The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localiza...The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localization method combining 3D depth and 2D RGB features.The framework comprises three stages:defect classification,defect location,an d warpage judgment.The first stage uses a dataefficient image Transformer model,the second stage utilizes reverse knowledge distillation,and the third stage performs feature fusion using3D depth and 2D RGB features.Experimental results show that the proposed algorithm achieves relatively high accuracy and feasibility,and can be effectively used in industrial scenarios.展开更多
Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted featur...Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.展开更多
Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often ...Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often faces a scarcity of labelled data.To address this challenge,we propose a novel semi-supervised anomaly detection method,DASAD(Deviation-Guided Attention for Semi-Supervised Anomaly Detection),which integrates deviation-guided attention with contrastive regularisation to reduce the unreliability of pseudo-labels.Specifically,a deviation-guided attention mechanism is designed to combine three types of deviations:latent embeddings,residual direction vectors and hierarchical reconstruction errors to capture anomaly specific cues effectively,thereby enhancing the credibility of pseudo-labels for unlabelled samples.Furthermore,a class-asymmetric contrastive loss is constructed to promote compact representations of normal instances while preserving the structural diversity of anomalies.Extensive experiments on 8 benchmark datasets demonstrate that DASAD consistently outperforms state-of-the-art methods and exhibits strong generalisation across 6 anomaly detection domains.展开更多
The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly ...The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.展开更多
As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where...As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.展开更多
The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attentio...The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attention in the last few years,and its effects on diverse applications.This review article covers the various methods and tools developed to perform the task efficiently and automatically in a smart city.In this work,we present a comprehensive literature review(2011 onwards)of three major types of anomalies:network anomalies,sensor anomalies,and videobased anomalies,along with their methods and software tools.Furthermore,anomaly detection methods such as machine learning and deep learning are presented in this work,highlighting their detection strategy techniques,features,applications,issues,and challenges.Moreover,a generic algorithmis also developed to ease the user achieve the taskmore specifically by targeting a specific domain aswell as approach.Comparative studies of three anomalymethods and their analysis identify research discovery areas with their applications.As a result,researchers and practitioners can familiarize themselves with the existing methods for solving real problems,improving methods,and developing new optimum methods for anomaly detection in diverse applications.展开更多
Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data co...Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.展开更多
The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.Thi...The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.展开更多
Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learni...Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learning tasks.To address this issue,a novel time-frequency-assisted deep feature enhancement(TFE)mechanism is proposed.Unlike traditional methods that integrate time-frequency analysis with deep neural networks,TFE employs a wavelet scattering transform to establish a parallel time-frequency feature space,where a dual interaction strategy facilitates collaboration between deep feature and time-frequency spaces through two operations:1)Enhancement,where a frequency-importance-driven contrastive learning(FICL)network transfers physically-aware information from wavelet scattering features to deep features,and 2)Feedback,which uses a detection rule adaptation module to minimize bias in wavelet scattering features based on deep feature performance.TFE is applied to a domain-adversarial anomaly detection framework and,through alternating training,significantly enhances both deep feature discriminative power and few-shot anomaly detection.Theoretical analysis confirms that the proposed dual interaction strategy reduces the upper bound of classification error.Experiments on benchmark datasets and a real-world industrial dataset from a large steel factory demonstrate TFE's superior performance and highlight the importance of frequency saliency in transfer learning.Thus,collaboration is shown to outperform integration for few-shot transfer learning in anomaly detection.展开更多
Summer rainfall in the Yangtze River basin(YRB)is favored by two key factors in the lower troposphere:the tropical anticyclonic anomaly over the western North Pacific and the extratropical northeasterly anomalies to t...Summer rainfall in the Yangtze River basin(YRB)is favored by two key factors in the lower troposphere:the tropical anticyclonic anomaly over the western North Pacific and the extratropical northeasterly anomalies to the north of the YRB.This study,however,found that approximately 46%of heavy rainfall events in the YRB occur when only one factor appears and the other is opposite signed.Accordingly,these heavy rainfall events can be categorized into two types:the extratropical northeasterly anomalies but tropical cyclonic anomaly(first unconventional type),and the tropical anticyclonic anomaly but extratropical southwesterly anomalies(second unconventional type).Anomalous water vapor convergence and upward motion exists for both types,but through different mechanisms.For the first type,the moisture convergence and upward motion are induced by a cyclonic anomaly over the YRB,which appears in the mid and lower troposphere and originates from the upstream region.For the second type,a mid-tropospheric cyclonic anomaly over Lake Baikal extends southward and results in southwesterly anomalies over the YRB,in conjunction with the tropical anticyclonic anomaly.The southwesterly anomalies transport water vapor to the YRB and lead to upward motion through warm advection.This study emphasizes the role of mid-tropospheric circulations in inducing heavy rainfall in the YRB.展开更多
