In the version of the article originally published in the volume 68,issue 12,2025 of Sci China Mater(pages 4413-4422,https://doi.org/10.1007/s40843-025-3667-7),the Chinese name of the co-first author(肖天孝)was incorr...In the version of the article originally published in the volume 68,issue 12,2025 of Sci China Mater(pages 4413-4422,https://doi.org/10.1007/s40843-025-3667-7),the Chinese name of the co-first author(肖天孝)was incorrect.The corrected Chinese name is:肖天笑.展开更多
Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data co...Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.展开更多
The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.Thi...The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.展开更多
With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although mu...In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.展开更多
Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical c...Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical circulations including the Asian monsoon as well as the convective activity are studied. In order to study the physical process of the air-sea interaction related to STH anomaly, the correlation of STH with SST at various sea areas, lagged and simultaneous, has been calculated. Comparing the difference of OLR, wind fields, vertical circulations and SST anomalies in the strong and weak STH, we investigate the characteristics of global circulations and the SST distributions related to the anomalous STH at the western Pacific both in winter and summer. Much attention has been paid to the study of the air-sea interaction and the relationship between the East Asian monsoon and the STH in the western Pacific. A special vertical circulation, related to the STH anomalies is found, which connects the monsoon current to the west and the vertical flow influenced by the SST anomaly in the tropical eastern Pacific.展开更多
Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Reg...Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Regional geochemical anomalies of orefield refer tothose geochemical anomalies that are related to metallogenesis of an orefield in a certain area. Theanomaly area is typically 10 to 100 km^2. The regional multi-element anomalies related tomineralization can be divided into three groups, that is, the ore-element anomaly association,indicator element anomaly association, and metallogenic environmental element anomaly association.Their common spatial distributions over ore deposits or orefields possess unique structures. Themodel of spatial structure of regional multi-element geochemical anomalies (RAGSS) of an orefielddelineates structural feature possessed by orderly spatial distributions of different groups ofmulti-element anomaly associations related to orefield metallogenesis. It is used to outline thecommon metallogenetic anomaly visage that is composed of the orderly spatial distribution ofdifferent groups of multi-element anomaly associations. The orderly spatial distribution ofmulti-element anomalies over an orefield reflects element distributions as they are changed from adispersed 'out-of-order' state into a concentrated 'orderly' state during the mineralization of anorefield. Three different patterns of the spatial anomaly structure related to mineralization in anorefield can be concluded: (1) nested pattern; (2) eccentric pattern and; (3) peripheral pattern.There are marked differences between multi-element anomaly patterns related and not related tomineralization. RAGSS models of orefields can be used to better understand and evaluate regionalmulti-element anomalies and identify ore types.展开更多
A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralizatio...A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralization,was selected for interpretation.The median+2 MAD(median absolute deviation)method of exploratory data analysis(EDA)and C-A(concentration-area)fractal modeling were then applied to the Mahalanobis distance,as defined by Zn,Cu and Pb from the factor analysis to set the thresholds for defining multi-element anomalies.As a result,the median+2 MAD method more successfully identified the Pb-Zn mineralization than the C-A fractal model.The soil anomaly identified by the median+2 MAD method on the Mahalanobis distances defined by three principal elements(Zn,Cu and Pb)rather than thirteen elements(Co,Zn,Cu,V,Mo,Ni,Cr,Mn,Pb,Ba,Sr,Zr and Ti)was the more favorable reflection of the ore body.The identified soil geochemical anomalies were compared with the in situ economic Pb-Zn ore bodies for validation.The results showed that the median+2 MAD approach is capable of mapping both strong and weak geochemical anomalies related to buried Pb-Zn mineralization,which is therefore useful at the reconnaissance drilling stage.展开更多
In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause o...In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause of life-threating hemorrhage and the different causes of uterine pseudoaneurysms.Uterine artery pseudoaneurysm is a complication of both surgical gynecological and nontraumatic procedures.Massive hemorrhage is the consequence of the rupture of the pseudoaneurysm.Uterine artery pseudoaneurysm can develop after obstetric or gynecological procedures,being the most frequent after cesarean or vaginal deliveries,curettage and even during pregnancy.However,there are several cases described unrelated to pregnancy,such as after conization,hysteroscopic surgery or laparoscopic myomectomy.Hemorrhage is the clinical manifestation and it can be life-threatening so suspicion of this vascular lesion is essential for early diagnosis and treatment.However,there are other uterine vascular anomalies that may be the cause of severe hemorrhage,which must be taken into account in the differential diagnosis.Computed tomography angiography and embolization is supposed to be the first therapeutic option in most of them.展开更多
Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which ...Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.展开更多
Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract loc...Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.展开更多
Geological analysis,despite being a long-term method for identifying adverse geology in tunnels,has significant limitations due to its reliance on empirical analysis.The quantitative aspects of geochemical anomalies a...Geological analysis,despite being a long-term method for identifying adverse geology in tunnels,has significant limitations due to its reliance on empirical analysis.The quantitative aspects of geochemical anomalies associated with adverse geology provide a novel strategy for addressing these limitations.However,statistical methods for identifying geochemical anomalies are insufficient for tunnel engineering.In contrast,data mining techniques such as machine learning have demonstrated greater efficacy when applied to geological data.Herein,a method for identifying adverse geology using machine learning of geochemical anomalies is proposed.The method was identified geochemical anomalies in tunnel that were not identified by statistical methods.We by employing robust factor analysis and self-organizing maps to reduce the dimensionality of geochemical data and extract the anomaly elements combination(AEC).Using the AEC sample data,we trained an isolation forest model to identify the multi-element anomalies,successfully.We analyzed the adverse geological features based the multi-element anomalies.This study,therefore,extends the traditional approach of geological analysis in tunnels and demonstrates that machine learning is an effective tool for intelligent geological analysis.Correspondingly,the research offers new insights regarding the adverse geology and the prevention of hazards during the construction of tunnels and underground engineering projects.展开更多
The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charg...The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.展开更多
As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and...As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.展开更多
To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military ...To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military standards.The PDT method holds the view that there exist defects such as machining scratches and service cracks in the tenon-groove structures of aeroengine disks.However,it is challenging to conduct PDT assessment due to the scarcity of effective Probability of Detection(POD)model and anomaly distribution model.Through a series of Nondestructive Testing(NDT)experiments,the POD model of real cracks in tenon-groove structures is constructed for the first time by employing the Transfer Function Method(TFM).A novel anomaly distribution model is derived through the utilization of the POD model,instead of using the infeasible field data accumulation method.Subsequently,a framework for calculating the Probability of Failure(POF)of the tenon-groove structures is established,and the aforementioned two models exert a significant influence on the results of POF.展开更多
The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced met...The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.展开更多
Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time perfor...Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time performance and monitoring scope.To address this,a temperature detection method based on infrared image processing has been proposed:utilizing the median filtering algorithm to denoise the original infrared image,then applying an image segmentation algorithm to divide the image.展开更多
Introduction:The occurrence of congenital anomalies is one of the serious challenges in the world.Therefore,identifying related factors to reduce it is of particular importance.This study aimed to determine the incide...Introduction:The occurrence of congenital anomalies is one of the serious challenges in the world.Therefore,identifying related factors to reduce it is of particular importance.This study aimed to determine the incidence and factors related to congenital anomalies.Methods:An epidemiology study was conducted on 1567 infants and their parents in Kermanshah,Iran.The required information was extracted from the ffles of mothers in health centers.The data collection tool was a researcher-made checklist of 39 questions.The data was statistically analyzed with the STATA version 14 software.Result:The incidence of congenital anomalies was 2.9%(n=45).Brain anomalies(n=10)and pulmonary anomalies(n=8)were the most common congenital anomalies in newborns.The results showed that parents’age(p=0.001),place of residence(p=0.022),mother’s occupation(p=0.010),hemoglobin level(p=0.002),blood pressure disorders(p=0.001),bleeding during pregnancy(p=0.001),infection during pregnancy(p=0.001),multivitamins(p=0.002)and women’s previous birth records such as previous abnormal birth history(p=0.015),abortion history(p=0.001),stillbirth history(p=0.001),birth history of infant less than 2500 g(p=0.001)was found to have a statistically signiffcant relationship with congenital anomalies.Conclusion:The incidence of congenital anomalies was high in Kermanshah city.Considering the identiffcation of risk factors and preventive factors related to congenital anomalies,it is suggested that interventions be carried out in health centers to increase awareness among pregnant women to reduce the incidence of anomalies.展开更多
文摘In the version of the article originally published in the volume 68,issue 12,2025 of Sci China Mater(pages 4413-4422,https://doi.org/10.1007/s40843-025-3667-7),the Chinese name of the co-first author(肖天孝)was incorrect.The corrected Chinese name is:肖天笑.
