Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Anomaly Detection Using Machine Learning Techniques: A Systematic Review

  • Conference paper
  • First Online:
Advances in Data-Driven Computing and Intelligent Systems (ADCIS 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 698))

Abstract

Anomaly detection is an observation of irregular, uncommon events that leads to a deviation from the expected behaviour of a larger dataset. When data is multiplied exponentially, it becomes sparse, making it difficult to spot anomalies. The fundamental aim of anomaly detection is to determine odd cases as the data may be properly evaluated and understood to make the best decision possible. A promising area of research is detecting anomalies using modern ML algorithms. Many machines learning models that are used to learn and detect anomalies in their respective applications across various domains are examined in this systematic review study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Foorthuis R (2020) On the nature and types of anomalies: a review in deviations of data

    Google Scholar 

  2. Hodge VJ, Austin J (2004) A survey of outlier detection methodologies. In: Artificial intelligence review, pp 85–126

    Google Scholar 

  3. Parmar JD, Patel JT (2017) Anomaly detection in data mining: a review. Int J Adv Res Comput Sci Softw Eng 7(4)

    Google Scholar 

  4. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3): 71–97. https://doi.org/10.1145/1541880.1541882

  5. Nassif AB, Talib MA, Nassar Q, Dakalbad FM (2021) Machine learning for anomaly detection: a systematic review, IEEE

    Google Scholar 

  6. Naik DPM, Satya R, Chaitra BH, Vishalakshi BH (2020) Anomaly detection: different machine learning techniques, a review. Int J Adv Res Comput Commun Eng

    Google Scholar 

  7. Ahamed R, Gani AZ, Nazaruddin FH, Hashem IAT (2018) Real time big data processing for anomaly detection: a survey. Int J Inf Manage

    Google Scholar 

  8. Agarwal S, Agarwal J (2015) Survey on anomaly detection using data mining techniques. In: International conference on knowledge based and intelligent information and engineering systems

    Google Scholar 

  9. Kang M (2018) Prognostics and health management of electronics fundamentals, machine learning and internet of things

    Google Scholar 

  10. Al-Amri R, Murugesan RK, Man M, Ateef AFA, Al-shafri MA, Alkatahani AA (2021) MDPI Appl Sci Jl

    Google Scholar 

  11. Gu X, Wang H (2009) Online anomaly predictions for robust cluster systems. In: 25th IEEE conference data engineering, pp 1000–1011. https://doi.org/10.1109/ICDE.2009.128

  12. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18): 3799–3821. https://doi.org/10.1016/j.ins.2007.03.025

  13. Tiang J, Gu H (2010) Anomaly detection combining one class SVM and particle swarm optimization algorithms, pp 303–310. https://doi.org/10.1007/s11071-009-9650-5

  14. Depren O, Topallar M, Anarim A, Ciliz MK (2005) An intelligent intrusion detection system for anomaly and misuse detection in computer networks. In: Expert system applications, pp 713–722. https://doi.org/10.1016/j.eswa.2005.05.002

  15. Valdes A, Macwan R, Backes M (2016) Anomaly detection in electrical substation circuits via unsupervised Machine learning. In: IEEE 17th international conference on info reuse and integration (IRI), pp 500–505. https://doi.org/10.1109/IRI.2016.74

  16. Chang M, Teriz A, Bonnet P (2009) Mote based online anomaly detection using echo state networks. In: DCOSS, pp 72–86. https://doi.org/10.1007/98-3-642-02085-8_6

  17. Paula EL, Laderia M, Carvalho RN, Marzagao T (2016) Deep learning anomaly detection as support fraud investigation in Brazilian exports and anti-money laundering. In: IEEE international conference on ML applications, (ICMLA), pp 954–960. https://doi.org/10.1109/ICMLA.2016.0172

  18. Fujimaki R (2008) Anomaly detection support vector machine and its applications to fault diagnosis. In: 8th IEEE conference on data mining, pp 797–802. https://doi.org/10.1109/ICDM.2008.69

  19. Liu D, Lung CH, Lambadaris I, Seddigh N (2013) Network traffic anomaly detection using clustering techniques and performance comparison. In: 26th IEEE Canadian conference on electrical and comp engineering (CCECE). https://doi.org/10.1109/CCECE.2013.6567739

  20. Anton SD, Kanoor S, Fraunhloz D, Schotten HD (2018) Evaluation of machine learning based anomaly detection algorithms on an industrial modbus/TCP data set. In: 13th conference on availability, reliability and security, pp 1–41. https://doi.org/10.1145/3230833.3232818

  21. Depren O, Topallar M, Anarim E, Kamal Celiz M (2005) An intelligent intrusion detection systems (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4): 713–722 https://doi.org/10.1016/j.eswa.2005.05.002

  22. Lapitev N, Amizadeh S, Flint I (2015) Generic and scalable framework for automated time series anomaly detection. In: Proceedings 21st knowledge discovery data mining, pp 1939–1947. https://doi.org/10.1145/2783258.2788611

  23. Lin C-H, Li J-C, Ho C-H (2008) Anomaly detection using LibSVM training tools. In: Info security and assurance, pp 166–176. https://doi.org/10.1109/ISA.2008.12

  24. Terzi DS, Terzi R, Sagiroglu S (2017) Big data analytics for network anomaly detection from netflow data. In: International conference on comp sci and engg (UBMK). https://doi.org/10.1109/UBMK.2017.8093473