With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typicall...Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typically manifest during childhood,impairing dental function,maxillofacial development,and facial aesthetics,while also potentially impacting overall physical and mental health.The complex etiology and diverse clinical phenotypes of these anomalies pose significant challenges for prevention,early diagnosis,and treatment.As they usually emerge early in life,long-term management and multidisciplinary collaboration in dental care are essential.However,there is currently a lack of systematic clinical guidelines for the diagnosis and treatment of these conditions,adding to the difficulties in clinical practice.In response to this need,this expert consensus summarizes the classifications,etiology,typical clinical manifestations,and diagnostic criteria of tooth developmental anomalies based on current clinical evidence.It also provides prevention strategies and stage-specific clinical management recommendations to guide clinicians in diagnosis and treatment,promoting early intervention and standardized care for these anomalies.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although mu...In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.展开更多
Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to disco...Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to discover more features of the basement structure.A land survey of gravity measurement was conducted at 383 stations south of Toba.The observed gravity was then used to generate Complete Bouguer Anomaly and residual-regional anomaly maps.In addition,several edge enhancements based on derivations were applied.All results presented lineations that could be linked to previously recognized active faults and structures.Additionally,the most prominent feature is a large northwest-southeast elongated high anomaly,almost sub-parallel to the Sumatra Fault Zone(SFZ).Since the feature is also located at the continuation of the Medial Sumatra Tectonic Zone(MSTZ),the body might be the hidden part of this major tectonic zone.The occurrence of MSTZ across the SFZ would affect the rupture propagation of earthquake events in the fault segment of the SFZ.展开更多
Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical c...Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical circulations including the Asian monsoon as well as the convective activity are studied. In order to study the physical process of the air-sea interaction related to STH anomaly, the correlation of STH with SST at various sea areas, lagged and simultaneous, has been calculated. Comparing the difference of OLR, wind fields, vertical circulations and SST anomalies in the strong and weak STH, we investigate the characteristics of global circulations and the SST distributions related to the anomalous STH at the western Pacific both in winter and summer. Much attention has been paid to the study of the air-sea interaction and the relationship between the East Asian monsoon and the STH in the western Pacific. A special vertical circulation, related to the STH anomalies is found, which connects the monsoon current to the west and the vertical flow influenced by the SST anomaly in the tropical eastern Pacific.展开更多
Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Reg...Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Regional geochemical anomalies of orefield refer tothose geochemical anomalies that are related to metallogenesis of an orefield in a certain area. Theanomaly area is typically 10 to 100 km^2. The regional multi-element anomalies related tomineralization can be divided into three groups, that is, the ore-element anomaly association,indicator element anomaly association, and metallogenic environmental element anomaly association.Their common spatial distributions over ore deposits or orefields possess unique structures. Themodel of spatial structure of regional multi-element geochemical anomalies (RAGSS) of an orefielddelineates structural feature possessed by orderly spatial distributions of different groups ofmulti-element anomaly associations related to orefield metallogenesis. It is used to outline thecommon metallogenetic anomaly visage that is composed of the orderly spatial distribution ofdifferent groups of multi-element anomaly associations. The orderly spatial distribution ofmulti-element anomalies over an orefield reflects element distributions as they are changed from adispersed 'out-of-order' state into a concentrated 'orderly' state during the mineralization of anorefield. Three different patterns of the spatial anomaly structure related to mineralization in anorefield can be concluded: (1) nested pattern; (2) eccentric pattern and; (3) peripheral pattern.There are marked differences between multi-element anomaly patterns related and not related tomineralization. RAGSS models of orefields can be used to better understand and evaluate regionalmulti-element anomalies and identify ore types.展开更多
