research-article

Anomaly detection: A survey

Authors:
Varun Chandola

University of Minnesota, Minneapolis, MN

University of Minnesota, Minneapolis, MN
View Profile

,
Arindam Banerjee

University of Minnesota, Minneapolis, MN

University of Minnesota, Minneapolis, MN
View Profile

,
Vipin Kumar

University of Minnesota, Minneapolis, MN

University of Minnesota, Minneapolis, MN
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 41 Issue 3Article No.: 15pp 1–58https://doi.org/10.1145/1541880.1541882

Published:30 July 2009Publication History

ACM Computing Surveys

Abstract

Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Many anomaly detection techniques have been specifically developed for certain application domains, while others are more generic. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. We have grouped existing techniques into different categories based on the underlying approach adopted by each technique. For each category we have identified key assumptions, which are used by the techniques to differentiate between normal and anomalous behavior. When applying a given technique to a particular domain, these assumptions can be used as guidelines to assess the effectiveness of the technique in that domain. For each category, we provide a basic anomaly detection technique, and then show how the different existing techniques in that category are variants of the basic technique. This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this survey will provide a better understanding of the different directions in which research has been done on this topic, and how techniques developed in one area can be applied in domains for which they were not intended to begin with.

References

Abe, N., Zadrozny, B., and Langford, J. 2006. Outlier detection by active learning. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, New York, 504--509. Google ScholarDigital Library
Abraham, B. and Box, G. E. P. 1979. Bayesian analysis of some outlier problems in time series. Biometrika 66, 2, 229--236.Google ScholarCross Ref
Abraham, B. and Chuang, A. 1989. Outlier detection and time series modeling. Technometrics 31, 2, 241--248. Google ScholarDigital Library
Addison, J., Wermter, S., and MacIntyre, J. 1999. Effectiveness of feature extraction in neural network architectures for novelty detection. In Proceedings of the 9th International Conference on Artificial Neural Networks. vol. 2. 976--981.Google ScholarCross Ref
Aeyels, D. 1991. On the dynamic behaviour of the novelty detector and the novelty filter. In Analysis of Controlled Dynamical Systems: Progress in Systems and Control Theory, B. Bonnard, B. Bride, J. Gauthier, and I. Kupka, Eds. vol. 8. Springer, Berlin, 1--10.Google Scholar
Agarwal, D. 2005. An empirical Bayes approach to detect anomalies in dynamic multidimensional arrays. In Proceedings of the 5th IEEE International Conference on Data Mining. IEEE Computer Society, 26--33. Google ScholarDigital Library
Agarwal, D. 2006. Detecting anomalies in cross-classified streams: A Bayesian approach. Knowl. Inform. Syst. 11, 1, 29--44. Google ScholarDigital Library
Aggarwal, C. 2005. On abnormality detection in spuriously populated data streams. In Proceedings of the 5th SIAM Data Min. Conference. 80--91.Google ScholarCross Ref
Aggarwal, C. and Yu, P. 2001. Outlier detection for high dimensional data. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM Press, 37--46. Google ScholarDigital Library
Aggarwal, C. C. and Yu, P. S. 2008. Outlier detection with uncertain data. In Proceedings of the International Conference on Data Mining (SDM). 483--493.Google Scholar
Agovic, A., Banerjee, A., Ganguly, A. R., and Protopopescu, V. 2007. Anomaly detection in transportation corridors using manifold embedding. In Proceedings of the 1st International Workshop on Knowledge Discovery from Sensor Data. ACM Press.Google Scholar
Agrawal, R. and Srikant, R. 1995. Mining sequential patterns. In Proceedings of the 11th International Conference on Data Engineering. IEEE Computer Society, 3--14. Google ScholarDigital Library
Agyemang, M., Barker, K., and Alhajj, R. 2006. A comprehensive survey of numeric and symbolic outlier mining techniques. Intel. Data Anal. 10, 6, 521--538. Google ScholarDigital Library
Albrecht, S., Busch, J., Kloppenburg, M., Metze, F., and Tavan, P. 2000. Generalized radial basis function networks for classification and novelty detection: Self-organization of optional Bayesian decision. Neural Netw. 13, 10, 1075--1093. Google ScholarDigital Library
Aleskerov, E., Freisleben, B., and Rao, B. 1997. Cardwatch: A neural network based database mining system for credit card fraud detection. In Proceedings of the IEEE Conference on Computational Intelligence for Financial Engineering. 220--226.Google Scholar
Allan, J., Carbonell, J., Doddington, G., Yamron, J., and Yang, Y. 1998. Topic detection and tracking pilot study. In Proceedings of the DARPA Broadcast News Transcription and Understanding Workshop. 194--218.Google Scholar
Anderson, D. Lunt, T. F., Javitz, H., Tamaru, A., and Valdes, A. 1995. Detecting unusual program behavior using the statistical components of NIDES. Tech. rep. SRI--CSL--95--06, Computer Science Laboratory, SRI International.Google Scholar
Anderson, D., Frivold, T., Tamaru, A., and Valdes, A. 1994. Next-generation intrusion detection expert system (NIDES), software users manual, beta-update release. Tech. rep. SRI--CSL--95--07, Computer Science Laboratory, SRI International.Google Scholar
Ando, S. 2007. Clustering needles in a haystack: An information theoretic analysis of minority and outlier detection. In Proceedings of the 7th International Conference on Data Mining. 13--22. Google ScholarDigital Library
Angiulli, F. and Pizzuti, C. 2002. Fast outlier detection in high dimensional spaces. In Proceedings of the 6th European Conference on Principles of Data Mining and Knowledge Discovery. Springer-Verlag, 15--26. Google ScholarDigital Library
Anscombe, F. J. and Guttman, I. 1960. Rejection of outliers. Technometrics 2, 2, 123--147.Google ScholarCross Ref
Arning, A., Agrawal, R., and Raghavan, P. 1996. A linear method for deviation detection in large databases. In Proceedings of the 2nd International Conference of Knowledge Discovery and Data Mining. 164--169.Google Scholar
Augusteijn, M. and Folkert, B. 2002. Neural network classification and novelty detection. Int. J. Rem. Sens. 23, 14, 2891--2902.Google ScholarCross Ref
Bakar, Z., Mohemad, R., Ahmad, A., and Deris, M. 2006. A comparative study for outlier detection techniques in data mining. Proceedings of the IEEE Conference on Cybernetics and Intelligent Systems. 1--6.Google Scholar
Baker, D., Hofmann, T., McCallum, A., and Yang, Y. 1999. A hierarchical probabilistic model for novelty detection in text. In Proceedings of the International Conference on Machine Learning.Google Scholar
Barbara, D., Couto, J., Jajodia, S., and Wu, N. 2001a. Adam: A testbed for exploring the use of data mining in intrusion detection. SIGMOD Rec. 30, 4, 15--24. Google ScholarDigital Library
Barbara, D., Couto, J., Jajodia, S., and Wu, N. 2001b. Detecting novel network intrusions using Bayes estimators. In Proceedings of the 1st SIAM International Conference on Data Mining.Google Scholar
Barbara, D., Li, Y., Couto, J., Lin, J.-L., and Jajodia, S. 2003. Bootstrapping a data mining intrusion detection system. In Proceedings of the ACM Symposium on Applied Computing. ACM Press, 421--425. Google ScholarDigital Library
Barnett, V. 1976. The ordering of multivariate data (with discussion). J. Royal Statis. Soc. Series A 139, 318--354.Google ScholarCross Ref
Barnett, V. and Lewis, T. 1994. Outliers in Statistical Data. John Wiley.Google Scholar
Barson, P., Davey, N., Field, S. D. H., Frank, R. J., and McAskie, G. 1996. The detection of fraud in mobile phone networks. Neural Netw. World 6, 4.Google Scholar
Basu, S., Bilenko, M., and Mooney, R. J. 2004. A probabilistic framework for semi-supervised clustering. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 59--68. Google ScholarDigital Library
Basu, S. and Meckesheimer, M. 2007. Automatic outlier detection for time series: an application to sensor data. Know. Inform. Syst. 11, 2, 137--154. Google ScholarDigital Library
Bay, S. D. and Schwabacher, M. 2003. Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 29--38. Google ScholarDigital Library
Beckman, R. J. and Cook, R. D. 1983. Outlier...s. Technometrics 25, 2, 119--149.Google Scholar
Bejerano, G. and Yona, G. 2001. Variations on probabilistic suffix trees: statistical modeling and prediction of protein families. Bioinformatics 17, 1, 23--43.Google ScholarCross Ref
Bentley, J. L. 1975. Multi-dimensional binary search trees used for associative searching. Comm. ACM 18, 9, 509--517. Google ScholarDigital Library
Bianco, A. M., Ben, M. G., Martinez, E. J., and Yohai, V. J. 2001. Outlier detection in regression models with arima errors using robust estimates. J. Forecast. 20, 8, 565--579.Google ScholarCross Ref
Bishop, C. 1994. Novelty detection and neural network validation. In Proceedings of the IEEE Conference on Vision, Image and Signal Processing. vol. 141. 217--222.Google ScholarCross Ref
Blender, R., Fraedrich, K., and Lunkeit, F. 1997. Identification of cyclone-track regimes in the north atlantic. Quart. J. Royal Meteor. Soc. 123, 539, 727--741.Google ScholarCross Ref
Bolton, R. and Hand, D. 1999. Unsupervised profiling methods for fraud detection. In Proceedings of the Conference on Credit Scoring and Credit Control VII.Google Scholar
Boriah, S., Chandola, V., and Kumar, V. 2008. Similarity measures for categorical data: A comparative evaluation. In Proceedings of the 8th SIAM International Conference on Data Mining. 243--254.Google Scholar
Borisyuk, R., Denham, M., Hoppensteadt, F., Kazanovich, Y., and Vinogradova, O. 2000. An oscillatory neural network model of sparse distributed memory and novelty detection. Biosystems 58, 265--272.Google ScholarCross Ref
Box, G. E. P. and Tiao, G. C. 1968. Bayesian analysis of some outlier problems. Biometrika 55, 1, 119--129.Google ScholarCross Ref
Branch, J., Szymanski, B., Giannella, C., Wolff, R., and Kargupta, H. 2006. In-network outlier detection in wireless sensor networks. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems. Google ScholarDigital Library