  25. Li W, Li Q (2010) Using naïve bayes with adaboost to enhance network anomaly intrusion detection. In: 3rd international conference on intelligent networks and intelligent systems (ICINS), vol 99, pp 486–489. https://doi.org/10.1109/ICINIS.2010.133

  26. Kim G, Lee S, Kim S (2014) A Novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 21(4): 1690–1700. https://doi.org/10.1016/j.eswa.2013.08.066

  27. Pena EHM, Carvalho LF, Barbon S Jr, Rodriques JJPC, Proenca ML Jr (2017) Anomaly detection using correlational paraconsistent machine with digital signatures of network segment. Info Sci Int J 420(C): 313–318. https://doi.org/10.1016/j.ins.2017.08.074

  28. Yuan Y, Fang J, Wang Q (2014) Online anomaly detection in cloud scenes via structure analysis. IEEE Trans Cybern 45(3). https://doi.org/10.1109/TCYB.2014.2330853

  29. Adler A, Mayhew MJ, Cleveland J, Atigetchi M, Greenstadt R (2013) Using machine learning for behaviour based access: scalable anomaly detection on TCP connections and HTTP requests. In: Milcom conference, pp 1880–1887

    Google Scholar 

  30. Wang XR, Lizier JT, Obst O, Propopenko M, Wang P (2008) Spatiotemporal anomaly detection in gas monitoring sensor networks. Lecture Notes in Compter Series, pp 90–105. https://doi.org/10.1007/978-3-54077690-1_6

  31. Al-Subaie M, Zulkermine M (2006) Efficacy of hidden Markov models over neural networks in anomaly intrusion detection. In: 30th annual international computer software and applications conference (COMPSAC’06). https://doi.org/10.1109/COMPSAC.2006.40

  32. Chen H, Fei X, Wang S, Liu X, Jin G, Li W, Wu X (2014) Energy consumption data based machine anomaly detection. In: 2nd international conference on advance cloud and bug data. https://doi.org/10.1109/CBD.2014.24

  33. Rajasegarar S, Lekie C, Palaniswami M, Bezdek JC (2010) Central hyperspherical and hyperellipsoidal one class support vector machines for anomaly detection in sensor networks. In: IEEE trans info forensic security, pp 518–533. https://doi.org/10.1109/TIFS.2010.2051543

  34. Santos Texeria PHD, Miliduia RL (2010) Data stream anomaly detection through principal subspace tracking. In: ACM symposium on applied computing, pp 1609–1616. https://doi.org/10.1145/1774088.1774434

  35. Liau Y, Vemuri VR, Pasos A (2005) Adaptive anomaly detection with evolving connectionists system. J Netw Comput Appl 60–80. https://doi.org/10.1016/j.jnca.2005.08.005

  36. Maggi F, Zanerro S, Lozzo V (2008) Seeing the invisible: forensic uses of anomaly detection and machine learning. In: ACM ASIGOPS operating system review, pp 51–58. https://doi.org/10.1145/1368506.1368514

  37. Shiekhan M, Jadidi Z (2012) Flow based anomaly detection in high speed links using modified GSA-optimized neural network. Neural Comput Appl 24(3–4): 599–611. https://doi.org/10.1007/s00521-012-1263-0

  38. Duffield N, Haffner P, Ringberg H, Krishnamurthy B (2009) Rule based anomaly detection for IP flows. In: IEEE 28th proceedings, INFOCOM, pp 424–432. https://doi.org/10.1109/Infcom.2009.5061947

  39. Stolfo SJ, Hershkop S, Bui LH, Ferster R (2005) Anomaly detection in computer security and an application file system access. In: Conference: foundation on intelligent systems, 15th international symposium (ISMIS), pp 14–28. https://doi.org/10.1007/11425274_2

  40. Liu J, Gu J, Li H, Carlson KH (2020) Machine learning and transport simulation for ground water anomaly detection. J Comput Appl Math 380. https://doi.org/10.1016/j.cam.2020.112982

  41. Kim DSD, Nguyen H-N, Ohn S-Y, Park JS (2005) Fusions of GA and SVM for anomaly detection in intrusion detection systems. In: Conference on advances in Nueral N/Ws, pp 415–420. https://doi.org/10.1007/11427469_67

  42. Fu S (2011) Performance metric selection for autonomic anomaly detection on cloud computing systems. In: Proceedings of the global communication conference (Globecom), pp 5–9. https://doi.org/10.1109/GLOCOM.2011.6134532

  43. Fan W, Bougila N, Ziou D (2011) Unsupervised anomaly intrusion detection via localized Bayesian feature selection. In: Proceedings 11th IEEE conference (data mining ICDM), pp 1032–1037. https://doi.org/10.1109/ICDM.2011.152

  44. Yasami Y, Mozaffari SP (2009) A novel unsupervised classification approach for network anomaly detection by k-means clustering and ID3 decision tree learning methods, pp 231–245. https://doi.org/10.1007/S11227-009-0338-x

  45. Maglaras LA, Jiang J (2014) Intrusion detection in SCADA Systems using machine learning techniques, pp 626–631. https://doi.org/10.1109/SAI.2014.6918252

  46. Smith D, Guan Q, Fu S (2010) An anomaly detection framework for automatic management of compute cloud system. In: 34th IEEE annual computer s/w and applications workshops, pp 376–381. https://doi.org/10.1109/COMPSACW.2010.72

  47. Song X, Wu M, Jermaine C, Ranka S (2007) Conditional anomaly detection. IEEE Trans Knowl Data Eng 19(5): 631–644. https://doi.org/10.1109/TKDE.2007.1009

