Journal Articles

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/19884

Browse

Subject: search.filters.subject.Anomaly detection

Search Results

Now showing 1 - 9 of 9
  • No Thumbnail Available
    Item
    Mining social networks for anomalies: Methods and challenges
    (Academic Press, 2016) Bindu, P.V.; Santhi Thilagam, P.S.
    Online social networks have received a dramatic increase of interest in the last decade due to the growth of Internet and Web 2.0. They are among the most popular sites on the Internet that are being used in almost all areas of life including education, medical, entertainment, business, and telemarketing. Unfortunately, they have become primary targets for malicious users who attempt to perform illegal activities and cause harm to other users. The unusual behavior of such users can be identified by using anomaly detection techniques. Anomaly detection in social networks refers to the problem of identifying the strange and unexpected behavior of users by exploring the patterns hidden in the networks, as the patterns of interaction of such users deviate significantly from the normal users of the networks. Even though a multitude of anomaly detection methods have been developed for different problem settings, this field is still relatively young and rapidly growing. Hence, there is a growing need for an organized study of the work done in the area of anomaly detection in social networks. In this paper, we provide a comprehensive review of a large set of methods for mining social networks for anomalies by providing a multi-level taxonomy to categorize the existing techniques based on the nature of input network, the type of anomalies they detect, and the underlying anomaly detection approach. In addition, this paper highlights the various application scenarios where these methods have been used, and explores the research challenges and open issues in this field. © 2016 Elsevier Ltd. All rights reserved.
  • No Thumbnail Available
    Item
    Discovering suspicious behavior in multilayer social networks
    (Elsevier Ltd, 2017) Bindu, P.V.; Santhi Thilagam, P.S.; Ahuja, D.
    Discovering suspicious and illicit behavior in social networks is a significant problem in social network analysis. The patterns of interactions of suspicious users are quite different from their peers and can be identified by using anomaly detection techniques. The existing anomaly detection techniques on social networks focus on networks with only one type of interaction among the users. However, human interactions are inherently multiplex in nature with multiple types of relationships existing among the users, leading to the formation of multilayer social networks. In this paper, we investigate the problem of anomaly detection on multilayer social networks by combining the rich information available in multiple network layers. We propose a pioneer approach namely ADOMS (Anomaly Detection On Multilayer Social networks), an unsupervised, parameter-free, and network feature-based methodology, that automatically detects anomalous users in a multilayer social network and rank them according to their anomalousness. We consider the two well-known anomalous patterns of clique/near-clique and star/near-star anomalies in social networks, and users are ranked according to the degree of similarity of their neighborhoods in different layers to stars or cliques. Experimental results on several real-world multilayer network datasets demonstrate that our approach can effectively detect anomalous nodes in multilayer social networks. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    Dynamic video anomaly detection and localization using sparse denoising autoencoders
    (Springer New York LLC barbara.b.bertram@gsk.com, 2018) Narasimhan, M.G.; Kamath S?, S.
    The emergence of novel techniques for automatic anomaly detection in surveillance videos has significantly reduced the burden of manual processing of large, continuous video streams. However, existing anomaly detection systems suffer from a high false-positive rate and also, are not real-time, which makes them practically redundant. Furthermore, their predefined feature selection techniques limit their application to specific cases. To overcome these shortcomings, a dynamic anomaly detection and localization system is proposed, which uses deep learning to automatically learn relevant features. In this technique, each video is represented as a group of cubic patches for identifying local and global anomalies. A unique sparse denoising autoencoder architecture is used, that significantly reduced the computation time and the number of false positives in frame-level anomaly detection by more than 2.5%. Experimental analysis on two benchmark data sets - UMN dataset and UCSD Pedestrian dataset, show that our algorithm outperforms the state-of-the-art models in terms of false positive rate, while also showing a significant reduction in computation time. © 2017, Springer Science+Business Media, LLC.