A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralizatio...A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralization,was selected for interpretation.The median+2 MAD(median absolute deviation)method of exploratory data analysis(EDA)and C-A(concentration-area)fractal modeling were then applied to the Mahalanobis distance,as defined by Zn,Cu and Pb from the factor analysis to set the thresholds for defining multi-element anomalies.As a result,the median+2 MAD method more successfully identified the Pb-Zn mineralization than the C-A fractal model.The soil anomaly identified by the median+2 MAD method on the Mahalanobis distances defined by three principal elements(Zn,Cu and Pb)rather than thirteen elements(Co,Zn,Cu,V,Mo,Ni,Cr,Mn,Pb,Ba,Sr,Zr and Ti)was the more favorable reflection of the ore body.The identified soil geochemical anomalies were compared with the in situ economic Pb-Zn ore bodies for validation.The results showed that the median+2 MAD approach is capable of mapping both strong and weak geochemical anomalies related to buried Pb-Zn mineralization,which is therefore useful at the reconnaissance drilling stage.展开更多
In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause o...In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause of life-threating hemorrhage and the different causes of uterine pseudoaneurysms.Uterine artery pseudoaneurysm is a complication of both surgical gynecological and nontraumatic procedures.Massive hemorrhage is the consequence of the rupture of the pseudoaneurysm.Uterine artery pseudoaneurysm can develop after obstetric or gynecological procedures,being the most frequent after cesarean or vaginal deliveries,curettage and even during pregnancy.However,there are several cases described unrelated to pregnancy,such as after conization,hysteroscopic surgery or laparoscopic myomectomy.Hemorrhage is the clinical manifestation and it can be life-threatening so suspicion of this vascular lesion is essential for early diagnosis and treatment.However,there are other uterine vascular anomalies that may be the cause of severe hemorrhage,which must be taken into account in the differential diagnosis.Computed tomography angiography and embolization is supposed to be the first therapeutic option in most of them.展开更多
基金supported by ZTE Industry-University-Institute Cooperation Funds under Grant No. HC-CN-20221107001。
文摘The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localization method combining 3D depth and 2D RGB features.The framework comprises three stages:defect classification,defect location,an d warpage judgment.The first stage uses a dataefficient image Transformer model,the second stage utilizes reverse knowledge distillation,and the third stage performs feature fusion using3D depth and 2D RGB features.Experimental results show that the proposed algorithm achieves relatively high accuracy and feasibility,and can be effectively used in industrial scenarios.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant no.(GPIP:1074-612-2024).
文摘Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.
基金supported by the National Natural Science Foundation of China under Grant U24A20279.
文摘Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often faces a scarcity of labelled data.To address this challenge,we propose a novel semi-supervised anomaly detection method,DASAD(Deviation-Guided Attention for Semi-Supervised Anomaly Detection),which integrates deviation-guided attention with contrastive regularisation to reduce the unreliability of pseudo-labels.Specifically,a deviation-guided attention mechanism is designed to combine three types of deviations:latent embeddings,residual direction vectors and hierarchical reconstruction errors to capture anomaly specific cues effectively,thereby enhancing the credibility of pseudo-labels for unlabelled samples.Furthermore,a class-asymmetric contrastive loss is constructed to promote compact representations of normal instances while preserving the structural diversity of anomalies.Extensive experiments on 8 benchmark datasets demonstrate that DASAD consistently outperforms state-of-the-art methods and exhibits strong generalisation across 6 anomaly detection domains.
文摘The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.
基金supported by the Ministry of Trade,Industry and Energy(MOTIE)under Training Industrial Security Specialist for High-Tech Industry[grant number RS-2024-00415520]supervised by the Korea Institute for Advancement of Technology(KIAT)Ministry of Science and ICT(MSIT)under the ICAN(ICT Challenge and Advanced Network of HRD)program[grant number IITP-2022-RS-2022-00156310]+1 种基金National Research Foundation of Korea(NRF)grant[RS-2025-00518150]the Information Security Core Technology Development program[grant number RS-2024-00437252]supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.
文摘The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attention in the last few years,and its effects on diverse applications.This review article covers the various methods and tools developed to perform the task efficiently and automatically in a smart city.In this work,we present a comprehensive literature review(2011 onwards)of three major types of anomalies:network anomalies,sensor anomalies,and videobased anomalies,along with their methods and software tools.Furthermore,anomaly detection methods such as machine learning and deep learning are presented in this work,highlighting their detection strategy techniques,features,applications,issues,and challenges.Moreover,a generic algorithmis also developed to ease the user achieve the taskmore specifically by targeting a specific domain aswell as approach.Comparative studies of three anomalymethods and their analysis identify research discovery areas with their applications.As a result,researchers and practitioners can familiarize themselves with the existing methods for solving real problems,improving methods,and developing new optimum methods for anomaly detection in diverse applications.
基金supported by Natural Science Foundation of Qinghai Province(2025-ZJ-994M)Scientific Research Innovation Capability Support Project for Young Faculty(SRICSPYF-BS2025007)National Natural Science Foundation of China(62566050).
文摘Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2025-02-01276).
文摘The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.
