Detection of Anomaly using Machine Learning: A Comprehensive Survey (original) (raw)

Machine Learning for Anomaly Detection: A Systematic Review

IEEE Access

Anomaly detection has been used for decades to identify and extract anomalous components from data. Many techniques have been used to detect anomalies. One of the increasingly significant techniques is Machine Learning (ML), which plays an important role in this area. In this research paper, we conduct a Systematic Literature Review (SLR) which analyzes ML models that detect anomalies in their application. Our review analyzes the models from four perspectives; the applications of anomaly detection, ML techniques, performance metrics for ML models, and the classification of anomaly detection. In our review, we have identified 290 research articles, written from 2000-2020, that discuss ML techniques for anomaly detection. After analyzing the selected research articles, we present 43 different applications of anomaly detection found in the selected research articles. Moreover, we identify 29 distinct ML models used in the identification of anomalies. Finally, we present 22 different datasets that are applied in experiments on anomaly detection, as well as many other general datasets. In addition, we observe that unsupervised anomaly detection has been adopted by researchers more than other classification anomaly detection systems. Detection of anomalies using ML models is a promising area of research, and there are a lot of ML models that have been implemented by researchers. Therefore, we provide researchers with recommendations and guidelines based on this review. INDEX TERMS Anomaly detection, machine learning, security and privacy protection.

Machine Learning in Network Anomaly Detection: A Survey

IEEE Access, 2021

Anomalies could be the threats to the network that has ever/never happened. To detect and protect networks against malicious access is always challenging even though it has been studied for a long time. Due to the evolution of network in both new technologies and fast growth of connected devices, network attacks are getting versatile as well. Comparing to the traditional detection approaches, machine learning is a novel and flexible method to detect intrusions in the network, it is applicable to any network structure. In this paper, we introduce the challenges of anomaly detection in the traditional network, as well as the next generation network, and review the implementation of machine learning in anomaly detection under different network contexts. The procedure of each machine learning type is explained, as well as the methodology and advantages presented. The comparison of using different machine learning models is also summarised. INDEX TERMS Machine learning, anomaly detection, network security, software defined network, Internet of Things, cloud network.

Machine Learning Applications for Anomaly Detection

Computational Intelligence in the Internet of Things, 2019

The aim of this chapter is to describe and analyze the application of machine learning for anomaly detection. The study regarding the anomaly detection is a very important thing. The various phenomena often occur related to the anomaly study, such as the occurrence of an extreme climate change, the intrusion detection for the network security, the fraud detection for e-banking, the diagnosis for engines fault, the spacecraft anomaly detection, the vessel track, and the airline safety. This chapter is an attempt to provide a structured and a broad overview of extensive research on anomaly detection techniques spanning multiple research areas and application domains. Quantitative analysis meta-approach is used to see the development of the research concerned with those matters. The learning is done on the method side, the techniques utilized, the application development, the technology utilized, and the research trend, which is developed.

Recent Progress of Anomaly Detection

Complexity

Anomaly analysis is of great interest to diverse fields, including data mining and machine learning, and plays a critical role in a wide range of applications, such as medical health, credit card fraud, and intrusion detection. Recently, a significant number of anomaly detection methods with a variety of types have been witnessed. This paper intends to provide a comprehensive overview of the existing work on anomaly detection, especially for the data with high dimensionalities and mixed types, where identifying anomalous patterns or behaviours is a nontrivial work. Specifically, we first present recent advances in anomaly detection, discussing the pros and cons of the detection methods. Then we conduct extensive experiments on public datasets to evaluate several typical and popular anomaly detection methods. The purpose of this paper is to offer a better understanding of the state-of-the-art techniques of anomaly detection for practitioners. Finally, we conclude by providing some di...

Anomaly Detection Using Machine Learning

International Journal of Advance Research, Ideas and Innovations in Technology, 2018

In this day and age of plethora of information, the importance of information security cannot be emphasized enough. Any threat to confidentiality, integrity or availability of information must be taken seriously. Ignoring such threats can have serious consequences, like misappropriation, modification or encryption of data. Vulnerabilities in information security are a tempting target for malwares. Malwares are malicious scripts or software, including computer viruses, worms, Trojan-horses, ransomware, spyware, adware, etc. The traditional way of detecting an advanced malware or threat compromise uses a signature based antivirus. This approach, however, is not foolproof and can be bypassed. The signature based approach relies on a known list of signatures. The list of signatures is not perfect and also does not contain previously unseen malware signatures. The proposed system uses operational intelligence tools and machine learning to monitor usual user behavior. This is done by collecting system activities like event logs, sysinternal, etc. Once the system learns normal behavior patterns, it can detect anomalies that may be caused by malware. Thus, unlike signature based approach, the proposed system can detect previously unseen malwares as well.

Enhancing Cybersecurity through Machine Learning: An Exploration of Anomaly Detection

International Journal of Computer Science and Mobile Computing (IJCSMC), 2024

In the contemporary digital environment, cybersecurity is one of the most crucial areas to take care of. The rising sophistication of cyber threats poses a severe risk to individuals and businesses. Below is the research work of elaboration on the application of machine learning techniques in the improved anomaly detection for cybersecurity. The study will detect and attempt to mitigate more anomalous activities indicating possible cyber threats using Machine Learning algorithms. More concretely, this study consists of a thorough literature review of existing works on cybersecurity and machine learning, delves into a variety of algorithms for anomaly detection, and evaluates their empirical performance.

Detecting the abnormal: Machine learning in computer security

1997

Abstract TINOpr oblems of importance in computer security are to I) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. In this paper we present a machine learning approach to anomaly detection, desigined to handle these two problems. Our system learns a user profile for each user account and subsequently employs it to detect anomalous behavior in that account.

A Review of Machine Learning based Anomaly Detection Techniques

Intrusion detection is so much popular since the last two decades where intrusion is attempted to break into or misuse the system. It is mainly of two types based on the intrusions, first is Misuse or signature based detection and the other is Anomaly detection. In this paper Machine learning based methods which are one of the types of Anomaly detection techniques is discussed.

Experimental Study of Machine Learning Methods in Anomaly Detection

Informasiya texnologiyaları problemləri, 2022

Recently, the widespread usage of computer networks has led to the increase of network threats and attacks. Existing security systems and devices are insufficient in the detection of intruders' attacks on network infrastructure, and they considered to be outdated for storing and analyzing large network traffic data in terms of size, speed, and diversity. Detection of anomalies in network traffic data is one of the most important issues in providing network security. In the paper, we investigate the possibility of using machine learning algorithms in the detection of anomalies-DoS attacks in computer network traffic data on the WEKA software platform. Ensemble model consisting of several unsupervised classification algorithms has been proposed to increase the efficiency of classification algorithms. The effectiveness of the proposed model was studied using the NSL-KDD database. The proposed approach showed a higher accuracy in the detection of anomalies compared to the results shown by the classification algorithms separately.