  • No Thumbnail Available
    Item
    Discovering spammer communities in twitter
    (Springer New York LLC barbara.b.bertram@gsk.com, 2018) Bindu, P.V.; Mishra, R.; Santhi Thilagam, P.S.
    Online social networks have become immensely popular in recent years and have become the major sources for tracking the reverberation of events and news throughout the world. However, the diversity and popularity of online social networks attract malicious users to inject new forms of spam. Spamming is a malicious activity where a fake user spreads unsolicited messages in the form of bulk message, fraudulent review, malware/virus, hate speech, profanity, or advertising for marketing scam. In addition, it is found that spammers usually form a connected community of spam accounts and use them to spread spam to a large set of legitimate users. Consequently, it is highly desirable to detect such spammer communities existing in social networks. Even though a significant amount of work has been done in the field of detecting spam messages and accounts, not much research has been done in detecting spammer communities and hidden spam accounts. In this work, an unsupervised approach called SpamCom is proposed for detecting spammer communities in Twitter. We model the Twitter network as a multilayer social network and exploit the existence of overlapping community-based features of users represented in the form of Hypergraphs to identify spammers based on their structural behavior and URL characteristics. The use of community-based features, graph and URL characteristics of user accounts, and content similarity among users make our technique very robust and efficient. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
  • No Thumbnail Available
    Item
    An improved sliding window prediction-based outlier detection and correction for volatile time-series
    (John Wiley and Sons Ltd, 2021) Ranjan, K.G.; Tripathy, D.S.; Prusty, B.R.; Jena, D.
    Steady-state forecasting is indispensable for power system planning and operation. A forecasting model for inputs considering their historical record is a preliminary step for such type of studies. Since the historical data quality is decisive in edifice an accurate forecasting model, data preprocessing is essential. Primarily, the quality of raw data is affected by the presence of outliers, and preprocessing refers to outlier detection and correction. In this paper, an effort is made to improve the existing sliding window prediction-based preprocessing method. The recommended reforms are the calculation of appropriate window width and a new outlier correction approach. The proposed method denoted as improved sliding window prediction-based preprocessing is applied to the historical data of PV generation, load power, and the ambient temperature of different time-steps collected from various places in the United States and India. Firstly, the method's efficacy through detailed result analysis demonstrating the proposed preprocessing as a better way than its precursor and k-nearest neighbor approach is presented. Later, the improved out-of-sample forecasting accuracy canonizes the proposed method’s concert compared to both the above techniques and the case without preprocessing. © 2020 John Wiley & Sons Ltd
  • No Thumbnail Available
    Item
    Modelling Behavioural Dynamics for Asymmetric Application Layer DDoS Detection
    (Institute of Electrical and Electronics Engineers Inc., 2021) Praseed, A.; Santhi Thilagam, P.S.
    Asymmetric application layer DDoS attacks using computationally intensive HTTP requests are an extremely dangerous class of attacks capable of taking down web servers with relatively few attacking connections. These attacks consume limited network bandwidth and are similar to legitimate traffic, which makes their detection difficult. Existing detection mechanisms for these attacks use indirect representations of actual user behaviour and complex modelling techniques, which leads to a higher false positive rate (FPR) and longer detection time, which makes them unsuitable for real time use. There is a need for simple, efficient and adaptable detection mechanisms for asymmetric DDoS attacks. In this work, an attempt is made to model the actual behavioural dynamics of legitimate users using a simple annotated Probabilistic Timed Automata (PTA) along with a suspicion scoring mechanism for differentiating between legitimate and malicious users. This allows the detection mechanism to be extremely fast and have a low FPR. In addition, the model can incrementally learn from run-time traces, which makes it adaptable and reduces the FPR further. Experiments on public datasets reveal that our proposed approach has a high detection rate and low FPR and adds negligible overhead to the web server, which makes it ideal for real time use. © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