基金supported in part by the National Natural Science Foundation of China(62472146)the Key Technologies Research Development Joint Foundation of Henan Province of China(225101610001)。
文摘Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learning tasks.To address this issue,a novel time-frequency-assisted deep feature enhancement(TFE)mechanism is proposed.Unlike traditional methods that integrate time-frequency analysis with deep neural networks,TFE employs a wavelet scattering transform to establish a parallel time-frequency feature space,where a dual interaction strategy facilitates collaboration between deep feature and time-frequency spaces through two operations:1)Enhancement,where a frequency-importance-driven contrastive learning(FICL)network transfers physically-aware information from wavelet scattering features to deep features,and 2)Feedback,which uses a detection rule adaptation module to minimize bias in wavelet scattering features based on deep feature performance.TFE is applied to a domain-adversarial anomaly detection framework and,through alternating training,significantly enhances both deep feature discriminative power and few-shot anomaly detection.Theoretical analysis confirms that the proposed dual interaction strategy reduces the upper bound of classification error.Experiments on benchmark datasets and a real-world industrial dataset from a large steel factory demonstrate TFE's superior performance and highlight the importance of frequency saliency in transfer learning.Thus,collaboration is shown to outperform integration for few-shot transfer learning in anomaly detection.
基金supported by the National Natural Science Foundation of China(Grant No.42275041)the Hainan Province Science and Technology Special Fund(Grant No.SOLZSKY2025006).
文摘Summer rainfall in the Yangtze River basin(YRB)is favored by two key factors in the lower troposphere:the tropical anticyclonic anomaly over the western North Pacific and the extratropical northeasterly anomalies to the north of the YRB.This study,however,found that approximately 46%of heavy rainfall events in the YRB occur when only one factor appears and the other is opposite signed.Accordingly,these heavy rainfall events can be categorized into two types:the extratropical northeasterly anomalies but tropical cyclonic anomaly(first unconventional type),and the tropical anticyclonic anomaly but extratropical southwesterly anomalies(second unconventional type).Anomalous water vapor convergence and upward motion exists for both types,but through different mechanisms.For the first type,the moisture convergence and upward motion are induced by a cyclonic anomaly over the YRB,which appears in the mid and lower troposphere and originates from the upstream region.For the second type,a mid-tropospheric cyclonic anomaly over Lake Baikal extends southward and results in southwesterly anomalies over the YRB,in conjunction with the tropical anticyclonic anomaly.The southwesterly anomalies transport water vapor to the YRB and lead to upward motion through warm advection.This study emphasizes the role of mid-tropospheric circulations in inducing heavy rainfall in the YRB.
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by the grants No.82370912 from the National Natural Science Foundation of ChinaNo.2022020801010499 from the Bureau of Science and Technology of Wuhan,ChinaNo.2042023kf0231 from the Fundamental Research Funds for the Central Universities,China。
文摘Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typically manifest during childhood,impairing dental function,maxillofacial development,and facial aesthetics,while also potentially impacting overall physical and mental health.The complex etiology and diverse clinical phenotypes of these anomalies pose significant challenges for prevention,early diagnosis,and treatment.As they usually emerge early in life,long-term management and multidisciplinary collaboration in dental care are essential.However,there is currently a lack of systematic clinical guidelines for the diagnosis and treatment of these conditions,adding to the difficulties in clinical practice.In response to this need,this expert consensus summarizes the classifications,etiology,typical clinical manifestations,and diagnostic criteria of tooth developmental anomalies based on current clinical evidence.It also provides prevention strategies and stage-specific clinical management recommendations to guide clinicians in diagnosis and treatment,promoting early intervention and standardized care for these anomalies.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
文摘In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.
基金National Research and Innovation Agency(BRIN),Indonesia,with Grant No.373/II/FR/3/2022(Expedition and Exploration Fund)and 676/III/PR.01.December 03,2021(Geological Hazard In-House Program)。
文摘Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to discover more features of the basement structure.A land survey of gravity measurement was conducted at 383 stations south of Toba.The observed gravity was then used to generate Complete Bouguer Anomaly and residual-regional anomaly maps.In addition,several edge enhancements based on derivations were applied.All results presented lineations that could be linked to previously recognized active faults and structures.Additionally,the most prominent feature is a large northwest-southeast elongated high anomaly,almost sub-parallel to the Sumatra Fault Zone(SFZ).Since the feature is also located at the continuation of the Medial Sumatra Tectonic Zone(MSTZ),the body might be the hidden part of this major tectonic zone.The occurrence of MSTZ across the SFZ would affect the rupture propagation of earthquake events in the fault segment of the SFZ.