Brause, R., Langsdorf, T., and Hepp, M. 1999. Neural data mining for credit card fraud detection. In Proceedings of the IEEE International Conference on Tools with Artificial Intelligence. 103--106. Google ScholarDigital Library
Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J. 1999. Optics-of: Identifying local outliers. In Proceedings of the 3rd European Conference on Principles of Data Mining and Knowledge Discovery. Springer-Verlag, 262--270. Google ScholarDigital Library
Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J. 2000. LOF: Identifying density-based local outliers. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM Press, 93--104. Google ScholarDigital Library
Brito, M. R., Chavez, E. L., Quiroz, A. J., and Yukich, J. E. 1997. Connectivity of the mutual k-nearest-neighbor graph in clustering and outlier detection. Statis. Prob. Lett. 35, 1, 33--42.Google ScholarCross Ref
Brockett, P. L., Xia, X., and Derrig, R. A. 1998. Using Kohonen's self-organizing feature map to uncover automobile bodily injury claims fraud. J. Risk Insur. 65, 2, 245--274.Google ScholarCross Ref
Bronstein, A., Das, J., Duro, M., Friedrich, R., Kleyner, G., Mueller, M., Singhal, S., and Cohen, I. 2001. Bayesian networks for detecting anomalies in Internet-based services. In Proceedings of the International Symposium on Integrated Network Management.Google Scholar
Brotherton, T. and Johnson, T. 2001. Anomaly detection for advanced military aircraft using neural networks. In Proceedings of the IEEE Aerospace Conference.Google Scholar
Brotherton, T., Johnson, T., and Chadderdon, G. 1998. Classification and novelty detection using linear models and a class dependent-elliptical basis function neural network. In Proceedings of the IJCNN Conference.Google Scholar
Budalakoti, S., Srivastava, A., Akella, R., and Turkov, E. 2006. Anomaly detection in large sets of high-dimensional symbol sequences. Tech. rep. NASA TM-2006-214553, NASA Ames Research Center.Google Scholar
Byers, S. D. and Raftery, A. E. 1998. Nearest neighbor clutter removal for estimating features in spatial point processes. J. Amer. Statis. Assoc. 93, 577--584.Google ScholarCross Ref
Byungho, H. and Sungzoon, C. 1999. Characteristics of autoassociative MLP as a novelty detector. In Proceedings of the IEEE International Joint Conference on Neural Networks. Vol. 5. 3086--3091.Google Scholar
Cabrera, J. B. D., Lewis, L., and Mehra, R. K. 2001. Detection and classification of intrusions and faults using sequences of system calls. SIGMOD Rec. 30, 4, 25--34. Google ScholarDigital Library
Campbell, C. and Bennett, K. 2001. A linear programming approach to novelty detection. In Proceedings of the Conference on Advances in Neural Information Processing. vol. 14. Cambridge Press.Google Scholar
Caudell, T. and Newman, D. 1993. An adaptive resonance architecture to define normality and detect novelties in time series and databases. In Proceedings of the IEEE World Congress on Neural Networks. IEEE, 166--176.Google Scholar
Chakrabarti, S., Sarawagi, S., and Dom, B. 1998. Mining surprising patterns using temporal description length. In Proceedings of the 24rd International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., 606--617. Google ScholarDigital Library
Chandola, V., Banerjee, A., and Kumar, V. 2007. Anomaly detection: A survey. Tech. rep. 07-017, Computer Science Department, University of Minnesota.Google Scholar
Chandola, V., Boriah, S., and Kumar, V. 2008. Understanding categorical similarity measures for outlier detection. Tech. rep. 08-008, University of Minnesota.Google Scholar
Chandola, V., Eilertson, E., Ertoz, L., Simon, G., and Kumar, V. 2006. Data mining for cyber security. In Data Warehousing and Data Mining Techniques for Computer Security, A. Singhal, Ed. Springer.Google Scholar
Chatzigiannakis, V., Papavassiliou, S., Grammatikou, M., and Maglaris, B. 2006. Hierarchical anomaly detection in distributed large-scale sensor networks. In Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC). IEEE Computer Society, 761--767. Google ScholarDigital Library
Chaudhary, A., Szalay, A. S., and Moore, A. W. 2002. Very fast outlier detection in large multidimensional data sets. In Proceedings of the ACM SIGMOD Workshop in Research Issues in Data Mining and Knowledge Discovery (DMKD). ACM Press.Google Scholar
Chawla, N. V., Japkowicz, N., and Kotcz, A. 2004. Editorial: special issue on learning from imbalanced data sets. SIGKDD Explor. 6, 1, 1--6. Google ScholarDigital Library
Chen, D., Shao, X., Hu, B., and Su, Q. 2005. Simultaneous wavelength selection and outlier detection in multivariate regression of near-infrared spectra. Anal. Sci. 21, 2, 161--167.Google ScholarCross Ref
Chiu, A. and Chee Fu, A. W. 2003. Enhancements on local outlier detection. In Proceedings of the 7th International Database Engineering and Applications Symposium. 298--307.Google Scholar
Chow, C. and Yeung, D.-Y. 2002. Parzen-window network intrusion detectors. In Proceedings of the 16th International Conference on Pattern Recognition. vol. 4. IEEE Computer Society, 40385. Google ScholarDigital Library
Cox, K. C., Eick, S. G., Wills, G. J., and Brachman, R. J. 1997. Visual data mining: Recognizing telephone calling fraud. J. Data Min. Knowl. Disc. 1, 2, 225--231. Google ScholarDigital Library
Crook, P. and Hayes, G. 2001. A robot implementation of a biologically inspired method for novelty detection. In Proceedings of the Towards Intelligent Mobile Robots Conference.Google Scholar
Crook, P. A., Marsland, S., Hayes, G., and Nehmzow, U. 2002. A tale of two filters: Online novelty detection. In Proceedings of the International Conference on Robotics and Automation. 3894--3899.Google Scholar
Cun, Y. L., Boser, B., Denker, J. S., Howard, R. E., Hubbard, W., Jackel, L. D., and Henderson, D. 1990. Handwritten digit recognition with a back-propagation network. In Advances in Neural Information Processing Systems. 396--404. Morgan Koufamann. Google ScholarDigital Library
Das, K. and Schneider, J. 2007. Detecting anomalous records in categorical datasets. In Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press. Google ScholarDigital Library
Dasgupta, D. and Majumdar, N. 2002. Anomaly detection in multidimensional data using negative selection algorithm. In Proceedings of the IEEE Conference on Evolutionary Computation. 1039--1044. Google ScholarDigital Library
Dasgupta, D. and Nino, F. 2000. A comparison of negative and positive selection algorithms in novel pattern detection. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics. vol. 1. 125--130.Google Scholar
Davy, M. and Godsill, S. 2002. Detection of abrupt spectral changes using support vector machines, an application to audio signal segmentation. In Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing.Google Scholar
Debar, H., Dacier, M., Nassehi, M., and Wespi, A. 1998. Fixed vs. variable-length patterns for detecting suspicious process behavior. In Proceedings of the 5th European Symposium on Research in Computer Security. Springer-Verlag, 1--15. Google ScholarDigital Library
Denning, D. E. 1987. An intrusion detection model. IEEE Trans. Softw. Eng. 13, 2, 222--232. Google ScholarDigital Library
Desforges, M., Jacob, P., and Cooper, J. 1998. Applications of probability density estimation to the detection of abnormal conditions in engineering. In Proceedings of the Institute of the Mechanical Engineers. vol. 212. 687--703.Google Scholar
Diaz, I. and Hollmen, J. 2002. Residual generation and visualization for understanding novel process conditions. In Proceedings of the IEEE International Joint Conference on Neural Networks. IEEE, 2070--2075.Google Scholar
Diehl, C. and Hampshire, J. 2002. Real-time object classification and novelty detection for collaborative video surveillance. In Proceedings of the IEEE International Joint Conference on Neural Networks. IEEE.Google Scholar
Donoho, S. 2004. Early detection of insider trading in option markets. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 420--429. Google ScholarDigital Library
Dorronsoro, J. R., Ginel, F., Sanchez, C., and Cruz, C. S. 1997. Neural fraud detection in credit card operations. IEEE Trans. Neural Netw. 8, 4, 827--834. Google ScholarDigital Library
Du, W., Fang, L., and Peng, N. 2006. Lad: Localization anomaly detection for wireless sensor networks. J. Paral. Distrib. Comput. 66, 7, 874--886. Google ScholarDigital Library
Duda, R. O., Hart, P. E., and Stork, D. G. 2000. Pattern Classification 2nd Ed. Wiley-Interscience. Google ScholarDigital Library
Dutta, H., Giannella, C., Borne, K., and Kargupta, H. 2007. Distributed top-k outlier detection in astronomy catalogs using the DEMAC system. In Proceedings of the 7th SIAM International Conference on Data Mining.Google Scholar
Edgeworth, F. Y. 1887. On discordant observations. Philosoph. Mag. 23, 5, 364--375.Google ScholarCross Ref
Emamian, V., Kaveh, M., and Tewfik, A. 2000. Robust clustering of acoustic emission signals using the Kohonen network. In Proceedings of the IEEE International Conference of Acoustics, Speech and Signal Processing. IEEE Computer Society. Google ScholarDigital Library
Endler, D. 1998. Intrusion detection: Applying machine learning to solaris audit data. In Proceedings of the 14th Annual Computer Security Applications Conference. IEEE Computer Society, 268. Google ScholarDigital Library
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.-N., Kumar, V., Srivastava, J., and Dokas, P. 2004. MINDS&#8212;Minnesota Intrusion Detection System. In Data Mining&#8212;Next Generation Challenges and Future Directions. MIT Press.Google Scholar
Ert&#246;z, L., Steinbach, M., and Kumar, V. 2003. Finding topics in collections of documents: A shared nearest neighbor approach. In Clustering and Information Retrieval. 83--104.Google Scholar
Escalante, H. J. 2005. A comparison of outlier detection algorithms for machine learning. In Proceedings of the International Conference on Communications in Computing.Google Scholar
Eskin, E. 2000. Anomaly detection over noisy data using learned probability distributions. In Proceedings of the 17th International Conference on Machine Learning. Morgan Kaufmann Publishers Inc., 255--262. Google ScholarDigital Library
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., and Stolfo, S. 2002. A geometric framework for unsupervised anomaly detection. In Proceedings of the Conference on Applications of Data Mining in Computer Security. Kluwer Academics, 78--100.Google Scholar
