Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted featur...Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.展开更多
The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localiza...The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localization method combining 3D depth and 2D RGB features.The framework comprises three stages:defect classification,defect location,an d warpage judgment.The first stage uses a dataefficient image Transformer model,the second stage utilizes reverse knowledge distillation,and the third stage performs feature fusion using3D depth and 2D RGB features.Experimental results show that the proposed algorithm achieves relatively high accuracy and feasibility,and can be effectively used in industrial scenarios.展开更多
The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly ...The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.展开更多
Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typicall...Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typically manifest during childhood,impairing dental function,maxillofacial development,and facial aesthetics,while also potentially impacting overall physical and mental health.The complex etiology and diverse clinical phenotypes of these anomalies pose significant challenges for prevention,early diagnosis,and treatment.As they usually emerge early in life,long-term management and multidisciplinary collaboration in dental care are essential.However,there is currently a lack of systematic clinical guidelines for the diagnosis and treatment of these conditions,adding to the difficulties in clinical practice.In response to this need,this expert consensus summarizes the classifications,etiology,typical clinical manifestations,and diagnostic criteria of tooth developmental anomalies based on current clinical evidence.It also provides prevention strategies and stage-specific clinical management recommendations to guide clinicians in diagnosis and treatment,promoting early intervention and standardized care for these anomalies.展开更多
The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attentio...The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attention in the last few years,and its effects on diverse applications.This review article covers the various methods and tools developed to perform the task efficiently and automatically in a smart city.In this work,we present a comprehensive literature review(2011 onwards)of three major types of anomalies:network anomalies,sensor anomalies,and videobased anomalies,along with their methods and software tools.Furthermore,anomaly detection methods such as machine learning and deep learning are presented in this work,highlighting their detection strategy techniques,features,applications,issues,and challenges.Moreover,a generic algorithmis also developed to ease the user achieve the taskmore specifically by targeting a specific domain aswell as approach.Comparative studies of three anomalymethods and their analysis identify research discovery areas with their applications.As a result,researchers and practitioners can familiarize themselves with the existing methods for solving real problems,improving methods,and developing new optimum methods for anomaly detection in diverse applications.展开更多
As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose signific...As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.展开更多
Objective:To investigate the potential link between chromosomal polymorphisms in couples who had a medical history of idiopathic recurrent pregnancy loss.Methods:Cytogenetic investigation was conducted with mitogen(Ph...Objective:To investigate the potential link between chromosomal polymorphisms in couples who had a medical history of idiopathic recurrent pregnancy loss.Methods:Cytogenetic investigation was conducted with mitogen(Phytohemagglutinin-M,Gibco)stimulated blood T lymphocytes by Giemsa trypsin Giemsa banding and Ag-NOR banding on 580 couples with a history of idiopathic recurrent pregnancy loss and 240 couples from the general population.Thirty good chromosomal spreads were captured,karyotyped,and analyzed.The karyotypes were designated using the International System for Human Cytogenomic Nomenclature 2024.Pearson Chi-square test was used to compare the frequency of chromosomal polymorphism variations in the idiopathic recurrent pregnancy loss group with the general population group.Results:A conventional cytogenetic investigation revealed that 45.43%of couples experiencing idiopathic recurrent pregnancy loss presented with various types of chromosomal polymorphic variants,compared to 11.88%in the general population.The overall frequency of these chromosomal polymorphic variants was significantly higher in the idiopathic recurrent pregnancy loss group compared to the general population group(OR 9.97,95%CI 6.99-14.21;P<0.05).Additionally,the prevalence of polymorphic variants was higher among males(49.14%)than females(41.72%)(P=0.01).Conclusions:Chromosomal polymorphic analysis may play a crucial role in the assessment and careful clinical management of cases with idiopathic recurrent pregnancy loss,especially when no other conclusive reasons are identified during the initial evaluation.Therefore,heteromorphism should not be overlooked while investigating the causes of idiopathic recurrent pregnancy loss.展开更多
The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.Thi...The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.展开更多
Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learni...Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learning tasks.To address this issue,a novel time-frequency-assisted deep feature enhancement(TFE)mechanism is proposed.Unlike traditional methods that integrate time-frequency analysis with deep neural networks,TFE employs a wavelet scattering transform to establish a parallel time-frequency feature space,where a dual interaction strategy facilitates collaboration between deep feature and time-frequency spaces through two operations:1)Enhancement,where a frequency-importance-driven contrastive learning(FICL)network transfers physically-aware information from wavelet scattering features to deep features,and 2)Feedback,which uses a detection rule adaptation module to minimize bias in wavelet scattering features based on deep feature performance.TFE is applied to a domain-adversarial anomaly detection framework and,through alternating training,significantly enhances both deep feature discriminative power and few-shot anomaly detection.Theoretical analysis confirms that the proposed dual interaction strategy reduces the upper bound of classification error.Experiments on benchmark datasets and a real-world industrial dataset from a large steel factory demonstrate TFE's superior performance and highlight the importance of frequency saliency in transfer learning.Thus,collaboration is shown to outperform integration for few-shot transfer learning in anomaly detection.展开更多
Traditional anomaly detection methods often assume that data points are independent or exhibit regularly structured relationships,as in Euclidean data such as time series or image grids.However,real-world data frequen...Traditional anomaly detection methods often assume that data points are independent or exhibit regularly structured relationships,as in Euclidean data such as time series or image grids.However,real-world data frequently involve irregular,interconnected structures,requiring a shift toward non-Euclidean approaches.This study introduces a novel anomaly detection framework designed to handle non-Euclidean data by modeling transactions as graph signals.By leveraging graph convolution filters,we extract meaningful connection strengths that capture relational dependencies often overlooked in traditional methods.Utilizing the Graph Convolutional Networks(GCN)framework,we integrate graph-based embeddings with conventional anomaly detection models,enhancing performance through relational insights.Ourmethod is validated on European credit card transaction data,demonstrating its effectiveness in detecting fraudulent transactions,particularly thosewith subtle patterns that evade traditional,amountbased detection techniques.The results highlight the advantages of incorporating temporal and structural dependencies into fraud detection,showcasing the robustness and applicability of our approach in complex,real-world scenarios.展开更多
Human Resource(HR)operations increasingly rely on cloud-based platforms that provide hiring,payroll,employee management,and compliance services.These systems,typically built on multi-tenant microservice architectures,...Human Resource(HR)operations increasingly rely on cloud-based platforms that provide hiring,payroll,employee management,and compliance services.These systems,typically built on multi-tenant microservice architectures,offer scalability and efficiency but also expand the attack surface for adversaries.Ransomware has emerged as a leading threat in this domain,capable of halting workflows and exposing sensitive employee records.Traditional defenses such as static hardening and signature-based detection often fail to address the dynamic requirements of HR Software as a Service(SaaS),where continuous availability and privacy compliance are critical.This paper presents a Moving Target Defense(MTD)framework for HR SaaS that combines container mutation,IP hopping,and node reassignment to randomize the attack surface without pausing services.Many prior defenses for cloud or IoT rely on static hardening or signature-driven detection and do not meet HR SaaS needs such as uninterrupted sessions,privacy compliance,and live service continuity.This paper presents a MTD framework for HR SaaS that combines container mutation,IP hopping,and node reassignment to randomize the attack surface without pausing services.The framework runs on Kubernetes and uses a KL-divergence-based anomaly detector that monitors HR access logs across five modules(onboarding,employee records,leave,payroll,and exit).In simulation with realistic HR traffic,the approach reaches 96.9% average detection accuracy with AUC 0.94-0.98,cuts mean time to containment to 91.4 s,and lowers the ransomware encryption rate to 13.2%.Measured overheads for CPU,memory,and per-mutation latency remainmodest.Comparedwith priorMTDand non-MTD baselines,the design provides stronger containment without service interruption and aligns with zero-trust and compliance goals.Its modular implementation and control-plane orchestration support stepwise,enterprise-scale deployment in HR SaaS environments.展开更多
Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data co...Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.展开更多
To address the challenge of low survival rates and limited data collection efficiency in current virtual probe deployments,which results from anomaly detection mechanisms in location-based service(LBS)applications,thi...To address the challenge of low survival rates and limited data collection efficiency in current virtual probe deployments,which results from anomaly detection mechanisms in location-based service(LBS)applications,this paper proposes a novel virtual probe deployment method based on user behavioral feature analysis.The core idea is to circumvent LBS anomaly detection by mimicking real-user behavior patterns.First,we design an automated data extraction algorithm that recognizes graphical user interface(GUI)elements to collect spatio-temporal behavior data.Then,by analyzing the automatically collected user data,we identify normal users’spatio-temporal patterns and extract their features such as high-activity time windows and spatial clustering characteristics.Subsequently,an antidetection scheduling strategy is developed,integrating spatial clustering optimization,load-balanced allocation,and time window control to generate probe scheduling schemes.Additionally,a self-correction mechanism based on an exponential backoff strategy is implemented to rectify anomalous behaviors andmaintain system stability.Experiments in real-world environments demonstrate that the proposed method significantly outperforms baseline methods in terms of both probe ban rate and task completion rate,while maintaining high time efficiency.This study provides a more reliable and clandestine solution for geosocial data collection and lays the foundation for building more robust virtual probe systems.展开更多
Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often ...Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often faces a scarcity of labelled data.To address this challenge,we propose a novel semi-supervised anomaly detection method,DASAD(Deviation-Guided Attention for Semi-Supervised Anomaly Detection),which integrates deviation-guided attention with contrastive regularisation to reduce the unreliability of pseudo-labels.Specifically,a deviation-guided attention mechanism is designed to combine three types of deviations:latent embeddings,residual direction vectors and hierarchical reconstruction errors to capture anomaly specific cues effectively,thereby enhancing the credibility of pseudo-labels for unlabelled samples.Furthermore,a class-asymmetric contrastive loss is constructed to promote compact representations of normal instances while preserving the structural diversity of anomalies.Extensive experiments on 8 benchmark datasets demonstrate that DASAD consistently outperforms state-of-the-art methods and exhibits strong generalisation across 6 anomaly detection domains.展开更多
Ensuring an information fabric safe is critical and mandatory.For its related Internet of Things(IoT)service system running on the open Internet,existing host-based monitoring methods may fail due to only inspecting s...Ensuring an information fabric safe is critical and mandatory.For its related Internet of Things(IoT)service system running on the open Internet,existing host-based monitoring methods may fail due to only inspecting software,and the physical system may not be able to be protected.In this paper,a nonintrusive virtual machine(VM)-based runtime protection framework is provided to protect the physical system with the isolated IoT services as a controlling means.Compared with existing solutions,the framework gets inconsistent and untrusted observation knowledge from multiple observation sources,and enforces property policies concurrently and incrementally in a competing-game way to avoid compositional problems.In addition,the monitoring is implemented without any modification to the protected system.Experiments are conducted to validate the proposed techniques.展开更多
The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)...The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.展开更多
With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where...As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.展开更多
In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although mu...In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant no.(GPIP:1074-612-2024).
文摘Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.
基金supported by ZTE Industry-University-Institute Cooperation Funds under Grant No. HC-CN-20221107001。
文摘The detection of steel surface anomalies has become an industrial challenge due to variations in production equipment,processes,and characteristics.To alleviate the problem,this paper proposes a detection and localization method combining 3D depth and 2D RGB features.The framework comprises three stages:defect classification,defect location,an d warpage judgment.The first stage uses a dataefficient image Transformer model,the second stage utilizes reverse knowledge distillation,and the third stage performs feature fusion using3D depth and 2D RGB features.Experimental results show that the proposed algorithm achieves relatively high accuracy and feasibility,and can be effectively used in industrial scenarios.
文摘The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.
基金supported by the grants No.82370912 from the National Natural Science Foundation of ChinaNo.2022020801010499 from the Bureau of Science and Technology of Wuhan,ChinaNo.2042023kf0231 from the Fundamental Research Funds for the Central Universities,China。
文摘Tooth developmental anomalies are a group of disorders caused by unfavorable factors affecting the tooth development process,resulting in abnormalities in tooth number,structure,and morphology.These anomalies typically manifest during childhood,impairing dental function,maxillofacial development,and facial aesthetics,while also potentially impacting overall physical and mental health.The complex etiology and diverse clinical phenotypes of these anomalies pose significant challenges for prevention,early diagnosis,and treatment.As they usually emerge early in life,long-term management and multidisciplinary collaboration in dental care are essential.However,there is currently a lack of systematic clinical guidelines for the diagnosis and treatment of these conditions,adding to the difficulties in clinical practice.In response to this need,this expert consensus summarizes the classifications,etiology,typical clinical manifestations,and diagnostic criteria of tooth developmental anomalies based on current clinical evidence.It also provides prevention strategies and stage-specific clinical management recommendations to guide clinicians in diagnosis and treatment,promoting early intervention and standardized care for these anomalies.