  48. Linda O, Manic M, Vollmer T, Wright J (2011) Fuzzy logic-based anomaly detection for embedded network security cyber sensor. In: IEEE symposium on computational intelligence and cyber security (CICS), pp 202–209. https://doi.org/10.1109/CICYBS.2011.5949392

  49. Kumar S, Nandi S, Biswas S (2011) Research and application of one class small hypersphere SVM for network anomaly detection. In: 3rd international conference on communication systems and networks (COMSNETS), pp 1–4. https://doi.org/10.1109/COMSNETS.2011.5716425

  50. Du M, Fi L, Zheng G, Srikumar V (2017) Deeplog: anomaly detection and diagnosis for system logs through deep learning. In: Proceedings ACM SIGSAC, conference on computing and communications sec, pp 1285–1298. https://doi.org/10.1145/3133956.3134015

  51. Fujimaki R, Yairi T, Machida K (2005) An approach to spacecraft anomaly detection problem using kernel feature space. In: ACM international conference on KDD, pp 401–410. https://doi.org/10.1145/1081870.1081917

  52. Schimdt AD, Peters F, Lamour F, Camptepe SA, Albayarak S (2009) Monitoring smartphones for anomaly detection. In: Mobile n/w applns, pp 92–106. https://doi.org/10.1107/s11036-008-0113-x

  53. Field M, Das SB, Oza NC, Mathews BL, Srivastava AL (2010) Multiple kernel learning for heterogeneous anomaly detection: algorithm and aviation safety case study categories and subject descriptors, pp 47–56

    Google Scholar 

  54. Chimplee V, Abdullah AH, Md Sap MN, Srinoy SW, Chimplee S (2006) Anomaly based intrusion detection using rough clustering. In: International conference on hybrid info tech, pp 329–334. https://doi.org/10.1109/ICHIT.2006.253508

  55. Purarjomandlangrudi A, Ghapanchi A, Esmalifalak M (2019) A datamining approach for fault diagnosis: an application of anomaly detection algorithm, vol 55, pp 343–352. https://doi.org/10.1016/j.measurement.2014.05.029

  56. Shon T, Kim Y, Lee C, Moon J (2005) A machine learning framework for network anomaly detection using SVM and GA. In: Proceedings from 6th annual IEEE SMC, information assurance workshop. https://doi.org/10.1109/IAW.2005.1495950

  57. Rubeinstein BIP, Nelson B, Lau SH, Joseph AD, Rao S, Taft N, Tygar JD (2009) Stealthy poisoning attacks on PCA based anomaly detectors, vol 37, issue no 2, pp 73–74. https://doi.org/10.1145/1639562.1639292

  58. Ahmed T, Coates M, Lakhina N (2007) Multivariate online anomaly detection using kernel recursive least squares. In: 28th IEEE international conference on computer communications (INFCOM), pp 625–633. https://doi.org/10.1109/INFCOM.2007.79

  59. Rubenstien BIP, Huang L, Nelson B, Joseph AD, Lau SH, Rao S, Thaft N, Tygar JD (2009) ANTIDOTE: understanding and defending against poisoning of anomaly detectors. In: 9th ACM SIGCOMM, pp 1–14. https://doi.org/10.1145/1644893.1644895

  60. Teng M (2010) Anomaly detection on time series. In: IEEE conference progress in informatics and computing, vol 1, pp 603–608. https://doi.org/10.1109/PIC.2010.5687485

  61. Shi J, He G, Liu X (2018) Anomaly detection for key performance indicators through machine learning. In: International conference on network infrastructure and digital content, pp 1–5. https://doi.org/10.1109/ICNIDC.2018.8525714

  62. Joseph Dean D, Nguyen H, Gu X (2012) UBL: unsupervised behaviour learning for predicting performance anomalies in virtualised cloud systems. In: Proceedings on 9th international conference on autonomic computing, pp 191–200, ICAC. https://doi.org/10.1145/2371536.2371572

  63. Stibor T, Mohr P, Timmis J, Eckert C (2005) Is negative selection appropriate for anomaly detection. In: Proceedings on 7th annual conference on genetic and evolutionary computation, pp 321–328. https://doi.org/10.1145/1068009.1068061

  64. Theodoro PG, Verdejo D, Fernandez GM, Vazques E (2008) Anomaly based network intrusion detection: techniques systems, and challenges, pp 18–28. https://doi.org/10.1016/j.cose.2008.08.003

  65. Mascaro S, Nicholso AE, Borb KB (2013) Anomaly detection in vessel tracks using Bayesian networks. Int J Approximate Reasoning 55(1): 84–98. https://doi.org/10.1016/j.ijar.2013.03.012

  66. Ghanem TF, Elkilani WS, Khader HMA (2015)A hybrid approach for efficient anomaly detection using metaheuristic methods. J Adv Res 6(4): 609–619. https://doi.org/10.1016/j.jare.2014.02.009

  67. Rajasegarar S, Leki C, Palaniswami M (2008) CESVM: centralised hyperellipisodial support vector machine based anomaly detection. In: IEEE international conference communion, pp 1610–1614. https://doi.org/10.1109/ICC.2008.311

  68. Wang X, Wong JS, Stanley F, Basu S (2009) Cross layer-based anomaly detection in wireless mesh networks. In: 9th annual international symposium applns and the internet. https://doi.org/10.1109/SAINT.2009.11