Eskin, E., Lee, W., and Stolfo, S. 2001. Modeling system call for intrusion detection using dynamic window sizes. In Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX).Google Scholar
Ester, M., Kriegel, H.-P., Sander, J., and Xu, X. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, E. Simoudis, J. Han, and U. Fayyad, Eds. AAAI Press, 226--231.Google Scholar
Fan, W., Miller, M., Stolfo, S. J., Lee, W., and Chan, P. K. 2001. Using artificial anomalies to detect unknown and known network intrusions. In Proceedings of the IEEE International Conference on Data Mining. IEEE Computer Society, 123--130. Google ScholarDigital Library
Fawcett, T. and Provost, F. 1999. Activity monitoring: noticing interesting changes in behavior. In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 53--62. Google ScholarDigital Library
Forrest, S., D'haeseleer, P., and Helman, P. 1996a. An immunological approach to change detection: Algorithms, analysis and implications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 110. Google ScholarDigital Library
Forrest, S., Esponda, F., and Helman, P. 2004. A formal framework for positive and negative detection schemes. In IEEE Trans. Syst. Man Cybernetics, Part B. IEEE, 357--373. Google ScholarDigital Library
Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. 1996b. A sense of self for unix processes. In Proceedings of the IEEE ISRSP. 120--128. Google ScholarDigital Library
Forrest, S., Perelson, A. S., Allen, L., and Cherukuri, R. 1994. Self-nonself discrimination in a computer. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 202. Google ScholarDigital Library
Forrest, S., Warrender, C., and Pearlmutter, B. 1999. Detecting intrusions using system calls: Alternate data models. In Proceedings of the IEEE ISRSP. IEEE Computer Society, 133--145.Google Scholar
Fox, A. J. 1972. Outliers in time series. J. Royal Statis. Soc. Series B 34, 3, 350--363.Google ScholarCross Ref
Fujimaki, R., Yairi, T., and Machida, K. 2005. An approach to spacecraft anomaly detection problem using kernel feature space. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining. ACM Press, 401--410. Google ScholarDigital Library
Galeano, P., Pea, D., and Tsay, R. S. 2004. Outlier detection in multivariate time series via projection pursuit. Statistics and econometrics working articles ws044211, Departamento de Estad&#239;stica y Econometr&#239;ca, Universidad Carlos III.Google Scholar
Ghosh, A. K., Schwartzbard, A., and Schatz, M. 1999a. Learning program behavior profiles for intrusion detection. In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring. 51--62. Google ScholarDigital Library
Ghosh, A. K., Schwartzbard, A., and Schatz, M. 1999b. Using program behavior profiles for intrusion detection. In Proceedings of the SANS 3rd Conference and Workshop on Intrusion Detection and Response. Google ScholarDigital Library
Ghosh, A. K., Wanken, J., and Charron, F. 1998. Detecting anomalous and unknown intrusions against programs. In Proceedings of the 14th Annual Computer Security Applications Conference. IEEE Computer Society, 259. Google ScholarDigital Library
Ghosh, S. and Reilly, D. L. 1994. Credit card fraud detection with a neural-network. In Proceedings of the 27th Annual Hawaii International Conference on System Science. vol. 3.Google Scholar
Ghoting, A., Parthasarathy, S., and Otey, M. 2006. Fast mining of distance-based outliers in high dimensional datasets. In Proceedings of the SIAM International Conference on Data Mining.Google Scholar
Gibbons, R. D. 1994. Statistical Methods for Groundwater Monitoring. John Wiley & Sons, Inc.Google Scholar
Goldberger, A. L., Amaral, L. A. N., Glass, L., Hausdorff, J. M., Ivanov, P. C., Mark, R. G., Mietus, J. E., Moody, G. B., Peng, C.-K., and Stanley, H. E. 2000. PhysioBank, PhysioToolkit, and PhysioNet: Components of a new research resource for complex physiologic signals. Circulation 101, 23, e215--e220. Circulation Electronic Pages: http://circ.ahajournals.org/cgi/content/full/101/23/e215.Google ScholarCross Ref
Gonzalez, F. A. and Dasgupta, D. 2003. Anomaly detection using real-valued negative selection. Genetic Program. Evolv. Mach. 4, 4, 383--403. Google ScholarDigital Library
Grubbs, F. 1969. Procedures for detecting outlying observations in samples. Technometrics 11, 1, 1--21.Google ScholarCross Ref
Guha, S., Rastogi, R., and Shim, K. 2000. ROCK: A robust clustering algorithm for categorical attributes. Inform. Syst. 25, 5, 345--366. Google ScholarDigital Library
Gunter, S., Schraudolph, N. N., and Vishwanathan, S. V. N. 2007. Fast iterative kernel principal component analysis. J. Mach. Learn. Res. 8, 1893--1918. Google ScholarDigital Library
Guttormsson, S. E, Marks R. J. II, El-Sharkawi, M. A., and Kerszenbaum, I. 1999. Elliptical novelty grouping for online short-turn detection of excited running rotors. IEEE Trans. Energy Conv. 14, 1.Google ScholarCross Ref
Gwadera, R., Atallah, M. J., and Szpankowski, W. 2004. Detection of significant sets of episodes in event sequences. In Proceedings of the 4th IEEE International Conference on Data Mining. IEEE Computer Society, 3--10. Google ScholarDigital Library
Gwadera, R., Atallah, M. J., and Szpankowski, W. 2005a. Markov models for identification of significant episodes. In Proceedings of the 5th SIAM International Conference on Data Mining.Google Scholar
Gwadera, R., Atallah, M. J., and Szpankowski, W. 2005b. Reliable detection of episodes in event sequences. Knowl. Inform. Syst. 7, 4, 415--437.Google ScholarDigital Library
Harris, T. 1993. Neural network in machine health monitoring. Professional Engin.Google Scholar
Hartigan, J. A. and Wong, M. A. 1979. A k-means clustering algorithm. Appl. Stat. 28, 100--108.Google ScholarCross Ref
Hautamaki, V., Karkkainen, I., and Franti, P. 2004. Outlier detection using k-nearest neighbour graph. In Proceedings of the 17th International Conference on Pattern Recognition. vol. 3. IEEE Computer Society, 430--433. Google ScholarDigital Library
Hawkins, D. 1980. Identification of Outliers. Chapman and Hall, London and New York.Google Scholar
Hawkins, D. M. 1974. The detection of errors in multivariate data using principal components. J. Amer. Statis. Assoc. 69, 346, 340--344.Google ScholarCross Ref
Hawkins, S., He, H., Williams, G. J., and Baxter, R. A. 2002. Outlier detection using replicator neural networks. In Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery. Springer-Verlag, 170--180. Google ScholarDigital Library
Hazel, G. G. 2000. Multivariate Gaussian MRF for multi-spectral scene segmentation and anomaly detection. GeoRS 38, 3, 1199--1211.Google Scholar
He, H., Wang, J., Graco, W., and Hawkins, S. 1997. Application of neural networks to detection of medical fraud. Expert Syst. Appl. 13, 4, 329--336.Google ScholarCross Ref
He, Z., Deng, S., and Xu, X. 2002. Outlier detection integrating semantic knowledge. In Proceedings of the 3rd International Conference on Advances in Web-Age Information Management. Springer-Verlag, 126--131. Google ScholarDigital Library
He, Z., Deng, S., Xu, X., and Huang, J. Z. 2006. A fast greedy algorithm for outlier mining. In Proceedings of the 10th Pacific-Asia Conference on Knowledge and Data Discovery. 567--576. Google ScholarDigital Library
He, Z., Xu, X., and Deng, S. 2003. Discovering cluster-based local outliers. Pattern Recog. Lett. 24, 9--10, 1641--1650. Google ScholarDigital Library
He, Z., Xu, X., and Deng, S. 2005. An optimization model for outlier detection in categorical data. In Proceedings of the International Conference on Intelligent Computing. Lecture Notes in Computer Science, vol. 3644. Springer. Google ScholarDigital Library
He, Z., Xu, X., Huang, J. Z., and Deng, S. 2004a. A Frequent Pattern Discovery Method for Outlier Detection. Springer, 726--732.Google Scholar
He, Z., Xu, X., Huang, J. Z., and Deng, S. 2004b. Mining Class Outliers: Concepts, Algorithms and Applications. Springer, 588--589.Google Scholar
Heller, K. A., Svore, K. M., Keromytis, A. D., and Stolfo, S. J. 2003. One class support vector machines for detecting anomalous windows registry accesses. In Proceedings of the Workshop on Data Mining for Computer Security.Google Scholar
Helman, P. and Bhangoo, J. 1997. A statistically-based system for prioritizing information exploration under uncertainty. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics. vol. 27. IEEE, 449--466.Google Scholar
Helmer, G., Wong, J., Honavar, V., and Miller, L. 1998. Intelligent agents for intrusion detection. In Proceedings of the IEEE Information Technology Conference. 121--124.Google Scholar
Hickinbotham, S. J. and Austin, J. 2000a. Novelty detection in airframe strain data. In Proceedings of the 15th International Conference on Pattern Recognition. Vol. 2. 536--539.Google Scholar
Hickinbotham, S. J. and Austin, J. 2000b. Novelty detection in airframe strain data. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. vol. 6. 24--27.Google Scholar
Ho, L. L., Macey, C. J., and Hiller, R. 1999. A distributed and reliable platform for adaptive anomaly detection in IP networks. In Proceedings of the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management. Springer-Verlag, 33--46. Google ScholarDigital Library
Ho, T. V. and Rouat, J. 1997. A novelty detector using a network of integrate and fire neurons. Lecture Notes in Computer Science, vol. 1327. 103--108. Google ScholarDigital Library
Ho, T. V. and Rouat, J. 1998. Novelty detection based on relaxation time of a network of integrate-and-fire neurons. In Proceedings of the 2nd IEEE World Congress on Computational Intelligence. 1524--1529.Google Scholar
Hodge, V. and Austin, J. 2004. A survey of outlier detection methodologies. Artif. Intel. Rev. 22, 2, 85--126. Google ScholarDigital Library
Hofmeyr, S. A., Forrest, S., and Somayaji, A. 1998. Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 3, 151--180. Google ScholarDigital Library
Hollier, G. and Austin, J. 2002. Novelty detection for strain-gauge degradation using maximally correlated components. In Proceedings of the European Symposium on Artificial Neural Networks. 257--262--539.Google Scholar
Hollmen, J. and Tresp, V. 1999. Call-based fraud detection in mobile communication networks using a hierarchical regime-switching model. In Proceedings of the Conference on Advances in Neural Information Processing Systems II. MIT Press, 889--895. Google ScholarDigital Library