文摘The Internet ofThings(IoT)is a new model that evolved with the rapid progress of advanced technology and gained tremendous popularity due to its applications.Anomaly detection haswidely attracted researchers’attention in the last few years,and its effects on diverse applications.This review article covers the various methods and tools developed to perform the task efficiently and automatically in a smart city.In this work,we present a comprehensive literature review(2011 onwards)of three major types of anomalies:network anomalies,sensor anomalies,and videobased anomalies,along with their methods and software tools.Furthermore,anomaly detection methods such as machine learning and deep learning are presented in this work,highlighting their detection strategy techniques,features,applications,issues,and challenges.Moreover,a generic algorithmis also developed to ease the user achieve the taskmore specifically by targeting a specific domain aswell as approach.Comparative studies of three anomalymethods and their analysis identify research discovery areas with their applications.As a result,researchers and practitioners can familiarize themselves with the existing methods for solving real problems,improving methods,and developing new optimum methods for anomaly detection in diverse applications.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.RS-2024-00351898 and No.RS-2025-02263915)the MOTIE under Training Industrial Security Specialist forHigh-Tech Industry(RS-2024-00415520)supervised by theKorea Institute for Advancement of Technology(KIAT)+1 种基金the MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.
基金funded by the Technology Development Board(TDB)of India's Ministry of Science and Technology(TDB/M-25/2018-19).
文摘Objective:To investigate the potential link between chromosomal polymorphisms in couples who had a medical history of idiopathic recurrent pregnancy loss.Methods:Cytogenetic investigation was conducted with mitogen(Phytohemagglutinin-M,Gibco)stimulated blood T lymphocytes by Giemsa trypsin Giemsa banding and Ag-NOR banding on 580 couples with a history of idiopathic recurrent pregnancy loss and 240 couples from the general population.Thirty good chromosomal spreads were captured,karyotyped,and analyzed.The karyotypes were designated using the International System for Human Cytogenomic Nomenclature 2024.Pearson Chi-square test was used to compare the frequency of chromosomal polymorphism variations in the idiopathic recurrent pregnancy loss group with the general population group.Results:A conventional cytogenetic investigation revealed that 45.43%of couples experiencing idiopathic recurrent pregnancy loss presented with various types of chromosomal polymorphic variants,compared to 11.88%in the general population.The overall frequency of these chromosomal polymorphic variants was significantly higher in the idiopathic recurrent pregnancy loss group compared to the general population group(OR 9.97,95%CI 6.99-14.21;P<0.05).Additionally,the prevalence of polymorphic variants was higher among males(49.14%)than females(41.72%)(P=0.01).Conclusions:Chromosomal polymorphic analysis may play a crucial role in the assessment and careful clinical management of cases with idiopathic recurrent pregnancy loss,especially when no other conclusive reasons are identified during the initial evaluation.Therefore,heteromorphism should not be overlooked while investigating the causes of idiopathic recurrent pregnancy loss.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2025-02-01276).
文摘The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.
基金supported in part by the National Natural Science Foundation of China(62472146)the Key Technologies Research Development Joint Foundation of Henan Province of China(225101610001)。
文摘Deep transfer learning has achieved significant success in anomaly detection over the past decade,but data acquisition challenges in practical engineering hinder high-quality feature representation for few-shot learning tasks.To address this issue,a novel time-frequency-assisted deep feature enhancement(TFE)mechanism is proposed.Unlike traditional methods that integrate time-frequency analysis with deep neural networks,TFE employs a wavelet scattering transform to establish a parallel time-frequency feature space,where a dual interaction strategy facilitates collaboration between deep feature and time-frequency spaces through two operations:1)Enhancement,where a frequency-importance-driven contrastive learning(FICL)network transfers physically-aware information from wavelet scattering features to deep features,and 2)Feedback,which uses a detection rule adaptation module to minimize bias in wavelet scattering features based on deep feature performance.TFE is applied to a domain-adversarial anomaly detection framework and,through alternating training,significantly enhances both deep feature discriminative power and few-shot anomaly detection.Theoretical analysis confirms that the proposed dual interaction strategy reduces the upper bound of classification error.Experiments on benchmark datasets and a real-world industrial dataset from a large steel factory demonstrate TFE's superior performance and highlight the importance of frequency saliency in transfer learning.Thus,collaboration is shown to outperform integration for few-shot transfer learning in anomaly detection.
基金supported by the National Research Foundation of Korea(NRF)funded by the Korea government(RS-2023-00249743)Additionally,this research was supported by the Global-Learning&Academic Research Institution for Master’s,PhD Students,and Postdocs(LAMP)Program of the National Research Foundation of Korea(NRF)grant funded by the Ministry of Education(RS-2024-00443714)This research was also supported by the“Research Base Construction Fund Support Program”funded by Jeonbuk National University in 2025.