  69. Shah G, Tiwari A (2018) Anomaly detection in IIoT: a case study using machine learning. In: Proceedings ACM India, International conference on data science and management data. https://doi.org/10.1145/3152494.3156896

  70. Rajasegarar S, Lekie C, Palaniswami M, Bezdek JC (2007) Quarter sphere based distributed anomaly detection in wireless sensor networks. In: International conference on communications, pp 3864–3869. https://doi.org/10.1109/ICC.2007.637

  71. Meng YX (2011) The practice on using machine learning for network anomaly detection. In: International conference on machine learning and cybernetics, pp 576–581. https://doi.org/10.1109/ICMLC.2011.6016798

  72. Erfani SM, Rajasegarar S, Karunasekara S, Lekie C (2016) High dimensional and large scale anomaly detection using linear one class SVM with deep learning. In: Pattern recognition, vol 8, pp 121–134. https://doi.org/10.1016/j.patcog.2016.03.028

  73. Hill DJ, Minsker BS (2010) Anomaly detection in streaming environmental sensor data: a data driven modelling approach. In: Environmental modelling and s/w, vol 1044–1022. https://doi.org/10.1016/j.envsoft.2009.08.010

  74. Wang Y, Wong J, Miner AS (2004) Anomaly intrusion detection using one class SVM. In: 5th IEEE annual conference on SMC info assurance workshop, pp 358–364. https://doi.org/10.1109/iaw.2004.1437839

  75. Zhao R, Du B, Zhang L (2014) A robust nonlinear hyperspectral anomaly detection approach. IEEE J Selected Topic Appl Earth Obs Remote Sens 7(4): 1227–1234. https://doi.org/10.1109/JSTARS.2014.2311995

  76. Taylor A, Japcowicz N, Leblanc S (2015) Frequency based anomaly detection for the automotive CAN bus. In: World congress on industrial control sys sec (WCICSS), pp 45–49. https://doi.org/10.1109/WCICSS.2015.7420322

  77. Hassan M, Islam MM, Zarif MII, Hashem MMA (2019) Attack and anomaly detection in IOT sensors in IOT sites using machine learning approaches. In: Internet of Things, vol 7. https://doi.org/10.1016/j.iot.2019.100059

  78. Subaie MA, Zulkernine M (2006) Efficacy of hidden Markov models over neural networks in anomaly intrusion detection. In: 30th annual international computer s/w and applications conference (COMPSAC), pp 325–332. https://doi.org/10.1109/COMPSAC.2006.40

  79. Wang F, Qian Y, Dai Y, Wang Z (2010) A model based on hybrid support vector machines and self-organising maps for anomaly detection. In: International conference communications mobile computing, pp 97–101. https://doi.org/10.1109/CMC.2010.9

  80. Gaddam SR, Poha VV, Balagani KS (2007) K-means+ID3: a novel method for supervised anomaly detection by cascading k means clustering and ID3 decision tree learning methods. In: IEEE transactions on K and D engineering, pp 345–354. https://doi.org/10.1109/TKDE2007.44

  81. Song J, Takakura H, Okabe Y, Nakao K (2011) Towards a more practical unsupervised anomaly detection system, vol 231, pp 4–14. https://doi.org/10.1016/j.ins.2011.08.011

  82. Jongsuebsuk P, Wattanapongsakorn A, Chamsripinyo C (2013) Network intrusion detection with fuzzy genetic algorithm for unknown facts. In: International conference on info n/w (ICOIN), pp 1–5. https://doi.org/10.1109/ICOIN.2013.6496342

  83. Anil S, Remya R (2013) A hybrid method based on genetic algorithm, self-organised feature map and support vector machine for better network anomaly detection. In: 4th international conference on computing, communications and network technology (ICCCNT), pp 1–5. https://doi.org/10.1109/ICCCNT.2013.6726604

  84. Malaiya RK, Kwon D, Kim J, Suh SC, Kim H, Kim I (2018) An empirical evaluation of deep learning for network anomaly detection. In: International conference on computing networking and communications (ICNC). https://doi.org/10.1109/ICCNC.2018.8390278

  85. Liu S, Chen Y, Trappe W, Greenstien LJ (2009) ALDO—an anomaly detection framework for dynamic spectrum access networks. In: Proceedings 28th IEEE conference computing communities (INFOCOM), pp 675–683

    Google Scholar 

  86. Sotiris VA, Tse PW, Pecht MG (2010) Anomaly detection through a Bayesian support vector machine, pp 277–286

    Google Scholar 

  87. Chen X, Li B, Proietti R, Zhu Z, Yoo SJB (2019) Self-taught anomaly detection with hybrid unsupervised\supervised machine learning in optical networks, vol 37, issue 7, pp 1742–1749. https://doi.org/10.1109/JLT.2019.2902487

  88. Hang X, Dai H (2005) Applying both positive and negative selection to supervised learning for anomaly detection. In: Proceedings 7th annual conference on genetic and evolutionary computation, pp 345–352. https://doi.org/10.1145/1068009.1068064

  89. Li Y, Fang B, Guo L, Chen Y (2007) Network anomaly detection based on TCN-KNN algorithm. In: Proceedings 2nd ACM symposium on info, computer and communications security, pp 13–19. https://doi.org/10.1145/1229285.1229292

  90. Shriram S, Sivasankar E (2019) Anomaly detection on shuttle data using unsupervised learning techniques. In: International conference on comput intelligence and knowledge Economy (ICCIKE), pp 221–225. https://doi.org/10.1109/ICCIKE47802.2019.9004325