文摘Using the data of 500 hPa geopotential height from 1951 to 1995, SST roughly in the same period and OLR data from 1974 to 1994, the relation between the anomalies of subtropical high (STH for short) and the tropical circulations including the Asian monsoon as well as the convective activity are studied. In order to study the physical process of the air-sea interaction related to STH anomaly, the correlation of STH with SST at various sea areas, lagged and simultaneous, has been calculated. Comparing the difference of OLR, wind fields, vertical circulations and SST anomalies in the strong and weak STH, we investigate the characteristics of global circulations and the SST distributions related to the anomalous STH at the western Pacific both in winter and summer. Much attention has been paid to the study of the air-sea interaction and the relationship between the East Asian monsoon and the STH in the western Pacific. A special vertical circulation, related to the STH anomalies is found, which connects the monsoon current to the west and the vertical flow influenced by the SST anomaly in the tropical eastern Pacific.
文摘Regional stream sediment surveys at a 1:200,000 scale reveal positive andnegative regional multi-element geochemical anomalies over medium to large copper-polymetallicorefields of different genetic types in China. Regional geochemical anomalies of orefield refer tothose geochemical anomalies that are related to metallogenesis of an orefield in a certain area. Theanomaly area is typically 10 to 100 km^2. The regional multi-element anomalies related tomineralization can be divided into three groups, that is, the ore-element anomaly association,indicator element anomaly association, and metallogenic environmental element anomaly association.Their common spatial distributions over ore deposits or orefields possess unique structures. Themodel of spatial structure of regional multi-element geochemical anomalies (RAGSS) of an orefielddelineates structural feature possessed by orderly spatial distributions of different groups ofmulti-element anomaly associations related to orefield metallogenesis. It is used to outline thecommon metallogenetic anomaly visage that is composed of the orderly spatial distribution ofdifferent groups of multi-element anomaly associations. The orderly spatial distribution ofmulti-element anomalies over an orefield reflects element distributions as they are changed from adispersed 'out-of-order' state into a concentrated 'orderly' state during the mineralization of anorefield. Three different patterns of the spatial anomaly structure related to mineralization in anorefield can be concluded: (1) nested pattern; (2) eccentric pattern and; (3) peripheral pattern.There are marked differences between multi-element anomaly patterns related and not related tomineralization. RAGSS models of orefields can be used to better understand and evaluate regionalmulti-element anomalies and identify ore types.
文摘A factor analysis was applied to soil geochemical data to define anomalies related to buried Pb-Zn mineralization.A favorable main factor with a strong association of the elements Zn,Cu and Pb,related to mineralization,was selected for interpretation.The median+2 MAD(median absolute deviation)method of exploratory data analysis(EDA)and C-A(concentration-area)fractal modeling were then applied to the Mahalanobis distance,as defined by Zn,Cu and Pb from the factor analysis to set the thresholds for defining multi-element anomalies.As a result,the median+2 MAD method more successfully identified the Pb-Zn mineralization than the C-A fractal model.The soil anomaly identified by the median+2 MAD method on the Mahalanobis distances defined by three principal elements(Zn,Cu and Pb)rather than thirteen elements(Co,Zn,Cu,V,Mo,Ni,Cr,Mn,Pb,Ba,Sr,Zr and Ti)was the more favorable reflection of the ore body.The identified soil geochemical anomalies were compared with the in situ economic Pb-Zn ore bodies for validation.The results showed that the median+2 MAD approach is capable of mapping both strong and weak geochemical anomalies related to buried Pb-Zn mineralization,which is therefore useful at the reconnaissance drilling stage.
文摘In this article,we comment on the paper by Kakinuma et al published recently.We focus specifically on the diagnosis of uterine pseudoaneurysm,but we also review other uterine vascular anomalies that may be the cause of life-threating hemorrhage and the different causes of uterine pseudoaneurysms.Uterine artery pseudoaneurysm is a complication of both surgical gynecological and nontraumatic procedures.Massive hemorrhage is the consequence of the rupture of the pseudoaneurysm.Uterine artery pseudoaneurysm can develop after obstetric or gynecological procedures,being the most frequent after cesarean or vaginal deliveries,curettage and even during pregnancy.However,there are several cases described unrelated to pregnancy,such as after conization,hysteroscopic surgery or laparoscopic myomectomy.Hemorrhage is the clinical manifestation and it can be life-threatening so suspicion of this vascular lesion is essential for early diagnosis and treatment.However,there are other uterine vascular anomalies that may be the cause of severe hemorrhage,which must be taken into account in the differential diagnosis.Computed tomography angiography and embolization is supposed to be the first therapeutic option in most of them.