基金supported by Natural Science Foundation of Qinghai Province(2025-ZJ-994M)Scientific Research Innovation Capability Support Project for Young Faculty(SRICSPYF-BS2025007)National Natural Science Foundation of China(62566050).
文摘Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2025-02-01276).
文摘The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
文摘In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.
文摘Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical circulations including the Asian monsoon as well as the convective activity are studied. In order to study the physical process of the air-sea interaction related to STH anomaly, the correlation of STH with SST at various sea areas, lagged and simultaneous, has been calculated. Comparing the difference of OLR, wind fields, vertical circulations and SST anomalies in the strong and weak STH, we investigate the characteristics of global circulations and the SST distributions related to the anomalous STH at the western Pacific both in winter and summer. Much attention has been paid to the study of the air-sea interaction and the relationship between the East Asian monsoon and the STH in the western Pacific. A special vertical circulation, related to the STH anomalies is found, which connects the monsoon current to the west and the vertical flow influenced by the SST anomaly in the tropical eastern Pacific.
文摘Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Regional geochemical anomalies of orefield refer tothose geochemical anomalies that are related to metallogenesis of an orefield in a certain area. Theanomaly area is typically 10 to 100 km^2. The regional multi-element anomalies related tomineralization can be divided into three groups, that is, the ore-element anomaly association,indicator element anomaly association, and metallogenic environmental element anomaly association.Their common spatial distributions over ore deposits or orefields possess unique structures. Themodel of spatial structure of regional multi-element geochemical anomalies (RAGSS) of an orefielddelineates structural feature possessed by orderly spatial distributions of different groups ofmulti-element anomaly associations related to orefield metallogenesis. It is used to outline thecommon metallogenetic anomaly visage that is composed of the orderly spatial distribution ofdifferent groups of multi-element anomaly associations. The orderly spatial distribution ofmulti-element anomalies over an orefield reflects element distributions as they are changed from adispersed 'out-of-order' state into a concentrated 'orderly' state during the mineralization of anorefield. Three different patterns of the spatial anomaly structure related to mineralization in anorefield can be concluded: (1) nested pattern; (2) eccentric pattern and; (3) peripheral pattern.There are marked differences between multi-element anomaly patterns related and not related tomineralization. RAGSS models of orefields can be used to better understand and evaluate regionalmulti-element anomalies and identify ore types.
文摘A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralization,was selected for interpretation.The median+2 MAD(median absolute deviation)method of exploratory data analysis(EDA)and C-A(concentration-area)fractal modeling were then applied to the Mahalanobis distance,as defined by Zn,Cu and Pb from the factor analysis to set the thresholds for defining multi-element anomalies.As a result,the median+2 MAD method more successfully identified the Pb-Zn mineralization than the C-A fractal model.The soil anomaly identified by the median+2 MAD method on the Mahalanobis distances defined by three principal elements(Zn,Cu and Pb)rather than thirteen elements(Co,Zn,Cu,V,Mo,Ni,Cr,Mn,Pb,Ba,Sr,Zr and Ti)was the more favorable reflection of the ore body.The identified soil geochemical anomalies were compared with the in situ economic Pb-Zn ore bodies for validation.The results showed that the median+2 MAD approach is capable of mapping both strong and weak geochemical anomalies related to buried Pb-Zn mineralization,which is therefore useful at the reconnaissance drilling stage.
文摘In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause of life-threating hemorrhage and the different causes of uterine pseudoaneurysms.Uterine artery pseudoaneurysm is a complication of both surgical gynecological and nontraumatic procedures.Massive hemorrhage is the consequence of the rupture of the pseudoaneurysm.Uterine artery pseudoaneurysm can develop after obstetric or gynecological procedures,being the most frequent after cesarean or vaginal deliveries,curettage and even during pregnancy.However,there are several cases described unrelated to pregnancy,such as after conization,hysteroscopic surgery or laparoscopic myomectomy.Hemorrhage is the clinical manifestation and it can be life-threatening so suspicion of this vascular lesion is essential for early diagnosis and treatment.However,there are other uterine vascular anomalies that may be the cause of severe hemorrhage,which must be taken into account in the differential diagnosis.Computed tomography angiography and embolization is supposed to be the first therapeutic option in most of them.
基金supported by the National Natural Science Foundation of China(No.52188102).
文摘Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.
基金supported by the Xiamen Science and Technology Subsidy Project(No.2023CXY0318).
文摘Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.
