Anomaly detection: A survey

@article{Chandola2009AnomalyDA,
  title={Anomaly detection: A survey},
  author={Varun Chandola and Arindam Banerjee and Vipin Kumar},
  journal={ACM Comput. Surv.},
  year={2009},
  volume={41},
  pages={15:1-15:58}
}
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. [...] Key Method This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this…Expand
TR 09-015 Anomaly Detection for Discrete Sequences : A Survey
TLDR
This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete sequences and highlights the applicability of the techniques that handle discrete sequences to other related areas such as online anomaly detection and time series anomaly detection.
Anomaly Detection for Discrete Sequences: A Survey
TLDR
This survey attempts to provide a comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete/symbolic sequences and reveals new variants and combinations that have not been investigated before for anomaly detection.
A Survey on Anomaly Detection Strategies
TLDR
This paper provides a concise overview of the most broadly used strategies for detecting anomalies, and presents recent research works briefly, along with their established methodology.
A Framework for Anomaly Detection withApplications to Sequences
TLDR
A novel approach to anomaly detection research is presented, in which the task of finding appropriate anomaly detection methods for some specific application is formulated as an optimisation problem over a set of possible problem formulations.
A reference based analysis framework for understanding anomaly detection techniques for symbolic sequences
TLDR
Two anomaly detection techniques for symbolic sequences are proposed, which show consistently superior performance over the existing techniques across the different data sets, and are proposed using the RBA framework.
Experimental Comparison and Survey of Twelve Time Series Anomaly Detection Algorithms
The existence of an anomaly detection method that is optimal for all domains is a myth. Thus, there exists a plethora of anomaly detection methods which increases every year for a wide variety of
Machine Learning for Anomaly Detection: A Systematic Review
TLDR
A Systematic Literature Review (SLR) which analyzes ML models that detect anomalies in their application and provides researchers with recommendations and guidelines based on this review.
A Survey on Anomaly Based Host Intrusion Detection System
TLDR
This survey provides a study of existing anomaly detection techniques, and how the techniques used in one area can be applied in another application domain.
Anomaly Detection inMachine-Generated Data:A Structured Approach
TLDR
New theory for comparing and reasoning about anomaly detection tasks and methods is introduced, which facilitates a problem-oriented rather than a method-oriented approach to the subject.
VADETIS: An Explainable Evaluator for Anomaly Detection Techniques
TLDR
A new evaluator is presented that allows to peruse the performance of several anomaly detection techniques and supports practitioners in understanding the behavior and (dis-)advantages of each technique for a given dataset.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 509 REFERENCES
Conditional Anomaly Detection
TLDR
A general purpose method called conditional anomaly detection for taking differences among attributes into account, and three different expectation-maximization algorithms for learning the model that is used in conditional anomalies detection are proposed.
Specification-based anomaly detection: a new approach for detecting network intrusions
TLDR
Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, it is shown that the use of protocol specifications in the approach simplifies this problem.
A Classification Framework for Anomaly Detection
TLDR
It turns out that the empirical classification risk can serve as an empirical performance measure for the anomaly detection problem and this enables a support vector machine (SVM) for anomaly detection for which it can easily establish universal consistency.
A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection
TLDR
The experimental results indicate that some anomaly detection schemes appear very promising when detecting novel intrusions in both DARPA’98 data and real network data.
Graph-based anomaly detection
TLDR
This paper introduces two techniques for graph-based anomaly detection, and introduces a new method for calculating the regularity of a graph, with applications to anomaly detection.
Temporal sequence learning and data reduction for anomaly detection
TLDR
An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information.
Temporal sequence learning and data reduction for anomaly detection
TLDR
An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information.
Combining filtering and statistical methods for anomaly detection
TLDR
It is explained here how any anomaly detection method can be viewed as a problem in statistical hypothesis testing, and four different methods for analyzing residuals, two of which are new are studied and compared.
Detection and classification of intrusions and faults using sequences of system calls
TLDR
It is verified that Anomaly Dictionaries for the UNM's sendmail Program have very little overlap, and can be effectively used for Anomaly Classification, and it is shown that a hybrid scheme, combining the proposed classification strategy with the original Anomaly Counts can lead to a substantial improvement in the overall detection rates for the sendmail dataset.
Detecting Novel Network Intrusions Using Bayes Estimators
TLDR
This work has been funded by AFRL Rome Labs under the contract F 30602-00-2-0512 and aims to detect well-known attacks as well as slight variations of them, by characterizing the rules that govern these attacks.
...
1
2
3
4
5
...