Horn, P. S., Feng, L., Li, Y., and Pesce, A. J. 2001. Effect of outliers and nonhealthy individuals on reference interval estimation. Clinical Chem. 47, 12, 2137--2145.Google ScholarCross Ref
Hu, W., Liao, Y., and Vemuri, V. R. 2003. Robust anomaly detection using support vector machines. In Proceedings of the International Conference on Machine Learning. Morgan Kaufmann Publishers Inc., 282--289.Google Scholar
Huber, P. 1974. Robust Statistics. Wiley, New York.Google Scholar
Huber, P. J. 1985. Projection pursuit (with discussions). Ann. Stat. 13, 2, 435--475.Google ScholarCross Ref
Ide, T. and Kashima, H. 2004. Eigenspace-based anomaly detection in computer systems. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 440--449. Google ScholarDigital Library
Id&#233;, T., Papadimitriou, S., and Vlachos, M. 2007. Computing correlation anomaly scores using stochastic nearest neighbors. In Proceedings of the International Conference Data Mining. 523--528. Google ScholarDigital Library
Ihler, A., Hutchins, J., and Smyth, P. 2006. Adaptive event detection with time-varying Poisson processes. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 207--216. Google ScholarDigital Library
Ilgun, K., Kemmerer, R. A., and Porras, P. A. 1995. State transition analysis: A rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21, 3, 181--199. Google ScholarDigital Library
Jagadish, H. V., Koudas, N., and Muthukrishnan, S. 1999. Mining deviants in a time series database. In Proceedings of the 25th International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., 102--113. Google ScholarDigital Library
Jagota, A. 1991. Novelty detection on a very large number of memories stored in a hopfield-style network. In Proceedings of the International Joint Conference on Neural Networks. vol. 2. 905.Google ScholarCross Ref
Jain, A. K. and Dubes, R. C. 1988. Algorithms for Clustering Data. Prentice-Hall, Inc. Google ScholarDigital Library
Jakubek, S. and Strasser, T. 2002. Fault-diagnosis using neural networks with ellipsoidal basis functions. In Proceedings of the American Control Conference. vol. 5. 3846--3851.Google Scholar
Janakiram, D., Reddy, V., and Kumar, A. 2006. Outlier detection in wireless sensor networks using Bayesian belief networks. In Proceedings of the 1st International Conference on Communication System Software and Middleware. 1--6.Google Scholar
Japkowicz, N., Myers, C., and Gluck, M. A. 1995. A novelty detection approach to classification. In Proceedings of the International Joint Conference on Artificial Intelligence. 518--523. Google ScholarDigital Library
Javitz, H. S. and Valdes, A. 1991. The SRI IDES statistical anomaly detector. In Proceedings of the IEEE Symposium on Research in Security and Privacy. IEEE Computer Society.Google Scholar
Jiang, M. F., Tseng, S. S., and Su, C. M. 2001. Two-phase clustering process for outliers detection. Patt. Recog. Lett. 22, 6-7, 691--700. Google ScholarDigital Library
Jin, W., Tung, A. K. H., and Han, J. 2001. Mining top-n local outliers in large databases. In Proceedings of the 7th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 293--298. Google ScholarDigital Library
Joachims, T. 2006. Training linear SVMS in linear time. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 217--226. Google ScholarDigital Library
Jolliffe, I. T. 2002. Principal Component Analysis, 2nd Ed. Springer.Google Scholar
Joshi, M. V., Agarwal, R. C., and Kumar, V. 2001. Mining needle in a haystack: classifying rare classes via two-phase rule induction. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM Press, 91--102. Google ScholarDigital Library
Joshi, M. V., Agarwal, R. C., and Kumar, V. 2002. Predicting rare classes: can boosting make any weak learner strong&quest; In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 297--306. Google ScholarDigital Library
Kadota, K., Tominaga, D., Akiyama, Y., and Takahashi, K. 2003. Detecting outlying samples in micro-array data: A critical assessment of the effect of outliers on sample classification. Chem-Bio Informatics 3, 1, 30--45.Google ScholarCross Ref
Karypis, G. and Kumar, V. 1998. Multi-level k-way partitioning scheme for irregular graphs. J. Paral. Distrib. Comput. 48, 1, 96--129. Google ScholarDigital Library
Kearns, M. J. 1990. Computational Complexity of Machine Learning. MIT Press. Google ScholarDigital Library
Keogh, E., Lin, J., Lee, S.-H., and Herle, H. V. 2006. Finding the most unusual time series subsequence: Algorithms and applications. Knowl. Inform. Syst. 11, 1, 1--27. Google ScholarDigital Library
Keogh, E., Lonardi, S., and chi' Chiu, B. Y. 2002. Finding surprising patterns in a time series database in linear time and space. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 550--556. Google ScholarDigital Library
Keogh, E., Lonardi, S., and Ratanamahatana, C. A. 2004. Towards parameter-free data mining. In Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 206--215. Google ScholarDigital Library
Keogh, E. and Smyth, P. 1997. A probabilistic approach to fast pattern matching in time series databases. In Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining, D. Heckerman, H. Mannila, D. Pregibon, and R. Uthurusamy, Eds. AAAI Press, 24--30.Google Scholar
King, S., King, D., P. Anuzis, K. A., Tarassenko, L., Hayton, P., and Utete, S. 2002. The use of novelty detection techniques for monitoring high-integrity plant. In Proceedings of the International Conference on Control Applications. vol. 1., 221--226.Google Scholar
Kitagawa, G. 1979. On the use of AIC for the detection of outliers. Technometrics 21, 2, 193--199.Google ScholarCross Ref
Knorr, E. M. and Ng, R. T. 1997. A unified approach for mining outliers. In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research. IBM Press, 11. Google ScholarDigital Library
Knorr, E. M. and Ng, R. T. 1998. Algorithms for mining distance-based outliers in large datasets. In Proceedings of the 24rd International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., 392--403. Google ScholarDigital Library
Knorr, E. M. and Ng, R. T. 1999. Finding intensional knowledge of distance-based outliers. VLDB J. 211--222. Google ScholarDigital Library
Knorr, E. M., Ng, R. T., and Tucakov, V. 2000. Distance-based outliers: Algorithms and applications. VLDB J. 8, 3-4, 237--253. Google ScholarDigital Library
Ko, H. and Jacyna, G. 2000. Dynamical behavior of autoassociative memory performing novelty filtering. In IEEE Trans. Neural Netw. Vol. 11. 1152--1161. Google ScholarDigital Library
Kohonen, T., Ed. 1997. Self-Organizing Maps. Springer-Verlag. Google ScholarDigital Library
Kojima, K. and Ito, K. 1999. Autonomous learning of novel patterns by utilizing chaotic dynamics. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics. Vol. 1. IEEE, 284--289.Google Scholar
Kosoresow, A. P. and Hofmeyr, S. A. 1997. Intrusion detection via system call traces. IEEE Softw. 14, 5, 35--42. Google ScholarDigital Library
Kou, Y., Lu, C.-T., and Chen, D. 2006. Spatial weighted outlier detection. In Proceedings of the SIAM Conference on Data Mining.Google Scholar
Kruegel, C., Mutz, D., Robertson, W., and Valeur, F. 2003. Bayesian event classification for intrusion detection. In Proceedings of the 19th Annual Computer Security Applications Conference. IEEE Computer Society, 14. Google ScholarDigital Library
Kruegel, C., Toth, T., and Kirda, E. 2002. Service specific anomaly detection for network intrusion detection. In Proceedings of the ACM symposium on Applied Computing. ACM Press, 201--208. Google ScholarDigital Library
Kruegel, C. and Vigna, G. 2003. Anomaly detection of Web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM Press, 251--261. Google ScholarDigital Library
Kumar, V. 2005. Parallel and distributed computing for cybersecurity. IEEE Distrib. Syst. Online 6, 10. Google ScholarDigital Library
Labib, K. and Vemuri, R. 2002. NSOM: A real-time network-based intrusion detection using self-organizing maps. Netw. Security.Google Scholar
Lakhina, A., Crovella, M., and Diot, C. 2005. Mining anomalies using traffic feature distributions. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. ACM Press, 217--228. Google ScholarDigital Library
Lane, T. and Brodley, C. E. 1997a. An application of machine learning to anomaly detection. In Proceedings of the Conference on 20th NIST-NCSC National Information Systems Security Conference. 366--380.Google Scholar
Lane, T. and Brodley, C. E. 1997b. Sequence matching and learning in anomaly detection for computer security. In Proceedings of the Conference on AI Approaches to Fraud Detection and Risk Management, Fawcett, Haimowitz, Provost, and Stolfo, Eds. AAAI Press, 43--49.Google Scholar
Lane, T. and Brodley, C. E. 1999. Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inform. Syst. Secur. 2, 3, 295--331. Google ScholarDigital Library
Lauer, M. 2001. A mixture approach to novelty detection using training data with outliers. In Proceedings of the 12th European Conference on Machine Learning. Springer-Verlag, 300--311. Google ScholarDigital Library
Laurikkala, J., Juhola, M., and Kentala., E. 2000. Informal identification of outliers in medical data. In Proceedings of the 5<sup>th</sup> International Workshop on Intelligent Data Analysis in Medicine and Pharmacology. 20--24.Google Scholar
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., and Srivastava, J. 2003. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the SIAM International Conference on Data Mining. (SIAM).Google Scholar
Lee, W. and Stolfo, S. 1998. Data mining approaches for intrusion detection. In Proceedings of the 7th USENIX Security Symposium. Google ScholarDigital Library
Lee, W., Stolfo, S., and Chan, P. 1997. Learning patterns from UNIX process execution traces for intrusion detection. In Proceedings of the AAAI Workshop on AI Methods in Fraud and Risk Management.Google Scholar
Lee, W., Stolfo, S. J., and Mok, K. W. 2000. Adaptive intrusion detection: A data mining approach. Artif. Intell. Rev. 14, 6, 533--567. Google ScholarDigital Library
Lee, W. and Xiang, D. 2001. Information-theoretic measures for anomaly detection. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 130. Google ScholarDigital Library
