detection. Expand
Anomaly Detection for Discrete Sequences: A Survey
TLDR
This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete/symbolic sequences and reveals new variants and combinations that have not been investigated before for anomaly detection. Expand
A Framework for Anomaly Detection withApplications to Sequences
TLDR
A novel approach to anomaly detection research is presented, in which the task of finding appropriate anomaly detection methods for some specific application is formulated as an optimisation problem over a set of possible problem formulations. Expand
A reference based analysis framework for understanding anomaly detection techniques for symbolic sequences
TLDR
Two anomaly detection techniques for symbolic sequences are proposed, which show consistently superior performance over the existing techniques across the different data sets, and are proposed using the RBA framework. Expand
Machine Learning for Anomaly Detection: A Systematic Review
TLDR
A Systematic Literature Review (SLR) which analyzes ML models that detect anomalies in their application and provides researchers with recommendations and guidelines based on this review. Expand
A Survey on Anomaly Based Host Intrusion Detection System
TLDR
This survey provides a study of existing anomaly detection techniques, and how the techniques used in one area can be applied in another application domain. Expand
Anomaly Detection inMachine-Generated Data:A Structured Approach
TLDR
New theory for comparing and reasoning about anomaly detection tasks and methods is introduced, which facilitates a problem-oriented rather than a method-oriented approach to the subject. Expand
VADETIS: An Explainable Evaluator for Anomaly Detection Techniques
TLDR
A new evaluator is presented that allows to peruse the performance of several anomaly detection techniques and supports practitioners in understanding the behavior and (dis-)advantages of each technique for a given dataset. Expand
A taxonomy and platform for anomaly detection
TLDR
The goal of this paper is to propose a taxonomy for anomaly detection methods and also to present a platform that allows a developer to find and tune a given anomaly detection method that is optimal for an application. Expand
Ensemble Methods for Anomaly Detection
TLDR
This work proposes ensemble anomaly detection techniques that perform well in many applications, with four major contributions: using bootstrapping to better detect anomalies on multiple subsamples, sequential application of diverse detection algorithms, a novel adaptive sampling and learning algorithm, and improving the random forest algorithms for detecting anomalies in streaming data. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 511 REFERENCES
Conditional Anomaly Detection
TLDR
A general purpose method called conditional anomaly detection for taking differences among attributes into account, and three different expectation-maximization algorithms for learning the model that is used in conditional anomalies detection are proposed. Expand
Specification-based anomaly detection: a new approach for detecting network intrusions
TLDR
Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, it is shown that the use of protocol specifications in the approach simplifies this problem. Expand
A Classification Framework for Anomaly Detection
TLDR
It turns out that the empirical classification risk can serve as an empirical performance measure for the anomaly detection problem and this enables a support vector machine (SVM) for anomaly detection for which it can easily establish universal consistency. Expand
A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection
TLDR
The experimental results indicate that some anomaly detection schemes appear very promising when detecting novel intrusions in both DARPA’98 data and real network data. Expand
Temporal sequence learning and data reduction for anomaly detection
TLDR
An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information. Expand
Graph-based anomaly detection
TLDR
This paper introduces two techniques for graph-based anomaly detection, and introduces a new method for calculating the regularity of a graph, with applications to anomaly detection. Expand
Temporal sequence learning and data reduction for anomaly detection
TLDR
An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information. Expand
Combining filtering and statistical methods for anomaly detection
TLDR
It is explained here how any anomaly detection method can be viewed as a problem in statistical hypothesis testing, and four different methods for analyzing residuals, two of which are new are studied and compared. Expand
Detection and classification of intrusions and faults using sequences of system calls
TLDR
It is verified that Anomaly Dictionaries for the UNM's sendmail Program have very little overlap, and can be effectively used for Anomaly Classification, and it is shown that a hybrid scheme, combining the proposed classification strategy with the original Anomaly Counts can lead to a substantial improvement in the overall detection rates for the sendmail dataset. Expand
Detecting Novel Network Intrusions Using Bayes Estimators
TLDR
This work has been funded by AFRL Rome Labs under the contract F 30602-00-2-0512 and aims to detect well-known attacks as well as slight variations of them, by characterizing the rules that govern these attacks. Expand
...
1
2
3
4
5
...