Real-time anomaly detection based on long short-Term memory and Gaussian Mixture Model

Abstract Anomaly detection is a long-standing problem in system designation. High-quality anomaly detection can benefit plenty of applications (e.g. system monitoring, disaster precaution and intrusion detection). Most of the existing anomalies detection algorithms are less competent for both effectiveness and real-time capability requirements simultaneously. Therefore, in this paper, the LGMAD, a real-time anomaly detection algorithm based on Long-Short Term Memory (LSTM) and Gaussian Mixture Model (GMM)is proposed. Specifically, we evaluate the real-time anomalies of each univariate sensing time-series via LSTM model, and then a Gaussian Mixture Model is adopted to give a multidimensional joint detection of possible anomalies. Both NAB dataset and self-made dataset are employed to verify our approach. Extensive experiments are conducted to demonstrate the superiority of LGMAD compared to existing anomaly detection algorithms.

[1]  Wojciech Zaremba,et al.  An Empirical Exploration of Recurrent Network Architectures , 2015, ICML.

[2]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.

[3]  Krushna S.Telangre,et al.  Anomaly Detection using multidimensional reduction Principal Component Analysis , 2014 .

[4]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[5]  Donald L. Simon,et al.  A Model-Based Anomaly Detection Approach for Analyzing Streaming Aircraft Engine Measurement Data , 2014 .

[6]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[7]  Evangelos Spiliotis,et al.  Statistical and Machine Learning forecasting methods: Concerns and ways forward , 2018, PloS one.

[8]  Lance Sherry,et al.  Anomaly detection in aircraft data using Recurrent Neural Networks (RNN) , 2016, 2016 Integrated Communications Navigation and Surveillance (ICNS).

[9]  Pavel Filonov,et al.  Multivariate Industrial Time Series with Cyber-Attack Simulation: Fault Detection Using an LSTM-based Predictive Data Model , 2016, ArXiv.

[10]  Subutai Ahmad,et al.  Real-Time Anomaly Detection for Streaming Analytics , 2016, ArXiv.

[11]  Daniel Nikovski,et al.  Exemplar learning for extremely efficient anomaly detection in real-valued time series , 2015, Data Mining and Knowledge Discovery.

[12]  Yuanyuan Chen Design and Implementation of Network Resource Management and Configuration System based on Container Cloud Platform , 2017 .

[13]  Lovekesh Vig,et al.  Anomaly detection in ECG time signals via deep long short-term memory networks , 2015, 2015 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[14]  Subutai Ahmad,et al.  Evaluating Real-Time Anomaly Detection Algorithms -- The Numenta Anomaly Benchmark , 2015, 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA).

[15]  Majid Vafaei Jahan,et al.  A density based clustering approach to distinguish between web robot and human requests to a web server , 2014, ISC Int. J. Inf. Secur..

[16]  Ana Bianco,et al.  Outlier Detection in Regression Models with ARIMA Errors Using Robust Estimates , 2001 .

[17]  Tony J. Dodd,et al.  Self-organized aggregation without computation , 2014, Int. J. Robotics Res..

[18]  Javad Hamidzadeh,et al.  Automatic support vector data description , 2016, Soft Computing.

[19]  Yijie Wang,et al.  A C-SVM Based Anomaly Detection Method for Multi-Dimensional Sequence over Data Stream , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).