Sensor-based remote health monitoring is used in industrial, urban and healthcare settings to monitor ongoing operation of equipment and human health. An important aim is to intervene early if anomalous events or adverse health is detected. In the wild, these anomaly detection approaches are challenged by noise, label scarcity, high dimensionality, explainability and wide variability in operating environments. The Contextual Matrix Profile (CMP) is a configurable 2-dimensional version of the Matrix Profile (MP) that uses the distance matrix of all subsequences of a time series to discover patterns and anomalies. The CMP is shown to enhance the effectiveness of the MP and other SOTA methods at detecting, visualising and interpreting true anomalies in noisy real world data from different domains. It excels at zooming out and identifying temporal patterns at configurable time scales. However, the CMP does not address cross-sensor information, and cannot scale to high dimensional data. We propose a novel, self-supervised graph-based approach for temporal anomaly detection that works on context graphs generated from the CMP distance matrix. The learned graph embeddings encode the anomalous nature of a time context. In addition, we evaluate other graph outlier algorithms for the same task. Given our pipeline is modular, graph construction, generation of graph embeddings, and pattern recognition logic can all be chosen based on the specific pattern detection application. We verified the effectiveness of graph-based anomaly detection and compared it with the CMP and 3 state-of-the art methods on two real-world healthcare datasets with different anomalies. Our proposed method demonstrated better recall, alert rate and generalisability.

Time series anomaly detection has applications in a wide range of research fields and applications, including manufacturing and healthcare. The presence of anomalies can indicate novel or unexpected events, such as production faults, system defects, or heart fluttering, and is therefore of particular interest. The large size and complex patterns of time series have led researchers to develop specialised deep learning models for detecting anomalous patterns. This survey focuses on providing structured and comprehensive state-of-the-art time series anomaly detection models through the use of deep learning. It providing a taxonomy based on the factors that divide anomaly detection models into different categories. Aside from describing the basic anomaly detection technique for each category, the advantages and limitations are also discussed. Furthermore, this study includes examples of deep anomaly detection in time series across various application domains in recent years. It finally summarises open issues in research and challenges faced while adopting deep anomaly detection models.

对于由硬件和软件组件组成的复杂分布式系统而言，异常检测是一个重要的问题。对此类系统的异常检测的要求和挑战的透彻理解对于系统的安全性至关重要，尤其是对于现实世界的部署。尽管有许多解决问题的研究领域和应用领域，但很少有人试图对这种系统进行深入研究。大多数异常检测技术是针对某些应用域的专门开发的，而其他检测技术则更为通用。在这项调查中，我们探讨了基于图的算法在复杂分布式异质系统中识别和减轻不同类型异常的重要潜力。我们的主要重点是在分布在复杂分布式系统上的异质计算设备上应用时，可深入了解图。这项研究分析，比较和对比该领域的最新研究文章。首先，我们描述了现实世界分布式系统的特征及其在复杂网络中的异常检测的特定挑战，例如数据和评估，异常的性质以及现实世界的要求。稍后，我们讨论了为什么可以在此类系统中利用图形以及使用图的好处。然后，我们将恰当地深入研究最先进的方法，并突出它们的优势和劣势。最后，我们评估和比较这些方法，并指出可能改进的领域。

Due to the issue that existing wireless sensor network (WSN)-based anomaly detection methods only consider and analyze temporal features, in this paper, a self-supervised learning-based anomaly node detection method based on an autoencoder is designed. This method integrates temporal WSN data flow feature extraction, spatial position feature extraction and intermodal WSN correlation feature extraction into the design of the autoencoder to make full use of the spatial and temporal information of the WSN for anomaly detection. First, a fully connected network is used to extract the temporal features of nodes by considering a single mode from a local spatial perspective. Second, a graph neural network (GNN) is used to introduce the WSN topology from a global spatial perspective for anomaly detection and extract the spatial and temporal features of the data flows of nodes and their neighbors by considering a single mode. Then, the adaptive fusion method involving weighted summation is used to extract the relevant features between different models. In addition, this paper introduces a gated recurrent unit (GRU) to solve the long-term dependence problem of the time dimension. Eventually, the reconstructed output of the decoder and the hidden layer representation of the autoencoder are fed into a fully connected network to calculate the anomaly probability of the current system. Since the spatial feature extraction operation is advanced, the designed method can be applied to the task of large-scale network anomaly detection by adding a clustering operation. Experiments show that the designed method outperforms the baselines, and the F1 score reaches 90.6%, which is 5.2% higher than those of the existing anomaly detection methods based on unsupervised reconstruction and prediction. Code and model are available at https://github.com/GuetYe/anomaly_detection/GLSL