Li, M. and Vitanyi, P. M. B. 1993. An Introduction to Kolmogorov Complexity and Its Applications. Springer-Verlag. Google ScholarDigital Library
Li, Y., Pont, M. J., and Jones, N. B. 2002. Improving the performance of radial basis function classifiers in condition monitoring and fault diagnosis applications where unknown faults may occur. Patt. Recog. Lett. 23, 5, 569--577. Google ScholarDigital Library
Lin, J., Keogh, E., Fu, A., and Herle, H. V. 2005. Approximations to magic: Finding unusual medical time series. In Proceedings of the 18th IEEE Symposium on Computer-Based Medical Systems. IEEE Computer Society, 329--334. Google ScholarDigital Library
Lin, S. and Brown, D. E. 2003. An outlier-based data association method for linking criminal incidents. In Proceedings of the 3rd SIAM Data Mining Conference.Google Scholar
Liu, J. P. and Weng, C. S. 1991. Detection of outlying data in bioavailability/bioequivalence studies. Stat. Med. 10, 9, 1375--89.Google ScholarCross Ref
Lu, C.-T., Chen, D., and Kou, Y. 2003. Algorithms for spatial outlier detection. In Proceedings of the 3rd International Conference on Data Mining. 597--600. Google ScholarDigital Library
Ma, J. and Perkins, S. 2003a. Online novelty detection on temporal sequences. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 613--618. Google ScholarDigital Library
Ma, J. and Perkins, S. 2003b. Time-series novelty detection using one-class support vector machines. In Proceedings of the International Joint Conference on Neural Networks. Vol. 3. 1741--1745.Google Scholar
MacDonald, J. W. and Ghosh, D. 2007. Copa--cancer outlier profile analysis. Bioinformatics 22, 23, 2950--2951. Google ScholarDigital Library
Mahoney, M. V. and Chan, P. K. 2002. Learning nonstationary models of normal network traffic for detecting novel attacks. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 376--385. Google ScholarDigital Library
Mahoney, M. V. and Chan, P. K. 2003. Learning rules for anomaly detection of hostile network traffic. In Proceedings of the 3rd IEEE International Conference on Data Mining. IEEE Computer Society, 601. Google ScholarDigital Library
Mahoney, M. V., Chan, P. K., and Arshad, M. H. 2003. A machine learning approach to anomaly detection. Tech. rep. CS--2003--06, Department of Computer Science, Florida Institute of Technology Melbourne.Google Scholar
Manevitz, L. M. and Yousef, M. 2000. Learning from positive data for document classification using neural networks. In Proceedings of the 2nd Bar-Ilan Workshop on Knowledge Discovery and Learning.Google Scholar
Manevitz, L. M. and Yousef, M. 2002. One-class SVMS for document classification. J. Mach. Learn. Res. 2, 139--154. Google ScholarDigital Library
Manikopoulos, C. and Papavassiliou, S. 2002. Network intrusion and fault detection: A statistical anomaly approach. IEEE Comm. Mag. 40. Google ScholarDigital Library
Manson, G. 2002. Identifying damage sensitive, environment insensitive features for damage detection. In Proceedings of IES Conference.Google Scholar
Manson, G., Pierce, G., and Worden, K. 2001. On the long-term stability of normal conditions for damage detection in a composite panel. In Proceedings of the 4th International Conference on Damage Assessment of Structures. Cardiff, UK.Google Scholar
Manson, G., Pierce, S. G., Worden, K., Monnier, T., Guy, P., and Atherton, K. 2000. Long-term stability of normal condition data for novelty detection. In Proceedings of the Conference on Smart Structures and Integrated Systems. 323--334.Google Scholar
Marceau, C. 2000. Characterizing the behavior of a program using multiple-length n-grams. In Proceedings of the Workshop on New Security Paradigms. ACM Press, 101--110. Google ScholarDigital Library
Marchette, D. 1999. A statistical method for profiling network traffic. In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring. 119--128. Google ScholarDigital Library
Markou, M. and Singh, S. 2003a. Novelty detection: A review-part 1: Statistical approaches. Sig. Proc. 83, 12, 2481--2497. Google ScholarDigital Library
Markou, M. and Singh, S. 2003b. Novelty detection: A review-part 2: Neural network based approaches. Sig. Proc. 83, 12, 2499--2521. Google ScholarDigital Library
Marsland, S., Nehmzow, U., and Shapiro, J. 1999. A model of habituation applied to mobile robots. In Proceedings of Towards Intelligent Mobile Robots Conference. Department of Computer Science, Manchester University, Technical rep. UMCS-99-3-1.Google Scholar
Marsland, S., Nehmzow, U., and Shapiro, J. 2000a. Novelty detection for robot neotaxis. In Proceedings of the 2nd International Symposium on Neural Compuatation. 554--559.Google Scholar
Marsland, S., Nehmzow, U., and Shapiro, J. 2000b. A real-time novelty detector for a mobile robot. In Proceedings of the EUREL Conference on Advanced Robotics Systems.Google Scholar
Martinelli, G. and Perfetti, R. 1994. Generalized cellular neural network for novelty detection. IEEE Trans. Circ. Syst. I: Fundamental Theory Application 41, 2, 187--190.Google ScholarCross Ref
Martinez, D. 1998. Neural tree density estimation for novelty detection. IEEE Trans. Neural Netw. 9, 2, 330--338. Google ScholarDigital Library
McCallum, A., Nigam, K., and Ungar, L. H. 2000. Efficient clustering of high-dimensional data sets with application to reference matching. In Proceedings of the 6th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 169--178. Google ScholarDigital Library
McNeil, A. 1999. Extreme value theory for risk managers. In Internal Modelling and CAD II, 93--113.Google Scholar
Mingming, N. Y. 2000. Probabilistic networks with undirected links for anomaly detection. In Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop. 175--179.Google Scholar
Motulsky, H. 1995. Intuitive Biostatistics: Choosing a Statistical Test. Oxford University Press, Chapter 37.Google Scholar
Moya, M., Koch, M., and Hostetler, L. 1993. One-class classifier networks for target recognition applications. In Proceedings of the World Congress on Neural Networks, International Neural Network Society. 797--801.Google Scholar
Murray, A. F. 2001. Novelty detection using products of simple experts: A potential architecture for embedded systems. Neural Netw. 14, 9, 1257--1264. Google ScholarDigital Library
Nairac, A., Corbett-Clark, T., Ripley, R., Townsend, N., and Tarassenko, L. 1997. Choosing an appropriate model for novelty detection. In Proceedings of the 5th IEEE International Conference on Artificial Neural Networks. 227--232.Google Scholar
Nairac, A., Townsend, N., Carr, R., King, S., Cowley, P., and Tarassenko, L. 1999. A system for the analysis of jet engine vibration data. Integ. Comput.-Aided Eng. 6, 1, 53--56. Google ScholarDigital Library
Ng, R. T. and Han, J. 1994. Efficient and effective clustering methods for spatial data mining. In Proceedings of the 20th International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., 144--155. Google ScholarDigital Library
Noble, C. C. and Cook, D. J. 2003. Graph-based anomaly detection. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 631--636. Google ScholarDigital Library
Odin, T. and Addison, D. 2000. Novelty detection using neural network technology. In Proceedings of the COMADEN Conference.Google Scholar
Otey, M., Parthasarathy, S., Ghoting, A., Li, G., Narravula, S., and Panda, D. 2003. Towards NIC-based intrusion detection. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 723--728. Google ScholarDigital Library
Otey, M. E., Ghoting, A., and Parthasarathy, S. 2006. Fast distributed outlier detection in mixed-attribute data sets. Data Min. Knowl. Disc. 12, 2-3, 203--228. Google ScholarDigital Library
Palshikar, G. K. 2005. Distance-based outliers in sequences. Lecture Notes in Computer Science, vol. 3816, 547--552. Google ScholarDigital Library
Papadimitriou, S., Kitagawa, H., Gibbons, P. B., and Faloutsos, C. 2002. Loci: Fast outlier detection using the local correlation integral. Tech. rep. IRP-TR-02-09, Intel Research Laboratory.Google Scholar
Parra, L., Deco, G., and Miesbach, S. 1996. Statistical independence and novelty detection with information preserving nonlinear maps. Neural Comput. 8, 2, 260--269. Google ScholarDigital Library
Parzen, E. 1962. On the estimation of a probability density function and mode. Annals Math. Stat. 33, 1065--1076.Google ScholarCross Ref
Patcha, A. and Park, J.-M. 2007. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Comput. Netw. 51, 12, 3448--3470. Google ScholarDigital Library
Petsche, T., Marcantonio, A., Darken, C., Hanson, S., Kuhn, G., and Santoso, I. 1996. A neural network autoassociator for induction motor failure prediction. In Proceedings of the Conference on Advances in Neural Information Processing. vol. 8. 924--930.Google Scholar
Phoha, V. V. 2002. The Springer Internet Security Dictionary. Springer-Verlag. Google ScholarDigital Library
Phua, C., Alahakoon, D., and Lee, V. 2004. Minority report in fraud detection: Classification of skewed data. SIGKDD Explorer Newsletter 6, 1, 50--59. Google ScholarDigital Library
Phuong, T. V., Hung, L. X., Cho, S. J., Lee, Y., and Lee, S. 2006. An anomaly detection algorithm for detecting attacks in wireless sensor networks. Intel. Secur. Inform. 3975, 735--736. Google ScholarDigital Library
Pickands, J. 1975. Statistical inference using extreme order statistics. Annals Stat. 3, 1, 119--131.Google ScholarCross Ref
Pires, A. and Santos-Pereira, C. 2005. Using clustering and robust estimators to detect outliers in multivariate data. In Proceedings of the International Conference on Robust Statistics.Google Scholar
Platt, J. 2000. Probabilistic Outputs for Support Vector Machines and Comparison to Regularized Likelihood Methods. In Advances in Large Margin Classifiers, A. Smola, P. Bartlett, B. Schoelkopf, and D. Schuurmans, Eds. MIT Press, 61--74.Google Scholar
Pokrajac, D., Lazarevic, A., and Latecki, L. J. 2007. Incremental local outlier detection for data streams. In Proceedings of the IEEE Symposium on Computational Intelligence and Data Mining.Google Scholar
Porras, P. A. and Neumann, P. G. 1997. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th NIST-NCSC National Information Systems Security Conference. 353--365.Google Scholar
Portnoy, L., Eskin, E., and Stolfo, S. 2001. Intrusion detection with unlabeled data using clustering. In Proceedings of the ACM Workshop on Data Mining Applied to Security.Google Scholar