  91. Xiao Z, Liu C, Chen C (2009) An anomaly detection scheme-based machine learning for WSN. In: First international conference on info science and engineering, pp 3959–3962. https://doi.org/10.1109/ICISE.2009.235

  92. Shi Y, Miao K (2019) Detecting anomalies in applications performance management system with machine learning algorithm. In: 3rd international conference on electronic IT computing engineering, pp 1787–1900. https://doi.org/10.1109/EITCE47263.2019.9094916

  93. Li K, Teng G (2006) Unsupervised SVM based on P-kernels for anomaly detection. In: First international conference on innovative computing info control (ICICIC), pp 59–62. https://doi.org/10.1109/ICICIC.2006.371

  94. Feng Y, Wu ZF, Wu K-G, Xiong Z-Y, Zhou Y (2005) An unsupervised anomaly intrusion detection algorithm based on swarm intelligence. In: International conference on machine learning and cybernetics, pp 3965–3969. https://doi.org/10.1109/ICMLC.2005.1527630

  95. Chin SC, Ray A, Rajagopalan V (2005) Symbolic time series analysis for anomaly detection: a comparative evaluation, pp 1859–1868. https://doi.org/10.1016/j.sigpro.2005.03.014

  96. Zang J, Zulkernine M (2006) Anomaly based network intrusion detection with unsupervised outlier detection. In: IEEE international conference on commutations, pp 2388–2393. https://doi.org/10.1109/ICC.2006.255127

  97. Ma L, Crawford MM, Tian J (2011) Anomaly detection for hyperspectral images based on robust locally linear embedding, vol 31, issue 6, pp 753–762. https://doi.org/10.1007/s10762-010-9630-3

  98. Fiore U, Palmeiri F, Castiglione A, Santis AD (2013) Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122: 13–23. https://doi.org/10.1016/j.neucom.2012.11.050

  99. Quatrini E, Constantino F, Gravio GD, Patriarca R (2020) Machine learning for anomaly detection and process phase classification to improve safety and maintenance activities. J Manuf Syst 56: 117–132. https://doi.org/10.1016/j.jmsy.2020.05.013

  100. Wressneger C, Schwenk G, Arp D, Riek K (2013) A close look on n-grams in intrusion detection: anomaly detection vs classification. In: ACM workshopn on AI and security (AIsec), pp 67–76. https://doi.org/10.1145//2517312.2517316

  101. Damopoulos D, Kambourakis G (2014) The best of both worlds: a framework for synergistic operation of host and cloud anomaly-based IDS for smartphones. In: Conference Eurosec, pp 1–6. https://doi.org/10.1145/2592791.2592797

  102. Bosman HHWJ, Iacca G, Tejada A, Wortje HJ, Liotta A (2017) Spatial anomaly detection in sensor networks using neighbourhood information, vol 33, pp 41–56. https://doi.org/10.1016/j.inffus.1016.04.007

  103. Amer M, Goldstein M, Abadennadher S (2013) Enhancing one class support vector machine for unsupervised anomaly detection. In: Proceedings of ACM SIGKDD, pp 8–15. https://doi.org/10.1145/2500853.2500857

  104. Chikrbene Z, Eltanbouly S, Bashendy M, Alnaimi N, Erbad A (2020) Hybrid machine learning for network intrusion anomaly detection. In: IEEE international conference on informatics, IOT, and enabling technology (ICIoT), pp 163–170. https://doi.org/10.1109/ICIoT48696.2020.9089575

  105. Jabez J, Gowri S, Mayan JA, Vigneshwari S, Srinivasulu S (2019) Anomaly detection by using CFS subset and neural networks using WEKA tools. In: Info and communication technology for intelligent systems, vol 106, pp 675–682. https://doi.org/10.1007/978-981-13-1742-2

  106. Demertzis K, Liadis L (2014) A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network. In: Communications in computer and info science, vol 441, pp 11–23. https://doi.org/10.1007/978-3-319-11710-2

  107. Yairi T, Kawahara Y, Sato Y, Fujimaki R, Achinda KM (2006) Telemetry mining: a machine learning approach to anomaly detection and fault diagnosis for space systems. In: 2nd IEEE international conference on space mission challenges for IT, pp 446–473. https://doi.org/10.1109/SMC-IT.2006.79

  108. Adler A, Cleveland J, Atigetchi M, Mayhew MJ, Greenstadt R (2013) Using machine learning for behaviour based access control: scalable anomaly detection on TCP connections and HTTP Requests. IEE MILCOM, pp 1880–1887

    Google Scholar 

  109. Cabrera JBD, Guiterrez C, Mehra RK (2008) Ensemble methods for anomaly detection and distributed intrusion detection in mobile Ad-Hoc networks, pp 96–119. https://doi.org/10.1016/j.inffus.2007.03.001

  110. Xu X (2009) Sequential anomaly detection based on temporal difference learning: principals, models and case studies. In: Applied soft computing, vol 10, issue 3, pp 859–867. https://doi.org/10.1016/j.asoc.2009.10.003

  111. Garg S, Kaur K, Kumar N, Rodriques JJPC (2019) Hybrid deep learning based anomaly detection scheme for suspicious flow detection in SDN: a social media perspective. In: IEEE transactions on multimedia, pp 566–578. https://doi.org/10.1109/TMM.2019.2893549