文摘Traditional anomaly detection methods often assume that data points are independent or exhibit regularly structured relationships,as in Euclidean data such as time series or image grids.However,real-world data frequently involve irregular,interconnected structures,requiring a shift toward non-Euclidean approaches.This study introduces a novel anomaly detection framework designed to handle non-Euclidean data by modeling transactions as graph signals.By leveraging graph convolution filters,we extract meaningful connection strengths that capture relational dependencies often overlooked in traditional methods.Utilizing the Graph Convolutional Networks(GCN)framework,we integrate graph-based embeddings with conventional anomaly detection models,enhancing performance through relational insights.Ourmethod is validated on European credit card transaction data,demonstrating its effectiveness in detecting fraudulent transactions,particularly thosewith subtle patterns that evade traditional,amountbased detection techniques.The results highlight the advantages of incorporating temporal and structural dependencies into fraud detection,showcasing the robustness and applicability of our approach in complex,real-world scenarios.
文摘Human Resource(HR)operations increasingly rely on cloud-based platforms that provide hiring,payroll,employee management,and compliance services.These systems,typically built on multi-tenant microservice architectures,offer scalability and efficiency but also expand the attack surface for adversaries.Ransomware has emerged as a leading threat in this domain,capable of halting workflows and exposing sensitive employee records.Traditional defenses such as static hardening and signature-based detection often fail to address the dynamic requirements of HR Software as a Service(SaaS),where continuous availability and privacy compliance are critical.This paper presents a Moving Target Defense(MTD)framework for HR SaaS that combines container mutation,IP hopping,and node reassignment to randomize the attack surface without pausing services.Many prior defenses for cloud or IoT rely on static hardening or signature-driven detection and do not meet HR SaaS needs such as uninterrupted sessions,privacy compliance,and live service continuity.This paper presents a MTD framework for HR SaaS that combines container mutation,IP hopping,and node reassignment to randomize the attack surface without pausing services.The framework runs on Kubernetes and uses a KL-divergence-based anomaly detector that monitors HR access logs across five modules(onboarding,employee records,leave,payroll,and exit).In simulation with realistic HR traffic,the approach reaches 96.9% average detection accuracy with AUC 0.94-0.98,cuts mean time to containment to 91.4 s,and lowers the ransomware encryption rate to 13.2%.Measured overheads for CPU,memory,and per-mutation latency remainmodest.Comparedwith priorMTDand non-MTD baselines,the design provides stronger containment without service interruption and aligns with zero-trust and compliance goals.Its modular implementation and control-plane orchestration support stepwise,enterprise-scale deployment in HR SaaS environments.
基金supported by Natural Science Foundation of Qinghai Province(2025-ZJ-994M)Scientific Research Innovation Capability Support Project for Young Faculty(SRICSPYF-BS2025007)National Natural Science Foundation of China(62566050).
文摘Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.
基金supported by theNationalNatural Science Foundation of China(No.U23A20305)National Key Research and Development Program of China(No.2022YFB3102900)+1 种基金Innovation Scientists and Technicians Troop Construction Projects of Henan Province,China(No.254000510007)Key Research and Development Project of Henan Province(No.221111321200).
文摘To address the challenge of low survival rates and limited data collection efficiency in current virtual probe deployments,which results from anomaly detection mechanisms in location-based service(LBS)applications,this paper proposes a novel virtual probe deployment method based on user behavioral feature analysis.The core idea is to circumvent LBS anomaly detection by mimicking real-user behavior patterns.First,we design an automated data extraction algorithm that recognizes graphical user interface(GUI)elements to collect spatio-temporal behavior data.Then,by analyzing the automatically collected user data,we identify normal users’spatio-temporal patterns and extract their features such as high-activity time windows and spatial clustering characteristics.Subsequently,an antidetection scheduling strategy is developed,integrating spatial clustering optimization,load-balanced allocation,and time window control to generate probe scheduling schemes.Additionally,a self-correction mechanism based on an exponential backoff strategy is implemented to rectify anomalous behaviors andmaintain system stability.Experiments in real-world environments demonstrate that the proposed method significantly outperforms baseline methods in terms of both probe ban rate and task completion rate,while maintaining high time efficiency.This study provides a more reliable and clandestine solution for geosocial data collection and lays the foundation for building more robust virtual probe systems.
基金supported by the National Natural Science Foundation of China under Grant U24A20279.