Protopapas, P., Giammarco, J. M., Faccioli, L., Struble, M. F., Dave, R., and Alcock, C. 2006. Finding outlier light curves in catalogues of periodic variable stars. Monthly Notices Royal Astronomical Soc. 369, 2, 677--696.Google ScholarCross Ref
Qin, M. and Hwang, K. 2004. Frequent episode rules for Internet anomaly detection. In Proceedings of the 3rd IEEE International Symposium on Network Computing and Applications. IEEE Computer Society. Google ScholarDigital Library
Ramadas, M., Ostermann, S., and Tjaden, B. C. 2003. Detecting anomalous network traffic with self-organizing maps. In Proceedings of the Conference on Recent Advances in Intrusion Detection. 36--54.Google Scholar
Ramaswamy, S., Rastogi, R., and Shim, K. 2000. Efficient algorithms for mining outliers from large data sets. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM Press, 427--438. Google ScholarDigital Library
Ratsch, G., Mika, S., Scholkopf, B., and Muller, K.-R. 2002. Constructing boosting algorithms from SVMS: An application to one-class classification. IEEE Trans. Patt. Anal. Mach. Intel. 24, 9, 1184--1199. Google ScholarDigital Library
Roberts, S. 1999. Novelty detection using extreme value statistics. In Proceedings of the IEEE Vision, Image and Signal Processing Conference Vol. 146. 124--129.Google ScholarCross Ref
Roberts, S. 2002. Extreme value statistics for novelty detection in biomedical signal processing. In Proceedings of the 1st International Conference on Advances in Medical Signal and Information Processing. 166--172.Google Scholar
Roberts, S. and Tarassenko, L. 1994. A probabilistic resource allocating network for novelty detection. Neural Comput. 6, 2, 270--284. Google ScholarDigital Library
Rosner, B. 1983. Percentage points for a generalized ESD many-outlier procedure. Technometrics 25, 2, 165--172.Google ScholarCross Ref
Roth, V. 2004. Outlier detection with one-class kernel Fisher discriminants. In Proceedings of the Conference on Advances in Neural Information Processing Systems (NIPS).Google Scholar
Roth, V. 2006. Kernel fisher discriminants for outlier detection. Neural Comput. 18, 4, 942--960. Google ScholarDigital Library
Rousseeuw, P. J. and Leroy, A. M. 1987. Robust Regression and Outlier Detection. John Wiley & Sons, Inc. Google ScholarDigital Library
Roussopoulos, N., Kelley, S., and Vincent, F. 1995. Nearest neighbor queries. In Proceedings of the ACM-SIGMOD International Conference on Management of Data. Google ScholarDigital Library
Ruotolo, R. and Surace, C. 1997. A statistical approach to damage detection through vibration monitoring. In Proceedings of the 5th Pan-American Congress of Applied Mechanics.Google Scholar
Salvador, S. and Chan, P. 2003. Learning states and rules for time-series anomaly detection. Tech. rep. CS--2003--05, Department of Computer Science, Florida Institute of Technology Melbourne.Google Scholar
Sarawagi, S., Agrawal, R., and Megiddo, N. 1998. Discovery-driven exploration of OLAP data cubes. In Proceedings of the 6th International Conference on Extending Database Technology. Springer-Verlag, 168--182. Google ScholarDigital Library
Sargor, C. 1998. Statistical anomaly detection for link-state routing protocols. In Proceedings of the 6th International Conference on Network Protocols. IEEE Computer Society, 62. Google ScholarDigital Library
Saunders, R. and Gero, J. 2000. The importance of being emergent. In Proceedings of the Conference on Artificial Intelligence in Design.Google Scholar
Scarth, G., McIntyre, M., Wowk, B., and Somorjai, R. 1995. Detection of novelty in functional images using fuzzy clustering. In Proceedings of the 3rd Meeting of the International Society for Magnetic Resonance in Medicine. 238.Google Scholar
Sch&#246;lkopf, B., Platt, J. C., Shawe-Taylor, J. C., Smola, A. J., and Williamson, R. C. 2001. Estimating the support of a high-dimensional distribution. Neural Comput. 13, 7, 1443--1471. Google ScholarDigital Library
Scott, S. L. 2001. Detecting network intrusion using a Markov modulated nonhomogeneous Poisson Process. Journal of the American Statistical Association.Google Scholar
Sebyala, A. A., Olukemi, T., and Sacks, L. 2002. Active platform security through intrusion detection using naive Bayesian network for anomaly detection. In Proceedings of the London Communications Symposium.Google Scholar
Sequeira, K. and Zaki, M. 2002. Admit: Anomaly-based data mining for intrusions. In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 386--395. Google ScholarDigital Library
Sheikholeslami, G., Chatterjee, S., and Zhang, A. 1998. Wavecluster: A multi-resolution clustering approach for very large spatial databases. In Proceedings of the 24rd International Conference on Very Large Databases. Morgan Kaufmann Publishers Inc., 428--439. Google ScholarDigital Library
Shekhar, S., Lu, C.-T., and Zhang, P. 2001. Detecting graph-based spatial outliers: Algorithms and applications (a summary of results). In Proceedings of the 7th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 371--376. Google ScholarDigital Library
Shewhart, W. A. 1931. Economic Control of Quality of Manufactured Product. D. Van Nostrand Company.Google Scholar
Shyu, M.-L., Chen, S.-C., Sarinnapakorn, K., and Chang, L. 2003. A novel anomaly detection scheme-based on principal component classifier. In Proceedings of the 3rd IEEE International Conference on Data Mining. 353--365.Google Scholar
Siaterlis, C. and Maglaris, B. 2004. Towards multi-sensor data fusion for dos detection. In Proceedings of the ACM Symposium on Applied Computing. ACM Press, 439--446. Google ScholarDigital Library
Singh, S. and Markou, M. 2004. An approach to novelty detection applied to the classification of image regions. IEEE Trans. Knowl. Data Eng. 16, 4, 396--407. Google ScholarDigital Library
Smith, R., Bivens, A., Embrechts, M., Palagiri, C., and Szymanski, B. 2002. Clustering approaches for anomaly-based intrusion detection. In Proceedings of the Intelligent Engineering Systems through Artificial Neural Networks. ASME Press, 579--584.Google Scholar
Smyth, P. 1994. Markov monitoring with unknown states. IEEE J. Select. Areas Comm. (Special Issue on Intelligent Signal Processing for Communications) 12, 9, 1600--1612.Google ScholarDigital Library
Snyder, D. 2001. Online intrusion detection using sequences of system calls. M.S. thesis, Department of Computer Science, Florida State University.Google Scholar
Sohn, H., Worden, K., and Farrar, C. 2001. Novelty detection under changing environmental conditions. In Proceedings of the 8th Annual SPIE International Symposium on Smart Structures and Materials.Google Scholar
Solberg, H. E. and Lahti, A. 2005. Detection of outliers in reference distributions: Performance of Horn's algorithm. Clinical Chem. 51, 12, 2326--2332.Google ScholarCross Ref
Song, Q., Hu, W., and Xie, W. 2002. Robust support vector machine with bullet hole image classification. IEEE Trans. Syst. Man Cyber.&#8212;Part C: Applications and Reviews 32, 4. Google ScholarDigital Library
Song, S., Shin, D., and Yoon, E. 2001. Analysis of novelty detection properties of auto-associators. In Proceedings of the Conference on Condition Monitoring and Diagnostic Engineering Management. 577--584.Google Scholar
Song, X., Wu, M., Jermaine, C., and Ranka, S. 2007. Conditional anomaly detection. IEEE Trans. Knowl. Data Eng. 19, 5, 631--645. Google ScholarDigital Library
Soule, A., Salamatian, K., and Taft, N. 2005. Combining filtering and statistical methods for anomaly detection. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. ACM, 1--14. Google ScholarDigital Library
Spence, C., Parra, L., and Sajda, P. 2001. Detection, synthesis and compression in mammographic image analysis with a hierarchical image probability model. In Proceedings of the IEEE Workshop on Mathematical Methods in Biomedical Image Analysis. IEEE Computer Society, 3. Google ScholarDigital Library
Srivastava, A. 2006. Enabling the discovery of recurring anomalies in aerospace problem reports using high-dimensional clustering techniques. In Proceedings of the IEEE Aerospace Conference, 17--34.Google ScholarCross Ref
Srivastava, A. and Zane-Ulman, B. 2005. Discovering recurring anomalies in text reports regarding complex space systems. In Proceedings of the IEEE Aerospace Conference, 3853--3862.Google Scholar
Stefano, C., Sansone, C., and Vento, M. 2000. To reject or not to reject: that is the question: An answer in the case of neural classifiers. IEEE Trans. Syst. Manag. Cyber. 30, 1, 84--94. Google ScholarDigital Library
Stefansky, W. 1972. Rejecting outliers in factorial designs. Technometrics 14, 2, 469--479.Google ScholarCross Ref
Steinwart, I., Hush, D., and Scovel, C. 2005. A classification framework for anomaly detection. J. Mach. Learn. Res. 6, 211--232. Google ScholarDigital Library
Streifel, R., Maks, R., and El-Sharkawi, M. 1996. Detection of shorted-turns in the field of turbine-generator rotors using novelty detectors--development and field tests. IEEE Trans. Energy Conv. 11, 2, 312--317.Google ScholarCross Ref
Subramaniam, S., Palpanas, T., Papadopoulos, D., Kalogeraki, V., and Gunopulos, D. 2006. Online outlier detection in sensor data using non-parametric models. In Proceedings of the 32nd International Conference on Very Large Data Bases (VLDB). VLDB Endowment, 187--198. Google ScholarDigital Library
Sun, H., Bao, Y., Zhao, F., Yu, G., and Wang, D. 2004. CD-trees: An efficient index structure for outlier detection. In Proceedings of the 5th International Conference on Web-Age Information Management (WAIM). 600--609.Google Scholar
Sun, J., Qu, H., Chakrabarti, D., and Faloutsos, C. 2005. Neighborhood formation and anomaly detection in bipartite graphs. In Proceedings of the 5th IEEE International Conference on Data Mining. IEEE Computer Society, 418--425. Google ScholarDigital Library
Sun, J., Xie, Y., Zhang, H., and Faloutsos, C. 2007. Less is more: Compact matrix representation of large sparse graphs. In Proceedings of the 7th SIAM International Conference on Data Mining.Google Scholar
Sun, P. and Chawla, S. 2004. On local spatial outliers. In Proceedings of the 4th IEEE International Conference on Data Mining. 209--216. Google ScholarDigital Library
Sun, P. and Chawla, S. 2006. SLOM: A new measure for local spatial outliers. Knowl. Inform. Syst. 9, 4, 412--429.Google ScholarCross Ref
Sun, P., Chawla, S., and Arunasalam, B. 2006. Mining for outliers in sequential databases. In Proceedings of the SIAM International Conference on Data Mining.Google Scholar