基金the support from the National Natural Science Foundation of China(Nos.52279103,52379103)the Natural Science Foundation of Shandong Province(No.ZR2023YQ049)。
文摘Geological analysis,despite being a long-term method for identifying adverse geology in tunnels,has significant limitations due to its reliance on empirical analysis.The quantitative aspects of geochemical anomalies associated with adverse geology provide a novel strategy for addressing these limitations.However,statistical methods for identifying geochemical anomalies are insufficient for tunnel engineering.In contrast,data mining techniques such as machine learning have demonstrated greater efficacy when applied to geological data.Herein,a method for identifying adverse geology using machine learning of geochemical anomalies is proposed.The method was identified geochemical anomalies in tunnel that were not identified by statistical methods.We by employing robust factor analysis and self-organizing maps to reduce the dimensionality of geochemical data and extract the anomaly elements combination(AEC).Using the AEC sample data,we trained an isolation forest model to identify the multi-element anomalies,successfully.We analyzed the adverse geological features based the multi-element anomalies.This study,therefore,extends the traditional approach of geological analysis in tunnels and demonstrates that machine learning is an effective tool for intelligent geological analysis.Correspondingly,the research offers new insights regarding the adverse geology and the prevention of hazards during the construction of tunnels and underground engineering projects.
基金supported by Jiangsu Provincial Science and Technology Project,grant number J2023124.Jing Guo received this grant,the URLs of sponsors’website is https://kxjst.jiangsu.gov.cn/(accessed on 06 June 2024).
文摘The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.
基金supported in part by the Guangxi Science and Technology Major Program under grant AA22068067the Guangxi Natural Science Foundation under grant 2023GXNSFAA026236 and 2024GXNSFDA010064the National Natural Science Foundation of China under project 62172119.
文摘As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.
基金supported by the National Major Science and Technology Project,China(No.J2019-Ⅳ-0007-0075)the Fundamental Research Funds for the Central Universities,China(No.JKF-20240036)。
文摘To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military standards.The PDT method holds the view that there exist defects such as machining scratches and service cracks in the tenon-groove structures of aeroengine disks.However,it is challenging to conduct PDT assessment due to the scarcity of effective Probability of Detection(POD)model and anomaly distribution model.Through a series of Nondestructive Testing(NDT)experiments,the POD model of real cracks in tenon-groove structures is constructed for the first time by employing the Transfer Function Method(TFM).A novel anomaly distribution model is derived through the utilization of the POD model,instead of using the infeasible field data accumulation method.Subsequently,a framework for calculating the Probability of Failure(POF)of the tenon-groove structures is established,and the aforementioned two models exert a significant influence on the results of POF.
文摘The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.
基金supported by the National Key Research and Development Project of China(No.2023YFB3709605)the National Natural Science Foundation of China(No.62073193)the National College Student Innovation Training Program(No.202310422122)。
文摘Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time performance and monitoring scope.To address this,a temperature detection method based on infrared image processing has been proposed:utilizing the median filtering algorithm to denoise the original infrared image,then applying an image segmentation algorithm to divide the image.
文摘Introduction:The occurrence of congenital anomalies is one of the serious challenges in the world.Therefore,identifying related factors to reduce it is of particular importance.This study aimed to determine the incidence and factors related to congenital anomalies.Methods:An epidemiology study was conducted on 1567 infants and their parents in Kermanshah,Iran.The required information was extracted from the ffles of mothers in health centers.The data collection tool was a researcher-made checklist of 39 questions.The data was statistically analyzed with the STATA version 14 software.Result:The incidence of congenital anomalies was 2.9%(n=45).Brain anomalies(n=10)and pulmonary anomalies(n=8)were the most common congenital anomalies in newborns.The results showed that parents’age(p=0.001),place of residence(p=0.022),mother’s occupation(p=0.010),hemoglobin level(p=0.002),blood pressure disorders(p=0.001),bleeding during pregnancy(p=0.001),infection during pregnancy(p=0.001),multivitamins(p=0.002)and women’s previous birth records such as previous abnormal birth history(p=0.015),abortion history(p=0.001),stillbirth history(p=0.001),birth history of infant less than 2500 g(p=0.001)was found to have a statistically signiffcant relationship with congenital anomalies.Conclusion:The incidence of congenital anomalies was high in Kermanshah city.Considering the identiffcation of risk factors and preventive factors related to congenital anomalies,it is suggested that interventions be carried out in health centers to increase awareness among pregnant women to reduce the incidence of anomalies.