  112. Sakurada M, Yairi T (2014) Anomaly detection using autoencoders with non-linearity dimension reduction. In: Proceedings MLSDA, pp 4–11. https://doi.org/10.1145/2689746.2689747

  113. Pascoal C, Oliveira MRD, Valadas R, Filzmoser P, Salvador P, Pacheco A (2012) Robust feature selection and robust PCA for internet traffic anomaly detection. In: 2012 proceedings INFOCOM, pp 1755–1763. https://doi.org/10.1109/INFCOM.2012.6195548

  114. Chiang A, David E, Lee Y-J, Leshem G, Yeh Y-R (2017) A study on anomaly detection ensembles. J Appl Logic 21: 1–13. https://doi.org/10.1016/j.jal.2016.12.002

  115. Lu D, Zhao Y, Xu H, Sun Y, Pei D, Luo J, Jeng X, Feng M (2015) Opprentice: towards practical and automatic anomaly detection through machine learning. In: Internet measurement conference (IMC), pp 211–244. https://doi.org/10.1145/2815675.2815679

  116. Pandeeshwari G, Kumar G (2015) Anomaly detection system in cloud environment using fuzzy clustering-based ANN. Mobile Netw Appl 494–595. https://doi.org/10.1007/s11036-015-0644-x

  117. Guan Q, Fu S (2013) Adaptive anomaly identification by exploring metric subspace in cloud computing infrastructures. In: IEEE 32nd symposium on reliable distributed system, pp 205–214. https://doi.org/10.1109/SRDS.2013.29

  118. Deckee L, Vandermeuelen R, Ruff L, Mandt S, Kloft M (2019) Image anomaly detection with generative adversarial networks. In: Joint European conference on ML and KDD, pp 3–17. https://doi.org/10.1007/978-3-030-10925-7_1

  119. Dawoud A, Shahristani S, Raun C (2018) Deep learning for network anomaly detection. In: International conference on ML and data engineering, (iCMLDE), pp 117–120. https://doi.org/10.1109/iCMLDE.2018.0035

  120. Kuang L, Zulkernine M (2008) An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings ACM symposium on applied computing, pp 921–926. https://doi.org/10.1145/1363686.1363897

  121. Lundstrom J, Morais WQD, Cooney M (2015) A holistic smart home demonstrator for anomaly detection and response. In: International conference on pervasive computing and communicating workshop, pp 330–335. https://doi.org/10.1009/PERCOMW.2015.7134058

  122. Han SJ, Cho SB (2006) Evolutionary neural networks for anomaly detection based on behaviour of a program. In: IEEE systems, man and cybernetics society, pp 559–579. https://doi.org/10.1109/TSMCB.2005.860136

  123. Sueitani H, Ideita AM, Morimoto J (2011) Non-linear structure of escape times to falls a passive dynamic walker on irregular slope: anomaly detection using multiclass support vector machine and state extraction by canonical correlation analysis (CCA). In: IEEE/RSJ international conference on intelligence robots and systems, pp 2715–2722. https://doi.org/10.1109/IROS.2011.6094853

  124. Zhang XQ, Gu C-H (2007) CH-SVM based network anomaly detection. In: International conference on ML and cybernetics (ICMLC), vol 6, pp 3261–3266. https://doi.org/10.1109/ICMLC.2007.4370710

  125. Palmeiri F, Fiore U (2010) Network anomaly detection through nonlinear analysis. In: Computers and security, vol 29, issue 7, pp 737–755. https://doi.org/10.1016/j.cose.2010.05.002

  126. Cui B, He S (2016) Anomaly detection based on Hadoop platform and weka interface. In: 10th international conference on innovative mob and internet services in ubiquitous computing, pp 84–89. https://doi.org/10.1109/IMIS.2016.50

  127. Yan G (2016) Network anomaly traffic detection method based on Support vector Machine. In: International conference on smart city and system engineering (ICSCSE). https://doi.org/10.1109/ICSCSE.2016.0011

  128. Bhatia R, Benno S, Esteban J, Lakshman TV, Grogan J (2019) Unsupervised machine learning for network centric anomaly detection in IoT. In: 3rd ACM CoNEXT workshop on ML, AI and DCN, pp 42–48. https://doi.org/10.1145/3359992.3366641

  129. Provotar OI, Linder YM, Veres MM (2019) Unsupervised anomaly detection in time series using LSTM based. In: IEEE international conference on advanced trends in info theory (ATIT), pp 513–517. https://doi.org/10.1109/ATIT49449.2019.9030505

  130. Pachauri G, Sharma S (2015) Anomaly detection in medical wireless sensor networks using machine learning algorithms. Proc Comput Sci 70: 325–333. https://doi.org/10.1016/procs.2015.10.026

  131. Vanerio J, Casa P (2017) Ensemble learning approaches for network security and anomaly detection. In: Proceedings on bigdata analysis and ML for data communications, pp 1–6. https://doi.org/10.1145/3098593.3098594

  132. Kulkarni A, Pino Y, French M, Mohensin T (2016) Real time anomaly detection framework for many core router through machine learning techniques. ACM J Emerging Tech Comput Syst 13910: 1–22. https://doi.org/10.1145/2827699

  133. Ippoliti D, Zhou X (2012) A-GHSOM: an adaptive growing hierarchal self-organising map for network anomaly detection. In: International conference on computer communications and networks, vol 72, issue 12, pp 1576–1590. https://doi.org/10.1016/j.jpdc.2012.09.004