Surace, C. and Worden, K. 1998. A novelty detection method to diagnose damage in structures: An application to an offshore platform. In Proceedings of the 8th International Conference of Off-Shore and Polar Engineering. vol. 4. Colorado, 64--70.Google Scholar
Surace, C., Worden, K., and Tomlinson, G. 1997. A novelty detection approach to diagnose damage in a cracked beam. In Proceedings of the SPIE. vol. 3089. 947--953.Google Scholar
Suzuki, E., Watanabe, T., Yokoi, H., and Takabayashi, K. 2003. Detecting interesting exceptions from medical test data with visual summarization. In Proceedings of the 3rd IEEE International Conference on Data Mining. 315--322. Google ScholarDigital Library
Sykacek, P. 1997. Equivalent error bars for neural network classifiers trained by Bayesian inference. In Proceedings of the European Symposium on Artificial Neural Networks. 121--126.Google Scholar
Tan, P.-N., Steinbach, M., and Kumar, V. 2005. Introduction to Data Mining. Addison-Wesley. Google ScholarDigital Library
Tandon, G. and Chan, P. 2007. Weighting versus pruning in rule validation for detecting network and host anomalies. In Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press. Google ScholarDigital Library
Tang, J., Chen, Z., chee Fu, A. W., and W. Cheung, D. 2002. Enhancing effectiveness of outlier detections for low density patterns. In Proceedings of the Pacific-Asia Conference on Knowledge Discovery and Data Mining. 535--548. Google ScholarDigital Library
Taniguchi, M., Haft, M., Hollmn, J., and Tresp, V. 1998. Fraud detection in communications networks using neural and probabilistic methods. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing. vol. 2. IEEE Computer Society, 1241--1244.Google Scholar
Tao, Y., Xiao, X., and Zhou, S. 2006. Mining distance-based outliers from large databases in any metric space. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 394--403. Google ScholarDigital Library
Tarassenko, L. 1995. Novelty detection for the identification of masses in mammograms. In Proceedings of the 4th IEEE International Conference on Artificial Neural Networks. vol. 4. 442--447.Google ScholarCross Ref
Tax, D. and Duin, R. 1999a. Data domain description using support vectors. In Proceedings of the European Symposium on Artificial Neural Networks, M. Verleysen, Ed., 251--256.Google Scholar
Tax, D. and Duin, R. 1999b. Support vector data description. Patt. Recog. Lett. 20, 11-13, 1191--1199. Google ScholarDigital Library
Tax, D. M. J. 2001. One-class classification; concept-learning in the absence of counter-examples. Ph.D. thesis, Delft University of Technology.Google Scholar
Teng, H., Chen, K., and Lu, S. 1990. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, 278--284.Google Scholar
Theiler, J. and Cai, D. M. 2003. Resampling approach for anomaly detection in multispectral images. In Proceedings of the SPIE. vol. 5093, 230--240.Google Scholar
Thompson, B., II, R. M., Choi, J., El-Sharkawi, M., Huang, M., and Bunje, C. 2002. Implicit learning in auto-encoder novelty assessment. In Proceedings of the International Joint Conference on Neural Networks. 2878--2883.Google Scholar
Thottan, M. and Ji, C. 2003. Anomaly detection in IP networks. IEEE Trans. Sig. Proc. 51, 8, 2191--2204. Google ScholarDigital Library
Tibshirani, R. and Hastie, T. 2007. Outlier sums for differential gene expression analysis. Biostatistics 8, 1, 2--8.Google ScholarCross Ref
Tomlins, S. A., Rhodes, D. R., Perner, S., Dhanasekaran, S. M., Mehra, R., Sun, X. W., Varambally, S., Cao, X., Tchinda, J., Kuefer, R., Lee, C., Montie, J. E., Shah, R., Pienta, K. J., Rubin, M., and Chinnaiyan, A. M. 2005. Recurrent fusion of tmprss2 and ets transcription factor genes in prostate cancer. Science 310, 5748, 603--611.Google Scholar
Torr, P. and Murray, D. 1993. Outlier detection and motion segmentation. In Proceedings of the SPIE. Sensor Fusion VI, S. Schenker, Ed. vol. 2059. 432--443.Google Scholar
Tsay, R. S., Pea, D., and Pankratz, A. E. 2000. Outliers in multi-variate time series. Biometrika 87, 4, 789--804.Google ScholarCross Ref
Vaidya, J. and Clifton, C. 2004. Privacy-preserving outlier detection. In Proceedings of the 4th IEEE International Conference on Data Mining. 233--240. Google ScholarDigital Library
Valdes, A. and Skinner, K. 2000. Adaptive, model-based monitoring for cyber attack detection. In Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection. Springer-Verlag, 80--92. Google ScholarDigital Library
Vapnik, V. N. 1995. The Nature of Statistical Learning Theory. Springer-Verlag. Google ScholarDigital Library
Vasconcelos, G., Fairhurst, M., and Bisset, D. 1994. Recognizing novelty in classification tasks. In Proceedings of the Neural Information Processing Systems Workshop on Novelty Detection and Adaptive Systems Monitoring.Google Scholar
Vasconcelos, G. C., Fairhurst, M. C., and Bisset, D. L. 1995. Investigating feed-forward neural networks with respect to the rejection of spurious patterns. Patt. Recog. Lett. 16, 2, 207--212. Google ScholarDigital Library
Vilalta, R. and Ma, S. 2002. Predicting rare events in temporal domains. In Proceedings of the IEEE International Conference on Data Mining. IEEE Computer Society, 474. Google ScholarDigital Library
Vinueza, A. and Grudic, G. 2004. Unsupervised outlier detection and semi-supervised learning. Tech. rep. CU-CS-976-04, University of Colorado at Boulder.Google Scholar
Wei, L., Qian, W., Zhou, A., and Jin, W. 2003. Hot: Hypergraph-based outlier test for categorical data. In Proceedings of the 7th Pacific-Asia Conference on Knowledge and Data Discovery. 399--410. Google ScholarDigital Library
Weigend, A. S., Mangeas, M., and Srivastava, A. N. 1995. Nonlinear gated experts for time-series: Discovering regimes and avoiding overfitting. Int. J. Neural Syst. 6, 4, 373--399.Google ScholarCross Ref
Weiss, G. M. and Hirsh, H. 1998. Learning to predict rare events in event sequences. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, R. Agrawal, P. Stolorz, and G. Piatetsky-Shapiro, Eds. AAAI Press, 359--363.Google Scholar
Whitehead, B. and Hoyt, W. 1993. A function approximation approach to anomaly detection in propulsion system test data. In Proceedings of the 29th AIAA/SAE/ASME/ASEE Joint Propulsion Conference. IEEE Computer Society.Google Scholar
Williams, G., Baxter, R., He, H., Hawkins, S., and Gu, L. 2002. A comparative study of RNN for outlier detection in data mining. In Proceedings of the IEEE International Conference on Data Mining. IEEE Computer Society, 709. Google ScholarDigital Library
Wong, W.-K., Moore, A., Cooper, G., and Wagner, M. 2002. Rule-based anomaly pattern detection for detecting disease outbreaks. In Proceedings of the 18th National Conference on Artificial Intelligence. MIT Press. http://www.cs.cmu.edu/~awm/antiterror. Google ScholarDigital Library
Wong, W.-K., Moore, A., Cooper, G., and Wagner, M. 2003. Bayesian network anomaly pattern detection for disease outbreaks. In Proceedings of the 20th International Conference on Machine Learning. AAAI Press, 808--815.Google Scholar
Worden, K. 1997. Structural fault detection using a novelty measure. J. Sound Vibr. 201, 1, 85--101.Google ScholarCross Ref
Wu, M. and Jermaine, C. 2006. Outlier detection by sampling with accuracy guarantees. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 767--772. Google ScholarDigital Library
Wu, N. and Zhang, J. 2003. Factor analysis based anomaly detection. In Proceedings of the IEEE Workshop on Information Assurance. United States Military Academy.Google Scholar
Yairi, T., Kato, Y., and Hori, K. 2001. Fault detection by mining association rules from housekeeping data. In Proceedings of the International Symposium on Artificial Intelligence, Robotics and Automation in Space.Google Scholar
Yamanishi, K. and ichi Takeuchi, J. 2001. Discovering outlier filtering rules from unlabeled data: Combining a supervised learner with an unsupervised learner. In Proceedings of the 7th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, 389--394. Google ScholarDigital Library
Yamanishi, K., Takeuchi, J.-I., Williams, G., and Milne, P. 2004. Online unsupervised outlier detection using finite mixtures with discounting learning algorithms. Data Min. Knowl. Disc. 8, 275--300. Google ScholarDigital Library
Ye, N. and Chen, Q. 2001. An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Quality Reliability Engin. Int. 17, 105--112.Google ScholarCross Ref
Yi, B.-K., Sidiropoulos, N., Johnson, T., Jagadish, H. V., Faloutsos, C., and Biliris, A. 2000. Online data mining for co-evolving time sequences. In Proceedings of the 16th International Conference on Data Engineering. IEEE Computer Society, 13. Google ScholarDigital Library
Ypma, A. and Duin, R. 1998. Novelty detection using self-organizing maps. In Progress in Connectionist Based Information Systems. vol. 2. Springer, 1322--1325.Google Scholar
Yu, D., Sheikholeslami, G., and Zhang, A. 2002. Findout: Finding outliers in very large datasets. Knowl. Inform. Syst. 4, 4, 387--412. Google ScholarDigital Library
Yu, J. X., Qian, W., Lu, H., and Zhou, A. 2006. Finding centric local outliers in categorical/numerical spaces. Knowl. Inform. Syst. 9, 3, 309--338.Google ScholarDigital Library
Zeevi, A. J., Meir, R., and Adler, R. 1997. Time series prediction using mixtures of experts. In Advances in Neural Information Processing. vol. 9. MIT Press.Google Scholar
Zhang, J. and Wang, H. 2006. Detecting outlying subspaces for high-dimensional data: The new task, algorithms, and performance. Knowl. Inform. Syst. 10, 3, 333--355. Google ScholarDigital Library
Zhang, K., Shi S., Gao, H., and Li, J. 2007. Unsupervised outlier detection in sensor networks using aggregation tree. In Advanced Data Mining and Applications 4632, 158--169. Google ScholarDigital Library
Zhang, Z., Li, J., Manikopoulos, C., Jorgenson, J., and Ucles, J. 2001. Hide: A hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proceedings of the IEEE Workshop on Information Assurance and Security. West Point, 85--90.Google Scholar
Zimmermann, J. and Mohay, G. 2006. Distributed intrusion detection in clusters based on non-interference. In Proceedings of the Australasian Workshops on Grid Computing and E-Research (ACSW Frontiers). Australian Computer Society, Inc., 89--95. Google ScholarDigital Library