Anomaly analytics is a popular and vital task in various research contexts, which has been studied for several decades. At the same time, deep learning has shown its capacity in solving many graph-based tasks like, node classification, link prediction, and graph classification. Recently, many studies are extending graph learning models for solving anomaly analytics problems, resulting in beneficial advances in graph-based anomaly analytics techniques. In this survey, we provide a comprehensive overview of graph learning methods for anomaly analytics tasks. We classify them into four categories based on their model architectures, namely graph convolutional network (GCN), graph attention network (GAT), graph autoencoder (GAE), and other graph learning models. The differences between these methods are also compared in a systematic manner. Furthermore, we outline several graph-based anomaly analytics applications across various domains in the real world. Finally, we discuss five potential future research directions in this rapidly growing field.

无监督的异常检测旨在通过在正常数据上训练来建立模型以有效地检测看不见的异常。尽管以前的基于重建的方法取得了富有成效的进展，但由于两个危急挑战，他们的泛化能力受到限制。首先，训练数据集仅包含正常模式，这限制了模型泛化能力。其次，现有模型学到的特征表示通常缺乏代表性，妨碍了保持正常模式的多样性的能力。在本文中，我们提出了一种称为自适应存储器网络的新方法，具有自我监督的学习（AMSL）来解决这些挑战，并提高无监督异常检测中的泛化能力。基于卷积的AutoEncoder结构，AMSL包含一个自我监督的学习模块，以学习一般正常模式和自适应内存融合模块来学习丰富的特征表示。四个公共多变量时间序列数据集的实验表明，与其他最先进的方法相比，AMSL显着提高了性能。具体而言，在具有9亿个样本的最大帽睡眠阶段检测数据集上，AMSL以精度和F1分数\ TextBF {4} \％+优于第二个最佳基线。除了增强的泛化能力之外，AMSL还针对输入噪声更加强大。

在智能交通系统中，交通拥堵异常检测至关重要。运输机构的目标有两个方面：监视感兴趣领域的一般交通状况，并在异常拥堵状态下定位道路细分市场。建模拥塞模式可以实现这些目标，以实现全市道路的目标，相当于学习多元时间序列（MTS）的分布。但是，现有作品要么不可伸缩，要么无法同时捕获MTS中的空间信息。为此，我们提出了一个由数据驱动的生成方法组成的原则性和全面的框架，该方法可以执行可拖动的密度估计来检测流量异常。我们的方法在特征空间中的第一群段段，然后使用条件归一化流以在无监督的设置下在群集级别识别异常的时间快照。然后，我们通过在异常群集上使用内核密度估计器来识别段级别的异常。关于合成数据集的广泛实验表明，我们的方法在召回和F1得分方面显着优于几种最新的拥塞异常检测和诊断方法。我们还使用生成模型来采样标记的数据，该数据可以在有监督的环境中训练分类器，从而减轻缺乏在稀疏设置中进行异常检测的标记数据。

日志分析是工程师用来解决大规模软件系统故障的主要技术之一。在过去的几十年中，已经提出了许多日志分析方法来检测日志反映的系统异常。他们通常将日志事件计数或顺序日志事件作为输入，并利用机器学习算法，包括深度学习模型来检测系统异常。这些异常通常被确定为对数序列中对数事件的定量关系模式或顺序模式的违反。但是，现有方法无法利用日志事件之间的空间结构关系，从而导致潜在的错误警报和不稳定的性能。在这项研究中，我们提出了一种新型的基于图的对数异常检测方法loggd，以通过将日志序列转换为图来有效解决问题。我们利用了图形变压器神经网络的强大功能，该网络结合了图结构和基于日志异常检测的节点语义。我们在四个广泛使用的公共日志数据集上评估了建议的方法。实验结果表明，Loggd可以胜过最先进的基于定量和基于序列的方法，并在不同的窗口大小设置下实现稳定的性能。结果证实LOGGD在基于对数的异常检测中有效。

