Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted featur...Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.展开更多
The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly ...The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.展开更多
Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data co...Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.展开更多
The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.Thi...The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.展开更多
With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although mu...In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.展开更多
Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to disco...Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to discover more features of the basement structure.A land survey of gravity measurement was conducted at 383 stations south of Toba.The observed gravity was then used to generate Complete Bouguer Anomaly and residual-regional anomaly maps.In addition,several edge enhancements based on derivations were applied.All results presented lineations that could be linked to previously recognized active faults and structures.Additionally,the most prominent feature is a large northwest-southeast elongated high anomaly,almost sub-parallel to the Sumatra Fault Zone(SFZ).Since the feature is also located at the continuation of the Medial Sumatra Tectonic Zone(MSTZ),the body might be the hidden part of this major tectonic zone.The occurrence of MSTZ across the SFZ would affect the rupture propagation of earthquake events in the fault segment of the SFZ.展开更多
Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which ...Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.展开更多
Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract loc...Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.展开更多
The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charg...The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.展开更多
As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and...As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.展开更多
To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military ...To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military standards.The PDT method holds the view that there exist defects such as machining scratches and service cracks in the tenon-groove structures of aeroengine disks.However,it is challenging to conduct PDT assessment due to the scarcity of effective Probability of Detection(POD)model and anomaly distribution model.Through a series of Nondestructive Testing(NDT)experiments,the POD model of real cracks in tenon-groove structures is constructed for the first time by employing the Transfer Function Method(TFM).A novel anomaly distribution model is derived through the utilization of the POD model,instead of using the infeasible field data accumulation method.Subsequently,a framework for calculating the Probability of Failure(POF)of the tenon-groove structures is established,and the aforementioned two models exert a significant influence on the results of POF.展开更多
The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced met...The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.展开更多
Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time perfor...Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time performance and monitoring scope.To address this,a temperature detection method based on infrared image processing has been proposed:utilizing the median filtering algorithm to denoise the original infrared image,then applying an image segmentation algorithm to divide the image.展开更多
The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,t...The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,this paper proposes a method based on Fuzzy Fusion of variablesand Discriminant mapping of features for Clustering(FFD-Clustering)to detect anomalies in originalmonitoring data from Aircraft Communication Addressing and Reporting System(ACARS).Firstly,associated variables are fuzzily grouped to extract the underlying distribution characteristics and trendsfrom the data.Secondly,a multi-layer contrastive denoising-based feature Fusion Encoding Network(FEN)is designed for each variable group,which can construct representative features for each variablegroup through eliminating strong noise and complex interrelations between variables.Thirdly,a featureDiscriminative Mapping Network(DMN)based on reconstruction difference re-clustering is designed,which can distinguish dissimilar feature vectors when mapping representative features to a unified fea-ture space.Finally,the K-means clustering is used to detect the abnormal feature vectors in the unifiedfeature space.Additionally,the algorithm is capable of reconstructing identified abnormal vectors,thereby locating the abnormal variable groups.The performance of this algorithm was tested ontwo public datasets and real original monitoring data from four aero-engines'ACARS,demonstratingits superiority and application potential in aero-engine anomaly detection.展开更多
Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,p...Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,poor temporal dependency handling,and suboptimal real-time performance,sometimes even neglecting the temporal relationships between data.To address these issues and improve anomaly detection performance by better capturing temporal dependencies,we propose an unsupervised time series anomaly detection method,VLT-Anomaly.First,we enhance the Variational Autoencoder(VAE)module by redesigning its network structure to better suit anomaly detection through data reconstruction.We introduce hyperparameters to control the weight of the Kullback-Leibler(KL)divergence term in the Evidence Lower Bound(ELBO),thereby improving the encoder module’s decoupling and expressive power in the latent space,which yields more effective latent representations of the data.Next,we incorporate transformer and Long Short-Term Memory(LSTM)modules to estimate the long-term dependencies of the latent representations,capturing both forward and backward temporal relationships and performing time series forecasting.Finally,we compute the reconstruction error by averaging the predicted results and decoder reconstruction and detect anomalies through grid search for optimal threshold values.Experimental results demonstrate that the proposed method performs superior anomaly detection on multiple public time series datasets,effectively extracting complex time-related features and enabling efficient computation and real-time anomaly detection.It improves detection accuracy and robustness while reducing false positives and false negatives.展开更多