  • No Thumbnail Available
    Item
    HTTP request pattern based signatures for early application layer DDoS detection: A firewall agnostic approach
    (Elsevier Ltd, 2022) Praseed, A.; Santhi Thilagam, P.S.
    Application Layer DDoS (AL-DDoS) attacks are an extremely dangerous variety of DDoS attacks that started becoming popular recently. They are executed using very few legitimate requests, making them very difficult to detect. Since they are executed using attack generation tools and botnets, AL-DDoS attacks display similarity within a request stream (temporal similarity) and across request streams (spatial similarity). Once a particular request stream has been detected as malicious by an anomaly detection mechanism (ADM), spatial similarity can help in detecting AL-DDoS attacks much earlier by employing a dynamic signature based approach. In this work, we use HTTP request patterns as signatures to build a firewall agnostic Early Detection Module (EDM) for AL-DDoS attacks. We also propose the use of Sample Entropy instead of the popular Shannon's Entropy to identify AL-DDoS attacks. Sample Entropy is able to model both the frequencies and sequence of data items within a request stream, and is a better indicator of temporal similarity than Shannon's Entropy. In this work, we demonstrate that Sample Entropy can be used effectively to detect AL-DDoS attacks. With a Sample Entropy based anomaly detection mechanism, we demonstrate that the use of EDM significantly reduces the detection latency for AL-DDoS attacks. © 2022 Elsevier Ltd
  • No Thumbnail Available
    Item
    Enhancing Anomaly Detection in Critical Systems Using Household Appliance Power Consumption Data
    (Institute of Electrical and Electronics Engineers Inc., 2024) Nayak, R.; Jaidhar, C.D.
    It is crucial to detect anomalous use of electrical power in critical systems to prevent malfunctions or hazards, ensure operational security, and optimize the energy economy. Since anomalies in critical systems can serve as early warning systems for potential issues or threats that could lead to severe failures, it becomes strategically crucial to discover them as soon as possible. This study proposes and suggests a novel technique for anomaly identification in industrial critical systems using a household appliance's electrical power consumption dataset in the absence of a dedicated critical system or industrial equipment dataset. The study looks at the ability of a deep learning (DL) model trained on household data to identify anomalous patterns in large-scale industrial equipment's power use. Convolutional neural network (CNN) is used in this work to analyze anomalous electrical power use based on micro-moments. In this work, an appliance-level dataset is employed for experimentation. 10 × 10 appliance-wise grayscale images are generated from numeric dataset with and without the instance-wise N-gram approach. The effectiveness of the proposed approach is evaluated and compared it with other ML and DL models used earlier. The experimental findings showed that the proposed approach worked better than other models. Compared to images created without the instance-wise N-gram approach, the performance of the proposed approach with images created with N-gram is superior. © 2001-2012 IEEE.
  • No Thumbnail Available
    Item
    Anomalous Electrical Power Consumption Detection in Household Appliances via Micro-Moment Classification
    (Institute of Electrical and Electronics Engineers Inc., 2025) Nayak, R.; Jaidhar, C.D.
    The detection of anomalous power consumption is critical for improving energy efficiency, particularly with the increasing demand in buildings. This study explores Convolutional Neural Network-based models by transforming 1-dimensional micro-moment labeled data into 2-dimensional matrices to capture both temporal and spatial consumption patterns. Three architectural variants are investigated: a conventional Deep Convolutional Neural Network (DCNN), a Depthwise Separable Convolutional Neural Network (DS-CNN), and a Depthwise Separable Residual Convolutional Neural Network (DSR-CNN). Unlike earlier studies, this work incorporates hyperparameter tuning, statistical validation, and cross-validation, resulting in the evaluation of over 450 model configurations. The results indicate that while the DCNN consistently achieves the highest accuracy, the DS-CNN achieves comparable performance with significantly reduced parameters and computational cost, making it suitable for real-time and resource-constrained environments. Model complexity analysis and statistical tests confirm the robustness of the findings. Finally, a systematic model selection strategy is presented, identifying the DS-CNN as the most balanced solution for effective and efficient anomaly detection in smart grid applications. © 2020 IEEE.