时间序列的异常提供了各个行业的关键方案的见解，从银行和航空航天到信息技术，安全和医学。但是，由于异常的定义，经常缺乏标签以及此类数据中存在的极为复杂的时间相关性，因此识别时间序列数据中的异常尤其具有挑战性。LSTM自动编码器是基于长期短期内存网络的异常检测的编码器传统方案，该方案学会重建时间序列行为，然后使用重建错误来识别异常。我们将Denoising Architecture作为对该LSTM编码模型模型的补充，并研究其对现实世界以及人为生成的数据集的影响。我们证明了所提出的体系结构既提高了准确性和训练速度，从而使LSTM自动编码器更有效地用于无监督的异常检测任务。

近年来，由于其在金融，网络安全和医学等广泛的领域中的应用，近年来，归因网络中的异常检测受到了极大的关注。传统方法不能在属性网络的设置上采用以解决异常检测问题。这种方法的主要局限性是它们固有地忽略了数据特征之间的关系信息。随着基于深度学习和图神经网络技术的快速爆炸，由于深度技术在提取复杂关系方面的潜力，因此在归因网络上发现稀有对象已大大发展。在本文中，我们提出了有关异常检测的新架构。设计这种体系结构的主要目标是利用多任务学习，以增强检测性能。基于多任务的基于学习的异常检测仍处于起步阶段，现有文献中只有少数研究迎合了同样的研究。我们合并了社区检测和多视图表示学习技术，以从属性网络中提取明显和互补的信息，并随后融合捕获的信息以获得更好的检测结果。该体系结构中采用的两个主要组成部分（即社区特定的学习和多视图表示学习）之间的相互合作展示了一种有希望的解决方案，以达到更有效的结果。

Recently, graph anomaly detection has attracted increasing attention in data mining and machine learning communities. Apart from existing attribute anomalies, graph anomaly detection also captures suspicious topological-abnormal nodes that differ from the major counterparts. Although massive graph-based detection approaches have been proposed, most of them focus on node-level comparison while pay insufficient attention on the surrounding topology structures. Nodes with more dissimilar neighborhood substructures have more suspicious to be abnormal. To enhance the local substructure detection ability, we propose a novel Graph Anomaly Detection framework via Multi-scale Substructure Learning (GADMSL for abbreviation). Unlike previous algorithms, we manage to capture anomalous substructures where the inner similarities are relatively low in dense-connected regions. Specifically, we adopt a region proposal module to find high-density substructures in the network as suspicious regions. Their inner-node embedding similarities indicate the anomaly degree of the detected substructures. Generally, a lower degree of embedding similarities means a higher probability that the substructure contains topology anomalies. To distill better embeddings of node attributes, we further introduce a graph contrastive learning scheme, which observes attribute anomalies in the meantime. In this way, GADMSL can detect both topology and attribute anomalies. Ultimately, extensive experiments on benchmark datasets show that GADMSL greatly improves detection performance (up to 7.30% AUC and 17.46% AUPRC gains) compared to state-of-the-art attributed networks anomaly detection algorithms.

图形离群值检测是一项具有许多应用程序的新兴但至关重要的机器学习任务。尽管近年来算法扩散，但缺乏标准和统一的绩效评估设置限制了它们在现实世界应用中的进步和使用。为了利用差距，我们（据我们所知）（据我们所知）第一个全面的无监督节点离群值检测基准为unod，并带有以下亮点：（1）评估骨架从经典矩阵分解到最新图形神经的骨架的14个方法网络； （2）在现实世界数据集上使用不同类型的注射异常值和自然异常值对方法性能进行基准测试； （3）通过在不同尺度的合成图上使用运行时和GPU存储器使用算法的效率和可扩展性。基于广泛的实验结果的分析，我们讨论了当前渠道方法的利弊，并指出了多个关键和有希望的未来研究方向。