  134. Zhou Y, Yan S, Huang TS (2007) Detecting anomaly in videos from trajectory similarity analysis0 IEEE international conference on multimedia and expo. https://doi.org/10.1109/ICME.2007.4284843

  135. Perdisci R, Ariu D, Foglu P, Giacinto G, Lee W (2009) McPAD: a multi classifier system for accurate payload-based anomaly detection. In: Computer networks, vol 53, issue no 6, pp 864–881

    Google Scholar 

  136. Zhou S, Yang CD (2006) Using immune algorithm to optimize anomaly detection based on SVM. In: Proceedings international conference machine learning cybernetics, pp 4257–4261. https://doi.org/10.1109/ICMLC.2006.259008

  137. Calderera S, Heineman U, Prati A, Cucchiara R, Tishby N (2011) Detecting anomalies in peoples trajectories using spectral graph analysis, pp 1099–1111. https://doi.org/10.1016/j.cviu.2011.03.003

  138. Stibor T, Mohr P, Timmis J, Eckert C (2005) Is negative selection appropriate for anomaly detection?. In: 7th annual conference on genetic and evolutionary computation, pp 321–328. https://doi.org/10.1145/1068009.1068061

  139. Ahmed T, Coates M, Lakhina A (2007) Multivariate online anomaly detection using kernel recursive least square. In: 26th international conference computer communications (INFOCOM), pp 625–633. https://doi.org/10.1109/INFCOM.2007.79

  140. Tian X, Gao L-Z, Sun C-L, Duan M-Y, Zhang E-Y (2006) A method for anomaly detection of user behaviours based on machine learning, vol 13, issue 2, pp 61–78. https://doi.org/10.1016/S1005-8885(07)60105-8

  141. Kumari R, Sheetanshu, Sing MK, Jha R, Sing NK (2016) Anomaly detection in network traffic using k-means clustering. In: 3rd international conference on recent advancement in IT (RAIT), pp 387–393. https://doi.org/10.1109/RAIT.2016.7507933

  142. Oliva IP, Uroz IC, Ros PB, Dimitropolous X, Pareta JS (2012) Practical anomaly detection based on classifying frequent traffic patterns. In: Proceedings IEEE Infocom workshops, pp 49–54. https://doi.org/10.1109/INFCOMW.2012.6193518

  143. Ahmad S, Lavin A, Purdy S, Agha Z (2017) Unsupervised real time anomaly detection for streaming data. Neurocomputing 262: 134–147. https://doi.org/10.1016//j.neucom.2017.04.070

  144. Thing VLL (2017) IEEE 802.11 Network anomaly detection and attack classification: a deep learning approach. In: IEEE wireless communications and networking conference (WCNC), pp 1–6. https://doi.org/10.1109/WCNC.2017.7925567

  145. Pajouh HH, Dastaghaibyfard G, Hashemi S (2015) Two tier network anomaly detection model: a machine learning approach. J Intel Info Syst 28: 61–74. https://doi.org/10.1007/s10844-015-0388-x

  146. Thaseen S, Kumar CA (2013) An analysis of supervised tree-based classifiers for intrusion detection system. In: Proceedings international conference pattern recognition info mob engineering, (PRIME), pp 294–299. https://doi.org/10.1109/ICPRIME.2013.6496489

  147. Goh J, Adepu S, Tan M, Lee ZS (2017) Anomaly detection in cyber physical systems using recurrent neural networks. In: IEEE 18th international symposium on high assurance system engineering (HASE), pp 140–145. https://doi.org/10.1109/HASE.2017.36

  148. Barua A, Muthurayan D, Khargonekar PP, Al Farque MA (2020) Hierarchal temporal memory-based machine learning for realtime, unsupervised anomaly detection in smart grid, WIP abstract. In: 11th international conference on cyber physical systems (ICCPS) proceedings ACM/IEEE, pp 188–189. https://doi.org/10.1109/ICCPS48487.2020.00027

  149. Rayana S, Akoglu L (2016) Less is more building selective anomaly ensembles. In: Proceedings of SIAM international conference on data mining (SDM). https://doi.org/10.1137/1.9781611974010.70

  150. Schmidt AD, Peters F, Lamour F, Albayrak S (2008) Monitoring smart phones for anomaly detection . In: Mobile network applns, pp 92–106. https://doi.org/10.1007/s11036-008-0113-x

  151. Salman T, Bhamare D, Erbad E, Jain R, Samaka M (2017) Machine learning for anomaly detection and categorization in multi-class environments. In: IEEE 4th international conference on cyber security and cloud computing, pp 97–103. https://doi.org/10.1109/CScloud.2017.15

  152. Laxhammar L, Falkman G (2013) Online learning and sequential anomaly detection in Trajectories. IEEE Trans Pattern Anal ML 36(6): 1158–1173. https://doi.org/10.1109/TPAMI.2013.172

  153. Winding R, Wright T, Chapple M (2006) System anomaly detection: mining firewall logs. In: Secure communications and workshops, pp 1–5. https://doi.org/10.1109/SECCOMW.2006.359572

  154. Muniyandi AP, Rajeshwari R, Rajaram R (2012) Network anomaly detection by cascading k-means clustering and C4.5 decision tree algorithm. In: Procedia engineering, vol 30, pp 174–182. https://doi.org/10.1016/j.proeng.2012.01.849

  155. Stakhanova N, Basu S, Wrong J (2010) On the symbiosis of specification based and anomaly-based detection. In: Computers and security, vol 29, issue 2, pp 253–268. https://doi.org/10.1016/j.cose.2009.08.007

