Anomaly detection: A survey

@article{Chandola2009AnomalyDA,
  title={Anomaly detection: A survey},
  author={Varun Chandola and Arindam Banerjee and Vipin Kumar},
  journal={ACM Comput. Surv.},
  year={2009},
  volume={41},
  pages={15:1-15:58}
}
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. [] Key Method This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this…

TR 09-015 Anomaly Detection for Discrete Sequences : A Survey

This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete sequences and highlights the applicability of the techniques that handle discrete sequences to other related areas such as online anomaly detection and time series anomaly detection.

Anomaly Detection for Discrete Sequences: A Survey

This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete/symbolic sequences and reveals new variants and combinations that have not been investigated before for anomaly detection.

A Survey on Anomaly Detection Strategies

This paper provides a concise overview of the most broadly used strategies for detecting anomalies, and presents recent research works briefly, along with their established methodology.

A Framework for Anomaly Detection withApplications to Sequences

A novel approach to anomaly detection research is presented, in which the task of finding appropriate anomaly detection methods for some specific application is formulated as an optimisation problem over a set of possible problem formulations.

A reference based analysis framework for understanding anomaly detection techniques for symbolic sequences

Two anomaly detection techniques for symbolic sequences are proposed, which show consistently superior performance over the existing techniques across the different data sets, and are proposed using the RBA framework.

Machine Learning for Anomaly Detection: A Systematic Review

A Systematic Literature Review (SLR) which analyzes ML models that detect anomalies in their application and provides researchers with recommendations and guidelines based on this review.

Experimental Comparison and Survey of Twelve Time Series Anomaly Detection Algorithms

The existence of an anomaly detection method that is optimal for all domains is a myth. Thus, there exists a plethora of anomaly detection methods which increases every year for a wide variety of

Anomaly Detection inMachine-Generated Data:A Structured Approach

New theory for comparing and reasoning about anomaly detection tasks and methods is introduced, which facilitates a problem-oriented rather than a method-oriented approach to the subject.

VADETIS: An Explainable Evaluator for Anomaly Detection Techniques

A new evaluator is presented that allows to peruse the performance of several anomaly detection techniques and supports practitioners in understanding the behavior and (dis-)advantages of each technique for a given dataset.

A taxonomy and platform for anomaly detection

The goal of this paper is to propose a taxonomy for anomaly detection methods and also to present a platform that allows a developer to find and tune a given anomaly detection method that is optimal for an application.
...

References

SHOWING 1-10 OF 400 REFERENCES

Conditional Anomaly Detection

A general purpose method called conditional anomaly detection for taking differences among attributes into account, and three different expectation-maximization algorithms for learning the model that is used in conditional anomalies detection are proposed.

A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection

The experimental results indicate that some anomaly detection schemes appear very promising when detecting novel intrusions in both DARPA’98 data and real network data.

A Classification Framework for Anomaly Detection

It turns out that the empirical classification risk can serve as an empirical performance measure for the anomaly detection problem and this enables a support vector machine (SVM) for anomaly detection for which it can easily establish universal consistency.

Graph-based anomaly detection

This paper introduces two techniques for graph-based anomaly detection, and introduces a new method for calculating the regularity of a graph, with applications to anomaly detection.

Temporal sequence learning and data reduction for anomaly detection

An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information.

Temporal sequence learning and data reduction for anomaly detection

An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information.

Combining filtering and statistical methods for anomaly detection

It is explained here how any anomaly detection method can be viewed as a problem in statistical hypothesis testing, and four different methods for analyzing residuals, two of which are new are studied and compared.

Detection and classification of intrusions and faults using sequences of system calls

It is verified that Anomaly Dictionaries for the UNM's sendmail Program have very little overlap, and can be effectively used for Anomaly Classification, and it is shown that a hybrid scheme, combining the proposed classification strategy with the original Anomaly Counts can lead to a substantial improvement in the overall detection rates for the sendmail dataset.

Detecting Novel Network Intrusions Using Bayes Estimators

This work has been funded by AFRL Rome Labs under the contract F 30602-00-2-0512 and aims to detect well-known attacks as well as slight variations of them, by characterizing the rules that govern these attacks.

Using artificial anomalies to detect unknown and known network intrusions

An algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies is proposed.
...