Sea level has been rising gradually in recent decades.Against this background,this study utilizes synchronous multialtimeter measurements to investigate variations in wind and wave fields relative to sea level anomaly...Sea level has been rising gradually in recent decades.Against this background,this study utilizes synchronous multialtimeter measurements to investigate variations in wind and wave fields relative to sea level anomaly(SLA)in the China Seas and its adjacent waters.The validation between Haiyang-2(HY-2)measurement proceeded to be geophysical data records(GDR)and moored buoys indicate that HY-2 scatterometer-measured wind speed outperforms that derived from altimeter,with lower root-mean-squared error(RMSE)(1.87 m/s vs.2.03 m/s),smaller bias(−0.06 m/s vs.0.47 m/s),same correlation(COR)(0.84),and reduced scatter index(SI)(0.27 vs.0.29).Conversely,GDR product from HY-2 altimeter demonstrates reliable accuracy of significant wave height(SWH)(RMSE:0.37 m,bias:−0.03 m,COR:0.92,SI:0.30).Further time series analysis of HY-2 data reveals synchronized oscillations among SLA,wind speed and SWH with SLA strongly influencing wind speed under extreme conditions.Seasonal and regional disparities are evident:wind speed positively correlates with SLA in spring but shows a negative correlation in summer,while autumn and winter exhibit weak correlations.Periodic linkages between SWH and SLA are prominent in summer and autumn.In addition,the regional analysis shows that the Bohai Sea experiences declining autumn/winter wind speeds with higher SLA but without consistent SWH trends,while the Yellow Sea demonstrates summer covariation among wind speed,SWH and SLA.The East China Sea maintains synchronized SLA-wind speed-SWH relationship throughout spring,summer and winter,while the South China Sea shows alignment only in spring.The largest SLA,wind speed and SWH variations occur in the East China Sea and South China Sea,primarily driven by vigorous energy exchanges processes with the open ocean.These findings highlight distinct response mechanisms of regional marine dynamics to SLA,shaped by localized hydrological-climatic interactions.展开更多
We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framewo...We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framework innovatively combines Graph Neural Networks(GNN)and advanced data fusion techniques to enhance IoDT capabilities.Through spatial crowdsourcing,drones collectively gather diverse,real-time data across multiple locations,creating a rich dataset for analysis.This method integrates spatial,temporal,and various data modalities,facilitating early bushfire detection by identifying subtle environmental and operational changes.Utilizing a complex GNN architecture,our model effectively processes the intricacies of spatially crowdsourced data,significantly increasing anomaly detection accuracy.It incorporates modules for temporal pattern recognition and spatial analysis of environmental impacts,leveraging multimodal data to detect a wide range of anomalies,from temperature shifts to humidity variations.Our approach has been empirically validated,achieving an F1 score of 0.885,highlighting its superior anomaly detection performance.This integration of spatial crowdsourcing with IoDT not only establishes a new standard for environmental monitoring but also contributes significantly to disaster management and urban sustainability.展开更多
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant no.(GPIP:1074-612-2024).
文摘Log anomaly detection is essential for maintaining the reliability and security of large-scale networked systems.Most traditional techniques rely on log parsing in the reprocessing stage and utilize handcrafted features that limit their adaptability across various systems.In this study,we propose a hybrid model,BertGCN,that integrates BERT-based contextual embedding with Graph Convolutional Networks(GCNs)to identify anomalies in raw system logs,thereby eliminating the need for log parsing.TheBERT module captures semantic representations of log messages,while the GCN models the structural relationships among log entries through a text-based graph.This combination enables BertGCN to capture both the contextual and semantic characteristics of log data.BertGCN showed excellent performance on the HDFS and BGL datasets,demonstrating its effectiveness and resilience in detecting anomalies.Compared to multiple baselines,our proposed BertGCN showed improved precision,recall,and F1 scores.
文摘The rapid digitalization of the energy sector has led to the deployment of large-scale smart metering systems that generate high-frequency time series data,creating new opportunities and challenges for energy anomaly detection.Accurate identification of anomalous patterns in building energy consumption is essential for optimizing operations,improving energy efficiency,and supporting grid reliability.This study investigates advanced feature engineering and machine learning modeling techniques for large-scale time series anomaly detection in building energy systems.Expanding upon previous benchmark frameworks,we introduce additional features such as oil price indices and solar cycle indicators,including sunset and sunrise times,to enhance the contextual understanding of consumption patterns.Our comparative modeling approach encompasses an extensive suite of algorithms,including KNeighborsUnif,KNeighborsDist,LightGBMXT,LightGBM,RandomForestMSE,CatBoost,ExtraTreesMSE,NeuralNetFastAI,XGBoost,NeuralNetTorch,and LightGBMLarge.Data preprocessing includes rigorous handling of missing values and normalization,while feature engineering focuses on temporal,environmental,and value-change attributes.The models are evaluated on a comprehensive dataset of smart meter readings,with performance assessed using metrics such as the Area Under the Receiver Operating Characteristic Curve(AUC-ROC).The results demonstrate that the integration of diverse exogenous variables and a hybrid ensemble of traditional tree-based and neural network models can significantly improve anomaly detection performance.This work provides new insights into the design of robust,scalable,and generalizable frameworks for energy anomaly detection in complex,real-world settings.