  156. Ashok Kumar D, Venugopalan SR (2017) A Novel algorithm for network anomaly detection using adaptive machine learning. In: Progress in advanced computing and intelligence engineering, vol 564, pp 59–69. https://doi.org/10.1007/-978-981-106875-1_7

  157. Iglesias F, Zseby T (2014) Analysis of network traffic features for anomaly detection, ML, vol 21, issue 3, pp 59–84. https://doi.org/10.1007/s10994.-014-5473-9

  158. Shah B, Trivedi B (2015) Reducing features of KDD cup 1999 dataset for anomaly detection using back propagation neural network. In: 5th international conference on advanced computing and communication technologies, pp 247–251. https://doi.org/10.1109/ACCT.2015.13

  159. Limthong K, Thawsook T (2012) Network traffic anomaly detection using machine learning approaches. In: IEEE n/w operations and management symposium, pp 542–545. https://doi.org/10.1109/NOMS.2012.6211951

  160. P Angelov, “Anomaly detection based on eccentricity analysis”, IEEE Symp on Evolving and Autonomous Learning Sys, doi: https://doi.org/10.1109/EALS.2014.7009497,(2014)

  161. Doelitzscher F, Kanhl M, Reich C, Clarke N (2013) Anomaly detection in Iaas Clouds. In: IEEE 5th international conference on cloud computing tech and science, pp 387–394. https://doi.org/10.1109/CloudCom.2013.57

  162. Kang D, Fuller D, Honavar V (2005) Learning classifiers for misuse and anomaly detection using bag of system calls representation , pp 511–516

    Google Scholar 

  163. Goldberg H, Kwon H, Nasrabadi NM (2007) Kernel eigenspace separation transform for subspace anomaly detection in hyperspectral imagery. IEEE Geosci Remote Sens Lett 4(4): 581–585. https://doi.org/10.1109/LGRS.2007.903803

  164. Schlegl T, Seebok P, Waldstein SM, Erfurth US, Langs G (2017) Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. In: International conference on info processing in medical imaging, vol 10265, issue 2. https://doi.org/10.1007/978-3-319-59050-9_12

  165. Chand N, Mishra P, Ramakrishna C, Pilli ES, Govil MC (2016) A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection. In: International conference on advance in computing, communications and automation, pp 1–6. https://doi.org/10.1109/ICACCA.2016.7578859

  166. Aygun RC, Yavuz AG (2017) Network anomaly detection with stochastically improved autoencoder based models. In: IEEE 4th international conference on cyber sec and cloud computing (CSCloud), pp 193–198. https://doi.org/10.1109/CSCloud.2017.39

  167. Fujimaki R, Yairi T, Machida Z (2005) An anomaly detection method for spacecraft using relevance vector learning. In: Proceedings Pacific Asia conference KDD, Lecture notes in AI and Bioinformatics, vol 3518, pp 785–790. https://doi.org/10.1007/11430919_92

  168. Ting KM, Washio T, Wells JR, Aryal S (2016) Defying the gravity of learning curve: a characteristic of nearest neighbour anomaly detectors, ML, vol 106, issue 9, pp 55–91. https://doi.org/10.1007/s10994-016-5584-4

  169. Frery J, Habrard A, Sebban M, Caelen O, Guelton LH (2017) Efficient top rank optimization with gradient boosting for supervised anomaly detection. In: European conference on ML KDD (ECML/PKDD), vol 10534, pp 20–35. https://doi.org/10.1007/978-3-319-71249-9_2

  170. Perdisci R, Gu G, Lee W (2006) Using an ensemble of one class SVM classifiers to harden payload-based anomaly detection systems. In: 6th international conference in data mining (ICDM), pp 488–498. https://doi.org/10.1109/ICDM.2006.165

  171. Araya DB, Grolinger K, Elyamany HF, Capretz MAM, Bitsuamalak GT (2017) An ensemble learning framework for anomaly detection in building energy consumption. Energy Build 144: 191–206. https://doi.org/10.1016/j.enbuild.2017.02.058

Download references

Author information

Authors and Affiliations

  1. VTU, Belgaum, CMR Institute of Technology, Bangalore, India

    S. Jayabharathi

  2. Department of Computer Science, CMR Institute Of Technology, Bangalore, India

    V. Ilango

Authors
  1. S. Jayabharathi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. Ilango
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Jayabharathi .

Editor information

Editors and Affiliations

  1. Electronics and Communication Sciences Unit, Indian Statistical Institute, Kolkata, India

    Swagatam Das

  2. Birla Institute of Technology and Science, Goa, India

    Snehanshu Saha

  3. Department of Computer Science, Center for Research and Advanced Studies of the National Polytechnic Institute, Mexico City, Mexico

    Carlos A. Coello Coello

  4. Department of Mathematics, South Asian University, New Delhi, India

    Jagdish Chand Bansal

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jayabharathi, S., Ilango, V. (2023). Anomaly Detection Using Machine Learning Techniques: A Systematic Review. In: Das, S., Saha, S., Coello Coello, C.A., Bansal, J.C. (eds) Advances in Data-Driven Computing and Intelligent Systems. ADCIS 2022. Lecture Notes in Networks and Systems, vol 698. Springer, Singapore. https://doi.org/10.1007/978-981-99-3250-4_42

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-3250-4_42

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-3249-8

  • Online ISBN: 978-981-99-3250-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation