CN110071913A - A kind of time series method for detecting abnormality based on unsupervised learning - Google Patents

A kind of time series method for detecting abnormality based on unsupervised learning Download PDF

Info

Publication number
CN110071913A
CN110071913A CN201910234623.8A CN201910234623A CN110071913A CN 110071913 A CN110071913 A CN 110071913A CN 201910234623 A CN201910234623 A CN 201910234623A CN 110071913 A CN110071913 A CN 110071913A
Authority
CN
China
Prior art keywords
time series
data
unsupervised learning
cutting
detecting abnormality
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910234623.8A
Other languages
Chinese (zh)
Other versions
CN110071913B (en
Inventor
杨恺
刘音希
窦绍瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN201910234623.8A priority Critical patent/CN110071913B/en
Publication of CN110071913A publication Critical patent/CN110071913A/en
Application granted granted Critical
Publication of CN110071913B publication Critical patent/CN110071913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computing Systems (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Molecular Biology (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The present invention relates to a kind of time series method for detecting abnormality based on unsupervised learning, comprising: time series data is subjected to cutting in the position of its significant changes, and setting length is padded to the data segment after each cutting;Multiple data segments training one using the time series cutting under normal condition and after filling up is used for the neural network of abnormality detection;Multiple data segments by time series cutting to be detected and after filling up are detected as the input of abnormality detection model, and output abnormality score;Judge whether abnormal score is more than threshold value, if it has, then judgement is abnormal, conversely, then judging no exceptions.Compared with prior art, the present invention has the advantages that not depend on that markd abnormal data, not lose data information, performance excellent etc..

Description

A kind of time series method for detecting abnormality based on unsupervised learning
Technical field
The present invention relates to a kind of method for detecting abnormality, abnormal more particularly, to a kind of time series based on unsupervised learning Detection method.
Background technique
Abnormality detection (Anomaly Detection) is the abnormal means in a kind of detection data, and wherein "abnormal" is Referring to the mode for not meeting normal behaviour, such as in network traffic analysis field, normal mode refers to normal network access behavior, Abnormal patterns refer to the behavior of hacker.Abnormality detection is applied to many fields, such as medical treatment & health field, network security Field, financial security field, system maintenance field etc..
Time series (Time Series) refers to that a series of shaped like<timestamp, data>form data, time series are normal It is usually used in the data such as Microprocessor System for Real Time Record operating status, healthy data, passes through analysis time sequence data, it can be determined that be System state in which, and analysis system behavior, the auxiliary mankind carry out decision.In real life, many systems all use the time Sequence data records system running state, such as web station system amount of access, server CPU operating status.In addition, being led in medical treatment & health Domain, ECG data, disease development and change data etc. are all suitable for time series also to indicate.
Exception in time series often can reflect out the exception of system, such as in web station system, database blockage Or deadlock can be reflected in the monitoring data of database, in ECG data, exception also can be anti-caused by heart disease It reflects in ECG data.Therefore, facilitate people for the abnormality detection of time series data to note abnormalities as early as possible, and take Adequate measure avoids exception.
Currently, abnormality detection has been broadly divided into measure of supervision and two kinds of unsupervised approaches, wherein there is the method needs of supervision The a large amount of data with abnormal marking carry out model training, however abnormal often accidental, so in real life very Seldom arrive a large amount of abnormal data.Therefore, it is contemplated that realizing abnormality detection using unsupervised method.
Summary of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind to be based on unsupervised The time series method for detecting abnormality of habit.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of time series method for detecting abnormality based on unsupervised learning, comprising:
Time series data is subjected to cutting in the position of its significant changes, and the data segment after each cutting is filled up To setting length;
Multiple data segments after using the time series cutting under normal condition and filling up train abnormality detection as input Model;
It is carried out multiple data segments by time series cutting to be detected and after filling up as the input of abnormality detection model Detection, and output abnormality score;
Judge whether abnormal score is more than threshold value, if it has, then judgement is abnormal, conversely, then judging no exceptions.
It is described that time series data is subjected to cutting in the position of its significant changes, it specifically includes:
All extreme points of seeking time sequence data;
Then using the biggish extreme point position of absolute value as cut-off, cutting time series is multiple data segments, wherein The data extreme point absolute value threshold value that cut-off is set manually determines.
The abnormality detection model includes data compressor and gauss hybrid models estimator, and the data compressor uses The LSTM network structure of multi-to-multi, the gauss hybrid models estimator use multilayer perceptron structure.
The compression process of the data compressor includes:
Data segment is subjected to compression reconstruction;
Calculate the relative distance and COS distance of compression front and back;
The output of relative distance, COS distance and the network concealed layer unit of LSTM is synthesized gauss hybrid models to estimate The input quantity of gauge.
The mathematic(al) representation of the relative distance are as follows:
Wherein: r is relative distance, and L is the length to the time series for including, x in data segmentiTo include in data segment Element in time series, x ' are the element in the time series obtained after recombinating.
The mathematic(al) representation of the COS distance are as follows:
Wherein: c is COS distance, | | | | it is norm, xiFor include in data segment time series in element, x ' is The element in time series obtained after recombination.
The training process of the gauss hybrid models estimator includes:
It receiving the output of data compressor and is mapped as K dimensional vector, wherein K is the number of Gaussian Profile in model,
Each element based on K dimensional vector obtains mixing probability, mean value and the covariance of each Gaussian Profile;
The detection process of the gauss hybrid models includes:
It receives the output of data compressor and abnormal score is calculated.
The mathematic(al) representation of the exception score are as follows:
Wherein: Score (z) is abnormal score,For the mixing probability of k-th of Gaussian Profile,For k-th of Gauss point The covariance of cloth, z are the output of data compressor,For the mean value of k-th of Gaussian Profile,ForInverse matrix.
The mixing probability of k-th of Gaussian Profile are as follows:
The mean value of k-th of Gaussian Profile are as follows:
The covariance of k-th of Gaussian Profile are as follows:
Wherein: N is the sum of training sample,For the kth dimension data of i-th of training sample, ziFor i-th of trained sample This.
The data compressor is trained with gauss hybrid models estimator using mode end to end, trained target Function is as follows:
Wherein: J is objective function, λ1、λ2For the parameter manually set, xiFor the time series that i-th of data segment includes, X ' is the time series after the time series abundance for including by i-th of data segment,For penalty term.
Compared with prior art, the invention has the following advantages:
1) before model training and abnormality detection, time series data is subjected to cutting in the position of its significant changes, Sequence data after cutting is for carrying out model training.Conventional method for detecting abnormality is slided using the time window of regular length Access time piece, the sequence data after leading to segmentation generate a large amount of redundancy, are unfavorable for the feature learning of neural network, separately On the one hand, there are fixed meaning, Wu Fashi using the data that the time series of regular length can not be unfavorable in characterization time window Referring now to the comparison of the time series with similar physical meaning.
2) method based on density estimation is used, the training sample after segmentation is considered as sampling and is distributed from unknown Gaussian Mixture Sample only account for whole data in conventional method and using the gauss hybrid models of neural network estimation unknown distribution Probability distribution, and do not consider every section of data different feature distribution.
3) data after the training stage, cutting are admitted in the Recognition with Recurrent Neural Network of a multi-to-multi, for rebuilding instruction Practice sample, the relative distance between the output of the last one step-length of neural network hidden layer, reconstruction sequence and original series with it is remaining Chordal distance is sent into simultaneously in a neural network for estimating gauss hybrid models parameter, and conventional method is used only to rebuild and miss Estimation foundation of the difference as gauss hybrid models.
Detailed description of the invention
Fig. 1 is key step flow diagram of the present invention;
Fig. 2 is model training flow chart;
Fig. 3 is Artificial Neural Network Structures schematic diagram used in the present invention;
Fig. 4 is predicting abnormality flow chart;
Fig. 5 is the performance of the method for the present invention and the performance comparison schematic diagram of existing method.
Specific embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention Premised on implemented, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to Following embodiments.
A kind of time series method for detecting abnormality based on unsupervised learning, mainly include two steps: model training with Abnormality detection, as shown in Figure 1, comprising:
Time series data is subjected to cutting in the position of its significant changes, and the data segment after each cutting is filled up To setting length;To realize requirements above, the flow chart of model training step of the present invention is as shown in Figure 2.Wherein data prediction Including two steps:
Data cutting: seeking all extreme points of sequence first, then using the biggish extreme point position of absolute value as cutting Point, cutting time series are multiple data segments, wherein the data extreme point absolute value threshold value that cut-off is set manually determines.
Data filling: the input length that the multiple sequences segmented are padded to abnormality detection model using 0.
Cutting and multiple data segments after filling up are respectively as independent sample for training subsequent model.
Multiple data segments training one using the time series cutting under normal condition and after filling up is used for abnormality detection Neural network;
It is carried out multiple data segments by time series cutting to be detected and after filling up as the input of abnormality detection model Detection, and output abnormality score;
Judge whether abnormal score is more than threshold value, if it has, then judgement is abnormal, conversely, then judging no exceptions.
As shown in figure 3, abnormality detection model includes data compressor and gauss hybrid models estimator, data compressor is adopted With the LSTM network structure of multi-to-multi.
Time step used in model structure is greater than all possible feeding sample lengths in data compressor.It is defeated Enter the timed sample sequence in LSTM model and is denoted as x=[x1,x2,…,xL], the time series after LSTM network reconnection is denoted as x ' =[x '1,x′2,…,x′L], wherein L is the length of time series, then the loss function of the training of LSTM network is as follows:
Wherein xiFor i-th of element in a timed sample sequence, x 'iFor i-th yuan rebuild in timed sample sequence Element, L are the length of time series.
Its compression process includes:
Data segment is subjected to compression reconstruction;
Calculate the relative distance and COS distance of compression front and back;
The output of relative distance, COS distance and the network concealed layer unit of LSTM is synthesized gauss hybrid models to estimate The input quantity of gauge.
The mathematic(al) representation of relative distance are as follows:
Wherein: r is relative distance, and L is the length to the time series for including, x in data segmentiTo include in data segment Element in time series, x ' are the element in the time series obtained after recombinating.
The mathematic(al) representation of COS distance are as follows:
Wherein: c is COS distance, | | | | it is norm, xiFor include in data segment time series in element, x ' is The element in time series obtained after recombination.
Gauss hybrid models estimator uses multilayer perceptron structure (Multilayer perceptions, MLP).It is given Gaussian Profile number K used in gauss hybrid models, gauss hybrid models estimator is for estimating the three of this K Gaussian Profile A parameter, respectively mixing probability Φ, mean μ, covariance Σ.
Parameter estimation procedure is as follows:
(1) input sample is mapped as K dimensional vector using multilayer neural network first, to determine for estimating each Gauss The used data of distribution.Mapping process are as follows:
P=MLN (z;θ)
Wherein z is the data being input in gauss hybrid models estimator, and MLN () is multilayer neural network, parameter It is softmax function for θ, softmax (),For for estimating the sample of gauss hybrid models parameter.
(2) parameter of gauss hybrid models: mixing probability Φ, mean μ, the estimation formulas of covariance Σ are as follows:
WhereinWithThe mixing probability of respectively k-th Gaussian Profile, mean value, covariance,It is instructed for i-th Practice the kth dimension data of sample, ziFor i-th of training sample, N is the sum of training sample.
The formula of the abnormal score of gauss hybrid models estimator output is as follows:
Wherein z is to be input to the data estimated in gauss hybrid models estimator, and K is given gaussian distribution number,WithThe mixing probability of respectively k-th Gaussian Profile, mean value, covariance.
Data compressor is trained with gauss hybrid models estimator using mode end to end, trained objective function It is as follows:
Wherein: J is objective function, λ1、λ2For the parameter manually set, xiFor the time series that i-th of data segment includes, X ' is the time series after the time series abundance for including by i-th of data segment,For penalty term, formula is as follows:
Wherein: d is the dimension for the sample z being input in gauss hybrid models estimator, and K is given Gaussian Profile number Mesh.
The method for determining the data segment for abnormality detection is as follows, and each data segment training after calculating cutting is generated The variance of Gaussian Profile selects the data segment that can produce minimum variance to be sent into the number of abnormality detection model as the abnormality detection stage According to.
The flow chart of anomalies detecting step is as shown in figure 4, wherein data prediction includes two steps:
(1) data cutting: seeking all extreme points of sequence first, and then the position of the extreme point of maximum absolute value is used as and cuts Branch.
(2) data filling: the input length that the multiple sequences segmented are padded to abnormality detection model using 0.
(3) data segment for abnormality detection that model training stage determines is picked out.
Neural network model is the abnormality detection model trained in model training step, and τ is exception given by man Score classification thresholds.
The above method has carried out Performance Evaluation on Two-lead ECG data collection, and using AUC, ROC as the property measured The index of energy, method AUC proposed by the invention are that 0.8396573, Fig. 5 lists method performance proposed by the invention and other Correlation data of the method performance on same data set, wherein Seq2Cluster is the method that is proposed.It can be seen that this hair Bright proposed method is better than all existing similar unsupervised anomaly detection methods, it may be said that the inspection of exception described in bright this patent Survey method has advance.

Claims (10)

1. a kind of time series method for detecting abnormality based on unsupervised learning characterized by comprising
Time series data is subjected to cutting in the position of its significant changes, and the data segment after each cutting is padded to and is set Measured length;
Multiple data segments after using the time series cutting under normal condition and filling up train abnormality detection model as input;
Multiple data segments by time series cutting to be detected and after filling up are detected as the input of abnormality detection model, And output abnormality score;
Judge whether abnormal score is more than threshold value, if it has, then judgement is abnormal, conversely, then judging no exceptions.
2. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 1, which is characterized in that It is described that time series data is subjected to cutting in the position of its significant changes, it specifically includes:
All extreme points of seeking time sequence data;
It then is multiple data segments using the position of the extreme point of your super given threshold of absolute value as cut-off cutting.
3. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 1, which is characterized in that The abnormality detection model includes data compressor and gauss hybrid models estimator, and the data compressor is using multi-to-multi LSTM network structure, the gauss hybrid models estimator use multilayer perceptron structure.
4. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 3, which is characterized in that The compression process of the data compressor includes:
Data segment is subjected to compression reconstruction;
Calculate the relative distance and COS distance of compression front and back;
The output of relative distance, COS distance and the network concealed layer unit of LSTM is synthesized into gauss hybrid models estimator Input quantity.
5. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 4, which is characterized in that The mathematic(al) representation of the relative distance are as follows:
Wherein: r is relative distance, and L is the length to the time series for including, x in data segmentiFor in data segment
The element in time series for including, x ' are the element in the time series obtained after recombinating.
6. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 4, which is characterized in that The mathematic(al) representation of the COS distance are as follows:
Wherein: c is COS distance, | | | | it is norm, xiFor include in data segment time series in element, x ' be recombination The element in time series obtained afterwards.
7. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 4, which is characterized in that The training process of the gauss hybrid models estimator includes:
It receives the output of data compressor and is mapped as K dimensional vector using multilayer neural network, wherein K is Gauss point in model The number of cloth,
Each element based on K dimensional vector simultaneously uses multilayer perceptron model, obtains mixing probability, mean value and the association of each Gaussian Profile Variance;
The detection process of the gauss hybrid models includes:
It receives the output of data compressor and abnormal score is calculated.
8. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 7, which is characterized in that The mathematic(al) representation of the exception score are as follows:
Wherein: Score (z) is abnormal score,For the mixing probability of k-th of Gaussian Profile,For k-th Gaussian Profile Covariance, z are the output of data compressor,For the mean value of k-th of Gaussian Profile,ForInverse matrix.
9. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 8, which is characterized in that
The mixing probability of k-th of Gaussian Profile are as follows:
The mean value of k-th of Gaussian Profile are as follows:
The covariance of k-th of Gaussian Profile are as follows:
Wherein: N is the sum of training sample,For the kth dimension data of i-th of training sample, ziFor i-th of training sample.
10. a kind of time series method for detecting abnormality based on unsupervised learning according to claim 3, feature exist In the data compressor is trained with gauss hybrid models estimator using mode end to end, trained objective function It is as follows:
Wherein: J is objective function, λ1、λ2For the parameter manually set, xiFor the time series that i-th of data segment includes, x ' is Time series after the time series abundance for include by i-th of data segment,For penalty term.
CN201910234623.8A 2019-03-26 2019-03-26 Unsupervised learning-based time series anomaly detection method Active CN110071913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910234623.8A CN110071913B (en) 2019-03-26 2019-03-26 Unsupervised learning-based time series anomaly detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910234623.8A CN110071913B (en) 2019-03-26 2019-03-26 Unsupervised learning-based time series anomaly detection method

