During the past decade, many anomaly detection approaches have been introduced in different fields such as network monitoring, fraud detection, and intrusion detection. However, they require understanding of data pattern and often need a long off-line period to build a model or network for the target data. Providing real-time and proactive anomaly detection for streaming time series without human intervention and domain knowledge is highly valuable since it greatly reduces human effort and enables appropriate countermeasures to be undertaken before a disastrous damage, failure, or other harmful event occurs. However, this issue has not been well studied yet. To address it, this paper proposes RePAD, which is a Real-time Proactive Anomaly Detection algorithm for streaming time series based on Long Short-Term Memory (LSTM). RePAD utilizes short-term historic data points to predict and determine whether or not the upcoming data point is a sign that an anomaly is likely to happen in the near future. By dynamically adjusting the detection threshold over time, RePAD is able to tolerate minor pattern change in time series and detect anomalies either proactively or on time. Experiments based on two time series datasets collected from the Numenta Anomaly Benchmark demonstrate that RePAD is able to proactively detect anomalies and provide early warnings in real time without human intervention and domain knowledge.
翻译:过去十年来,在网络监测、欺诈探测和入侵探测等不同领域采用了许多异常现象探测方法,但在网络监测、欺诈探测和入侵探测等不同领域采用了许多异常现象探测方法,然而,这些方法需要了解数据模式,往往需要较长的离线期才能为目标数据建立模型或网络;在没有人类干预和领域知识的情况下,为流时间序列提供实时和主动异常探测非常宝贵,因为它大大减少了人类的努力,能够在灾难性损害、故障或其他有害事件发生之前采取适当的应对措施;然而,这一问题尚未得到很好研究。为解决这一问题,本文件提议了RePAD,这是基于长期短期内存(LSTM)流时间序列的实时主动异常探测算法。 RePAD利用短期历史数据点预测和确定即将出现的数据点是否表明近期内有可能发生异常现象。通过动态调整探测阈值的临界值,可以容忍时间序列中的微小模式变化,并且可以主动或时间地探测异常现象。根据从Numenta Anoma 长期记忆中收集的两个时间序列数据集进行实验,从而在不主动性地测量人类的域中能够主动性地测量状态。