与其他图表相比，图形级异常检测（GAD）描述了检测其结构和/或其节点特征的图表的问题。GAD中的一个挑战是制定图表表示，该图表示能够检测本地和全局 - 异常图，即它们的细粒度（节点级）或整体（图级）属性异常的图形，分别。为了解决这一挑战，我们介绍了一种新的深度异常检测方法，用于通过图表和节点表示的联合随机蒸馏学习丰富的全球和局部正常模式信息。通过训练一个GNN来实现随机初始化网络权重的另一GNN来实现随机蒸馏。来自各种域的16个真实图形数据集的广泛实验表明，我们的模型显着优于七种最先进的模型。代码和数据集可以在https://git.io/llocalkd中获得。

本文研究了图形神经网络（GNNS）应用程序，以进行自我监督的网络入侵和异常检测。 GNN是一种基于图的数据的深度学习方法，它将图形结构纳入学习以概括图表和输出嵌入。由于网络流量自然基于图，因此GNN非常适合分析和学习网络行为。基于GNN的网络入侵检测系统（NIDSS）的最新实现很大程度上依赖于标记的网络流量，这不仅可以限制输入流量的数量和结构，还可以限制NIDSS的潜力来适应看不见的攻击。为了克服这些限制，我们提出了异常-E，这是GNN的入侵和异常检测方法，该方法在自我监督过程中利用边缘特征和图形拓扑结构。据我们所知，这种方法是第一种成功且实用的方法来进行网络入侵检测，该方法利用网络流动在自我监督，边缘利用GNN中。两个现代基准NIDS数据集的实验结果不仅清楚地显示了使用Anomal-E嵌入而不是原始功能的改进，而且还显示了对野生网络流量检测的潜在异常-E具有的潜在异常功能。

Anomaly detection on time series data is increasingly common across various industrial domains that monitor metrics in order to prevent potential accidents and economic losses. However, a scarcity of labeled data and ambiguous definitions of anomalies can complicate these efforts. Recent unsupervised machine learning methods have made remarkable progress in tackling this problem using either single-timestamp predictions or time series reconstructions. While traditionally considered separately, these methods are not mutually exclusive and can offer complementary perspectives on anomaly detection. This paper first highlights the successes and limitations of prediction-based and reconstruction-based methods with visualized time series signals and anomaly scores. We then propose AER (Auto-encoder with Regression), a joint model that combines a vanilla auto-encoder and an LSTM regressor to incorporate the successes and address the limitations of each method. Our model can produce bi-directional predictions while simultaneously reconstructing the original time series by optimizing a joint objective function. Furthermore, we propose several ways of combining the prediction and reconstruction errors through a series of ablation studies. Finally, we compare the performance of the AER architecture against two prediction-based methods and three reconstruction-based methods on 12 well-known univariate time series datasets from NASA, Yahoo, Numenta, and UCR. The results show that AER has the highest averaged F1 score across all datasets (a 23.5% improvement compared to ARIMA) while retaining a runtime similar to its vanilla auto-encoder and regressor components. Our model is available in Orion, an open-source benchmarking tool for time series anomaly detection.

无监督的时间序列异常检测对各种域中目标系统的潜在故障有助于。当前的最新时间序列异常检测器主要集中于设计高级神经网络结构和新的重建/预测学习目标，以尽可能准确地学习数据正常（正常模式和行为）。但是，这些单级学习方法可以被训练数据中未知异常（即异常污染）所欺骗。此外，他们的正常学习也缺乏对感兴趣异常的知识。因此，他们经常学习一个有偏见的，不准确的正态边界。本文提出了一种新型的单级学习方法，称为校准的一级分类，以解决此问题。我们的单级分类器以两种方式进行校准：（1）通过适应性地惩罚不确定的预测，这有助于消除异常污染的影响，同时强调单级模型对一级模型有信心的预测，并通过区分正常情况来确定（2）来自本机异常示例的样本，这些样本是根据原始数据基于原始数据模拟真实时间序列异常行为的。这两个校准导致耐污染的，异常的单级学习，从而产生了显着改善的正态性建模。对六个现实世界数据集进行的广泛实验表明，我们的模型大大优于12个最先进的竞争对手，并获得了6％-31％的F1分数提高。源代码可在\ url {https://github.com/xuhongzuo/couta}中获得。