Publications (2)

Publication Number Publication Date
CN110071913A true CN110071913A (en) 2019-07-30
CN110071913B CN110071913B (en) 2020-10-02

Family

ID=67366741

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910234623.8A Active CN110071913B (en) 2019-03-26 2019-03-26 Unsupervised learning-based time series anomaly detection method

Country Status (1)

Country Link
CN (1) CN110071913B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430183A (en) * 2019-07-31 2019-11-08 福建师范大学 The MH-LSTM method for detecting abnormality of dialogue-based characteristic similarity
CN110460598A (en) * 2019-08-12 2019-11-15 西北工业大学深圳研究院 Network flow space-time migrates method for detecting abnormality
CN110717601A (en) * 2019-10-15 2020-01-21 厦门铅笔头信息科技有限公司 Anti-fraud method based on supervised learning and unsupervised learning
CN110895598A (en) * 2019-10-23 2020-03-20 山东九州信泰信息科技股份有限公司 Real-time anomaly detection parallelization method based on multi-source prediction
CN111177224A (en) * 2019-12-30 2020-05-19 浙江大学 Time sequence unsupervised anomaly detection method based on conditional regularized flow model
CN111562996A (en) * 2020-04-11 2020-08-21 北京交通大学 Method and system for detecting time sequence abnormality of key performance index data
CN111884874A (en) * 2020-07-15 2020-11-03 中国舰船研究设计中心 Programmable data plane-based ship network real-time anomaly detection method
CN112040338A (en) * 2020-07-31 2020-12-04 中国建设银行股份有限公司 Video playing cheating detection method and device and electronic equipment
CN112131272A (en) * 2020-09-22 2020-12-25 平安科技(深圳)有限公司 Detection method, device, equipment and storage medium for multi-element KPI time sequence
CN112257917A (en) * 2020-10-19 2021-01-22 北京工商大学 Time series abnormal mode detection method based on entropy characteristics and neural network
CN112416643A (en) * 2020-11-26 2021-02-26 清华大学 Unsupervised anomaly detection method and unsupervised anomaly detection device
CN112445842A (en) * 2020-11-20 2021-03-05 北京思特奇信息技术股份有限公司 Abnormal value detection method and system based on time series data
CN112511538A (en) * 2020-11-30 2021-03-16 杭州安恒信息技术股份有限公司 Network security detection method based on time sequence and related components
CN112751813A (en) * 2019-10-31 2021-05-04 国网浙江省电力有限公司 Network intrusion detection method and device
CN113076215A (en) * 2021-04-08 2021-07-06 华南理工大学 Unsupervised anomaly detection method independent of data types
CN113098640A (en) * 2021-03-26 2021-07-09 电子科技大学 Frequency spectrum anomaly detection method based on channel occupancy prediction
CN113469247A (en) * 2021-06-30 2021-10-01 广州天懋信息系统股份有限公司 Network asset abnormity detection method
CN113553232A (en) * 2021-07-12 2021-10-26 厦门大学 Technology for carrying out unsupervised anomaly detection on operation and maintenance data through online matrix portrait
CN117539739A (en) * 2023-12-11 2024-02-09 国网河南省电力公司经济技术研究院 User continuous behavior anomaly monitoring method based on double features