文摘Anomaly detection(AD)aims to identify abnormal patterns that deviate from normal behaviour,playing a critical role in applications such as industrial inspection,medical imaging and autonomous driving.However,AD often faces a scarcity of labelled data.To address this challenge,we propose a novel semi-supervised anomaly detection method,DASAD(Deviation-Guided Attention for Semi-Supervised Anomaly Detection),which integrates deviation-guided attention with contrastive regularisation to reduce the unreliability of pseudo-labels.Specifically,a deviation-guided attention mechanism is designed to combine three types of deviations:latent embeddings,residual direction vectors and hierarchical reconstruction errors to capture anomaly specific cues effectively,thereby enhancing the credibility of pseudo-labels for unlabelled samples.Furthermore,a class-asymmetric contrastive loss is constructed to promote compact representations of normal instances while preserving the structural diversity of anomalies.Extensive experiments on 8 benchmark datasets demonstrate that DASAD consistently outperforms state-of-the-art methods and exhibits strong generalisation across 6 anomaly detection domains.
基金supported by the National Key Research and Development Program of China under grant 2022YFF0902701the National Natural Science Foundation of China under grant U21A20468,61972043,61921003+1 种基金Zhejiang Lab under grant 2021PD0AB 02the Fundamental Research Funds for the Central Universities under grant 2020XD-A07-1.
文摘Ensuring an information fabric safe is critical and mandatory.For its related Internet of Things(IoT)service system running on the open Internet,existing host-based monitoring methods may fail due to only inspecting software,and the physical system may not be able to be protected.In this paper,a nonintrusive virtual machine(VM)-based runtime protection framework is provided to protect the physical system with the isolated IoT services as a controlling means.Compared with existing solutions,the framework gets inconsistent and untrusted observation knowledge from multiple observation sources,and enforces property policies concurrently and incrementally in a competing-game way to avoid compositional problems.In addition,the monitoring is implemented without any modification to the protected system.Experiments are conducted to validate the proposed techniques.
基金funded and supported by the Ongoing Research Funding program(ORF-2025-314),King Saud University,Riyadh,Saudi Arabia.
文摘The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats.In the evolving landscape of cybersecurity,the efficacy of Intrusion Detection Systems(IDS)is increasingly measured by technical performance,operational usability,and adaptability.This study introduces and rigorously evaluates a Human-Computer Interaction(HCI)-Integrated IDS with the utilization of Convolutional Neural Network(CNN),CNN-Long Short Term Memory(LSTM),and Random Forest(RF)against both a Baseline Machine Learning(ML)and a Traditional IDS model,through an extensive experimental framework encompassing many performance metrics,including detection latency,accuracy,alert prioritization,classification errors,system throughput,usability,ROC-AUC,precision-recall,confusion matrix analysis,and statistical accuracy measures.Our findings consistently demonstrate the superiority of the HCI-Integrated approach utilizing three major datasets(CICIDS 2017,KDD Cup 1999,and UNSW-NB15).Experimental results indicate that the HCI-Integrated model outperforms its counterparts,achieving an AUC-ROC of 0.99,a precision of 0.93,and a recall of 0.96,while maintaining the lowest false positive rate(0.03)and the fastest detection time(~1.5 s).These findings validate the efficacy of incorporating HCI to enhance anomaly detection capabilities,improve responsiveness,and reduce alert fatigue in critical smart city applications.It achieves markedly lower detection times,higher accuracy across all threat categories,reduced false positive and false negative rates,and enhanced system throughput under concurrent load conditions.The HCIIntegrated IDS excels in alert contextualization and prioritization,offering more actionable insights while minimizing analyst fatigue.Usability feedback underscores increased analyst confidence and operational clarity,reinforcing the importance of user-centered design.These results collectively position the HCI-Integrated IDS as a highly effective,scalable,and human-aligned solution for modern threat detection environments.
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by the Ministry of Trade,Industry and Energy(MOTIE)under Training Industrial Security Specialist for High-Tech Industry[grant number RS-2024-00415520]supervised by the Korea Institute for Advancement of Technology(KIAT)Ministry of Science and ICT(MSIT)under the ICAN(ICT Challenge and Advanced Network of HRD)program[grant number IITP-2022-RS-2022-00156310]+1 种基金National Research Foundation of Korea(NRF)grant[RS-2025-00518150]the Information Security Core Technology Development program[grant number RS-2024-00437252]supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.
文摘In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