基金supported by Natural Science Foundation of Qinghai Province(2025-ZJ-994M)Scientific Research Innovation Capability Support Project for Young Faculty(SRICSPYF-BS2025007)National Natural Science Foundation of China(62566050).
文摘Multivariate anomaly detection plays a critical role in maintaining the stable operation of information systems.However,in existing research,multivariate data are often influenced by various factors during the data collection process,resulting in temporal misalignment or displacement.Due to these factors,the node representations carry substantial noise,which reduces the adaptability of the multivariate coupled network structure and subsequently degrades anomaly detection performance.Accordingly,this study proposes a novel multivariate anomaly detection model grounded in graph structure learning.Firstly,a recommendation strategy is employed to identify strongly coupled variable pairs,which are then used to construct a recommendation-driven multivariate coupling network.Secondly,a multi-channel graph encoding layer is used to dynamically optimize the structural properties of the multivariate coupling network,while a multi-head attention mechanism enhances the spatial characteristics of the multivariate data.Finally,unsupervised anomaly detection is conducted using a dynamic threshold selection algorithm.Experimental results demonstrate that effectively integrating the structural and spatial features of multivariate data significantly mitigates anomalies caused by temporal dependency misalignment.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2025-02-01276).
文摘The rapid proliferation of Internet of Things(IoT)devices in critical healthcare infrastructure has introduced significant security and privacy challenges that demand innovative,distributed architectural solutions.This paper proposes FE-ACS(Fog-Edge Adaptive Cybersecurity System),a novel hierarchical security framework that intelligently distributes AI-powered anomaly detection algorithms across edge,fog,and cloud layers to optimize security efficacy,latency,and privacy.Our comprehensive evaluation demonstrates that FE-ACS achieves superior detection performance with an AUC-ROC of 0.985 and an F1-score of 0.923,while maintaining significantly lower end-to-end latency(18.7 ms)compared to cloud-centric(152.3 ms)and fog-only(34.5 ms)architectures.The system exhibits exceptional scalability,supporting up to 38,000 devices with logarithmic performance degradation—a 67×improvement over conventional cloud-based approaches.By incorporating differential privacy mechanisms with balanced privacy-utility tradeoffs(ε=1.0–1.5),FE-ACS maintains 90%–93%detection accuracy while ensuring strong privacy guarantees for sensitive healthcare data.Computational efficiency analysis reveals that our architecture achieves a detection rate of 12,400 events per second with only 12.3 mJ energy consumption per inference.In healthcare risk assessment,FE-ACS demonstrates robust operational viability with low patient safety risk(14.7%)and high system reliability(94.0%).The proposed framework represents a significant advancement in distributed security architectures,offering a scalable,privacy-preserving,and real-time solution for protecting healthcare IoT ecosystems against evolving cyber threats.
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
文摘In the field of intelligent surveillance,weakly supervised video anomaly detection(WSVAD)has garnered widespread attention as a key technology that identifies anomalous events using only video-level labels.Although multiple instance learning(MIL)has dominated the WSVAD for a long time,its reliance solely on video-level labels without semantic grounding hinders a fine-grained understanding of visually similar yet semantically distinct events.In addition,insufficient temporal modeling obscures causal relationships between events,making anomaly decisions reactive rather than reasoning-based.To overcome the limitations above,this paper proposes an adaptive knowledgebased guidance method that integrates external structured knowledge.The approach combines hierarchical category information with learnable prompt vectors.It then constructs continuously updated contextual references within the feature space,enabling fine-grained meaning-based guidance over video content.Building on this,the work introduces an event relation analysis module.This module explicitly models temporal dependencies and causal correlations between video snippets.It constructs an evolving logic chain of anomalous events,revealing the process by which isolated anomalous snippets develop into a complete event.Experiments on multiple benchmark datasets show that the proposed method achieves highly competitive performance,achieving an AUC of 88.19%on UCF-Crime and an AP of 86.49%on XD-Violence.More importantly,the method provides temporal and causal explanations derived from event relationships alongside its detection results.This capability significantly advances WSVAD from a simple binary classification to a new level of interpretable behavior analysis.