Index Terms

Anomaly detection: A survey
1. Information systems
  1. Information systems applications
    1. Data mining

Recommendations

A Survey on Explainable Anomaly Detection
In the past two decades, most research on anomaly detection has focused on improving the accuracy of the detection, while largely ignoring the explainability of the corresponding methods and thus leaving the explanation of outcomes to practitioners. As ...
Read More
Explainable contextual anomaly detection using quantile regression forests
Abstract
Traditional anomaly detection methods aim to identify objects that deviate from most other objects by treating all features equally. In contrast, contextual anomaly detection methods aim to detect objects that deviate from other objects within a ...
Read More
Deep Learning for Anomaly Detection: A Review

Anomaly detection, a.k.a. outlier detection or novelty detection, has been a lasting yet active research area in various research communities for several decades. There are still some unique problem complexities and challenges that require advanced ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

ACM Computing Surveys Volume 41, Issue 3
July 2009
284 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/1541880
Issue’s Table of Contents

Copyright © 2009 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 July 2009
- Accepted: 1 May 2008
- Revised: 1 March 2008
- Received: 1 November 2007
Published in csur Volume 41, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Anomaly detection
outlier detection
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7,161
  Total Citations
  View Citations
- 67,999
  Total Downloads
- Downloads (Last 12 months)5,560
- Downloads (Last 6 weeks)739
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Anomaly detection: A survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

A Survey on Explainable Anomaly Detection

Explainable contextual anomaly detection using quantile regression forests

Deep Learning for Anomaly Detection: A Review

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Anomaly detection: A survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

A Survey on Explainable Anomaly Detection

Explainable contextual anomaly detection using quantile regression forests

Deep Learning for Anomaly Detection: A Review

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media