多元时间序列异常检测已在半监督的设置下进行了广泛的研究，其中需要所有具有正常实例的训练数据集。但是，准备这样的数据集非常费力，因为每个数据实例应完全保证是正常的。因此，希望在没有任何标签知识的情况下基于数据集探索基于数据集的多元时间序列异常检测方法。在本文中，我们提出了MTGFLOF，这是通过动态图和实体意识到的归一化流量进行多变量时间序列异常检测的无监督异常检测方法，仅依靠广泛接受的假设，即异常实例比正常情况表现出稀疏的密度。但是，实体之间的复杂相互依赖性和每个实体的不同固有特征对密度估计提出了重大挑战，更不用说基于估计的可能性分布来检测异常。为了解决这些问题，我们建议通过图结构学习模型来学习实体之间的相互关系，这有助于建模多元时间序列的准确分布。此外，考虑到各个实体的独特特征，开发了实体意识到的归一化流，以将每个实体描述为参数化的正态分布，从而产生细粒密度估计。结合了这两种策略，MTGFlowChieves出色的异常检测性能。进行了现实世界数据集的实验，表明MTGFLOW的表现分别超过了最先进的（SOTA），分别对SWAT和WADI数据集的实验分别高出5.0％和1.6％的AUROC。同样，通过单个实体贡献的异常得分，MTGFLOF可以为检测结果提供解释信息。

The existing methods for video anomaly detection mostly utilize videos containing identifiable facial and appearance-based features. The use of videos with identifiable faces raises privacy concerns, especially when used in a hospital or community-based setting. Appearance-based features can also be sensitive to pixel-based noise, straining the anomaly detection methods to model the changes in the background and making it difficult to focus on the actions of humans in the foreground. Structural information in the form of skeletons describing the human motion in the videos is privacy-protecting and can overcome some of the problems posed by appearance-based features. In this paper, we present a survey of privacy-protecting deep learning anomaly detection methods using skeletons extracted from videos. We present a novel taxonomy of algorithms based on the various learning approaches. We conclude that skeleton-based approaches for anomaly detection can be a plausible privacy-protecting alternative for video anomaly detection. Lastly, we identify major open research questions and provide guidelines to address them.

Anomaly detection is defined as discovering patterns that do not conform to the expected behavior. Previously, anomaly detection was mostly conducted using traditional shallow learning techniques, but with little improvement. As the emergence of graph neural networks (GNN), graph anomaly detection has been greatly developed. However, recent studies have shown that GNN-based methods encounter challenge, in that no graph anomaly detection algorithm can perform generalization on most datasets. To bridge the tap, we propose a multi-view fusion approach for graph anomaly detection (Mul-GAD). The view-level fusion captures the extent of significance between different views, while the feature-level fusion makes full use of complementary information. We theoretically and experimentally elaborate the effectiveness of the fusion strategies. For a more comprehensive conclusion, we further investigate the effect of the objective function and the number of fused views on detection performance. Exploiting these findings, our Mul-GAD is proposed equipped with fusion strategies and the well-performed objective function. Compared with other state-of-the-art detection methods, we achieve a better detection performance and generalization in most scenarios via a series of experiments conducted on Pubmed, Amazon Computer, Amazon Photo, Weibo and Books. Our code is available at https://github.com/liuyishoua/Mul-Graph-Fusion.

多元时间序列的异常检测对于系统行为监测有意义。本文提出了一种基于无监督的短期和长期面具表示学习（SLMR）的异常检测方法。主要思想是分别使用多尺度的残余卷积和门控复发单元（GRU）提取多元时间序列的短期局部依赖模式和长期全球趋势模式。此外，我们的方法可以通过结合时空掩盖的自我监督表示和序列分裂来理解时间上下文和特征相关性。它认为功能的重要性是不同的，我们介绍了注意机制以调整每个功能的贡献。最后，将基于预测的模型和基于重建的模型集成在一起，以关注单时间戳预测和时间序列的潜在表示。实验表明，我们方法的性能优于三个现实世界数据集上的其他最先进的模型。进一步的分析表明，我们的方法擅长可解释性。