基金National Research and Innovation Agency(BRIN),Indonesia,with Grant No.373/II/FR/3/2022(Expedition and Exploration Fund),676/III/PR.01.December 03,2021(Geological Hazard In-House Program)。
文摘Basement structures may influence how ruptures propagate during an earthquake.However,most structural evidence is beneath the thick layer of younger volcanic sediments.In this study,gravity method was applied to discover more features of the basement structure.A land survey of gravity measurement was conducted at 383 stations south of Toba.The observed gravity was then used to generate Complete Bouguer Anomaly and residual-regional anomaly maps.In addition,several edge enhancements based on derivations were applied.All results presented lineations that could be linked to previously recognized active faults and structures.Additionally,the most prominent feature is a large northwest-southeast elongated high anomaly,almost sub-parallel to the Sumatra Fault Zone(SFZ).Since the feature is also located at the continuation of the Medial Sumatra Tectonic Zone(MSTZ),the body might be the hidden part of this major tectonic zone.The occurrence of MSTZ across the SFZ would affect the rupture propagation of earthquake events in the fault segment of the SFZ.
基金supported by the National Natural Science Foundation of China(No.52188102).
文摘Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.
基金supported by the Xiamen Science and Technology Subsidy Project(No.2023CXY0318).
文摘Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.
基金supported by Jiangsu Provincial Science and Technology Project,grant number J2023124.Jing Guo received this grant,the URLs of sponsors’website is https://kxjst.jiangsu.gov.cn/(accessed on 06 June 2024).
文摘The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.
基金supported in part by the Guangxi Science and Technology Major Program under grant AA22068067the Guangxi Natural Science Foundation under grant 2023GXNSFAA026236 and 2024GXNSFDA010064the National Natural Science Foundation of China under project 62172119.
文摘As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.
基金supported by the National Major Science and Technology Project,China(No.J2019-Ⅳ-0007-0075)the Fundamental Research Funds for the Central Universities,China(No.JKF-20240036)。
文摘To ensure the structural integrity of life-limiting component of aeroengines,Probabilistic Damage Tolerance(PDT)assessment is applied to evaluate the failure risk as required by airworthiness regulations and military standards.The PDT method holds the view that there exist defects such as machining scratches and service cracks in the tenon-groove structures of aeroengine disks.However,it is challenging to conduct PDT assessment due to the scarcity of effective Probability of Detection(POD)model and anomaly distribution model.Through a series of Nondestructive Testing(NDT)experiments,the POD model of real cracks in tenon-groove structures is constructed for the first time by employing the Transfer Function Method(TFM).A novel anomaly distribution model is derived through the utilization of the POD model,instead of using the infeasible field data accumulation method.Subsequently,a framework for calculating the Probability of Failure(POF)of the tenon-groove structures is established,and the aforementioned two models exert a significant influence on the results of POF.
文摘The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.
基金supported by the National Key Research and Development Project of China(No.2023YFB3709605)the National Natural Science Foundation of China(No.62073193)the National College Student Innovation Training Program(No.202310422122)。
文摘Potential high-temperature risks exist in heat-prone components of electric moped charging devices,such as sockets,interfaces,and controllers.Traditional detection methods have limitations in terms of real-time performance and monitoring scope.To address this,a temperature detection method based on infrared image processing has been proposed:utilizing the median filtering algorithm to denoise the original infrared image,then applying an image segmentation algorithm to divide the image.
基金co-supported by the National Science and Technology Major Project,China(No.J2019-I-0001-0001)the National Natural Science Foundation of China(No.52105545)。
文摘The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,this paper proposes a method based on Fuzzy Fusion of variablesand Discriminant mapping of features for Clustering(FFD-Clustering)to detect anomalies in originalmonitoring data from Aircraft Communication Addressing and Reporting System(ACARS).Firstly,associated variables are fuzzily grouped to extract the underlying distribution characteristics and trendsfrom the data.Secondly,a multi-layer contrastive denoising-based feature Fusion Encoding Network(FEN)is designed for each variable group,which can construct representative features for each variablegroup through eliminating strong noise and complex interrelations between variables.Thirdly,a featureDiscriminative Mapping Network(DMN)based on reconstruction difference re-clustering is designed,which can distinguish dissimilar feature vectors when mapping representative features to a unified fea-ture space.Finally,the K-means clustering is used to detect the abnormal feature vectors in the unifiedfeature space.Additionally,the algorithm is capable of reconstructing identified abnormal vectors,thereby locating the abnormal variable groups.The performance of this algorithm was tested ontwo public datasets and real original monitoring data from four aero-engines'ACARS,demonstratingits superiority and application potential in aero-engine anomaly detection.
基金support from the Fundamental Research Funds for Central Public Welfare Research Institutes(SK202324)the Central Guidance on Local Science and Technology Development Fund of Hebei Province(236Z0104G)+1 种基金the National Natural Science Foundation of China(62476078)the Geological Survey Project of China Geological Survey(G202304-2).
文摘Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,poor temporal dependency handling,and suboptimal real-time performance,sometimes even neglecting the temporal relationships between data.To address these issues and improve anomaly detection performance by better capturing temporal dependencies,we propose an unsupervised time series anomaly detection method,VLT-Anomaly.First,we enhance the Variational Autoencoder(VAE)module by redesigning its network structure to better suit anomaly detection through data reconstruction.We introduce hyperparameters to control the weight of the Kullback-Leibler(KL)divergence term in the Evidence Lower Bound(ELBO),thereby improving the encoder module’s decoupling and expressive power in the latent space,which yields more effective latent representations of the data.Next,we incorporate transformer and Long Short-Term Memory(LSTM)modules to estimate the long-term dependencies of the latent representations,capturing both forward and backward temporal relationships and performing time series forecasting.Finally,we compute the reconstruction error by averaging the predicted results and decoder reconstruction and detect anomalies through grid search for optimal threshold values.Experimental results demonstrate that the proposed method performs superior anomaly detection on multiple public time series datasets,effectively extracting complex time-related features and enabling efficient computation and real-time anomaly detection.It improves detection accuracy and robustness while reducing false positives and false negatives.
基金The National Natural Science Foundation of China under contract No.42376174the Natural Science Foundation of Shanghai under contract No.23ZR1426900。
文摘Sea level has been rising gradually in recent decades.Against this background,this study utilizes synchronous multialtimeter measurements to investigate variations in wind and wave fields relative to sea level anomaly(SLA)in the China Seas and its adjacent waters.The validation between Haiyang-2(HY-2)measurement proceeded to be geophysical data records(GDR)and moored buoys indicate that HY-2 scatterometer-measured wind speed outperforms that derived from altimeter,with lower root-mean-squared error(RMSE)(1.87 m/s vs.2.03 m/s),smaller bias(−0.06 m/s vs.0.47 m/s),same correlation(COR)(0.84),and reduced scatter index(SI)(0.27 vs.0.29).Conversely,GDR product from HY-2 altimeter demonstrates reliable accuracy of significant wave height(SWH)(RMSE:0.37 m,bias:−0.03 m,COR:0.92,SI:0.30).Further time series analysis of HY-2 data reveals synchronized oscillations among SLA,wind speed and SWH with SLA strongly influencing wind speed under extreme conditions.Seasonal and regional disparities are evident:wind speed positively correlates with SLA in spring but shows a negative correlation in summer,while autumn and winter exhibit weak correlations.Periodic linkages between SWH and SLA are prominent in summer and autumn.In addition,the regional analysis shows that the Bohai Sea experiences declining autumn/winter wind speeds with higher SLA but without consistent SWH trends,while the Yellow Sea demonstrates summer covariation among wind speed,SWH and SLA.The East China Sea maintains synchronized SLA-wind speed-SWH relationship throughout spring,summer and winter,while the South China Sea shows alignment only in spring.The largest SLA,wind speed and SWH variations occur in the East China Sea and South China Sea,primarily driven by vigorous energy exchanges processes with the open ocean.These findings highlight distinct response mechanisms of regional marine dynamics to SLA,shaped by localized hydrological-climatic interactions.
文摘We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framework innovatively combines Graph Neural Networks(GNN)and advanced data fusion techniques to enhance IoDT capabilities.Through spatial crowdsourcing,drones collectively gather diverse,real-time data across multiple locations,creating a rich dataset for analysis.This method integrates spatial,temporal,and various data modalities,facilitating early bushfire detection by identifying subtle environmental and operational changes.Utilizing a complex GNN architecture,our model effectively processes the intricacies of spatially crowdsourced data,significantly increasing anomaly detection accuracy.It incorporates modules for temporal pattern recognition and spatial analysis of environmental impacts,leveraging multimodal data to detect a wide range of anomalies,from temperature shifts to humidity variations.Our approach has been empirically validated,achieving an F1 score of 0.885,highlighting its superior anomaly detection performance.This integration of spatial crowdsourcing with IoDT not only establishes a new standard for environmental monitoring but also contributes significantly to disaster management and urban sustainability.