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060047807A1 (en) * 2004-08-25 2006-03-02 Fujitsu Limited Method and system for detecting a network anomaly in a network
CN101826070A (en) * 2010-04-27 2010-09-08 上海第二工业大学 Key point-based data sequence linear fitting method
CN103150364A (en) * 2013-03-04 2013-06-12 福建师范大学 Time series feature extraction method
CN103561418A (en) * 2013-11-07 2014-02-05 东南大学 Anomaly detection method based on time series
CN104156473A (en) * 2014-08-25 2014-11-19 哈尔滨工业大学 LS-SVM-based method for detecting anomaly slot of sensor detection data
CN104915846A (en) * 2015-06-18 2015-09-16 北京京东尚科信息技术有限公司 Electronic commerce time sequence data anomaly detection method and system
US20160285700A1 (en) * 2015-03-24 2016-09-29 Futurewei Technologies, Inc. Adaptive, Anomaly Detection Based Predictor for Network Time Series Data
CN106368816A (en) * 2016-10-27 2017-02-01 中国船舶工业系统工程研究院 Method for online abnormity detection of low-speed diesel engine of ship based on baseline deviation
CN108647737A (en) * 2018-05-17 2018-10-12 哈尔滨工业大学 A kind of auto-adaptive time sequence variation detection method and device based on cluster

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060047807A1 (en) * 2004-08-25 2006-03-02 Fujitsu Limited Method and system for detecting a network anomaly in a network
CN101826070A (en) * 2010-04-27 2010-09-08 上海第二工业大学 Key point-based data sequence linear fitting method
CN103150364A (en) * 2013-03-04 2013-06-12 福建师范大学 Time series feature extraction method
CN103561418A (en) * 2013-11-07 2014-02-05 东南大学 Anomaly detection method based on time series
CN104156473A (en) * 2014-08-25 2014-11-19 哈尔滨工业大学 LS-SVM-based method for detecting anomaly slot of sensor detection data
US20160285700A1 (en) * 2015-03-24 2016-09-29 Futurewei Technologies, Inc. Adaptive, Anomaly Detection Based Predictor for Network Time Series Data
CN104915846A (en) * 2015-06-18 2015-09-16 北京京东尚科信息技术有限公司 Electronic commerce time sequence data anomaly detection method and system
CN106368816A (en) * 2016-10-27 2017-02-01 中国船舶工业系统工程研究院 Method for online abnormity detection of low-speed diesel engine of ship based on baseline deviation
CN108647737A (en) * 2018-05-17 2018-10-12 哈尔滨工业大学 A kind of auto-adaptive time sequence variation detection method and device based on cluster

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YONGJUN JIN, CHENLU QIU, LEI SUN, XUAN PENG, JIANNING ZHOU: "Anomaly detection in time series via robust PCA", 《2017 2ND IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT TRANSPORTATION ENGINEERING (ICITE)》 *
庄池杰,张斌,胡军,李秋硕,曾嵘: "基于无监督学习的电力用户异常用电模式检测", 《中国电机工程学报》 *
李鸿利: "时间序列的行为匹配与评估技术研究", 《中国优秀硕士学位全文库 基础科学辑》 *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430183A (en) * 2019-07-31 2019-11-08 福建师范大学 The MH-LSTM method for detecting abnormality of dialogue-based characteristic similarity
CN110460598A (en) * 2019-08-12 2019-11-15 西北工业大学深圳研究院 Network flow space-time migrates method for detecting abnormality
CN110460598B (en) * 2019-08-12 2021-08-17 西北工业大学深圳研究院 Network flow space-time migration abnormity detection method
CN110717601A (en) * 2019-10-15 2020-01-21 厦门铅笔头信息科技有限公司 Anti-fraud method based on supervised learning and unsupervised learning
CN110717601B (en) * 2019-10-15 2022-05-03 厦门铅笔头信息科技有限公司 Anti-fraud method based on supervised learning and unsupervised learning
CN110895598B (en) * 2019-10-23 2021-09-14 山东九州信泰信息科技股份有限公司 Real-time anomaly detection parallelization method based on multi-source prediction
CN110895598A (en) * 2019-10-23 2020-03-20 山东九州信泰信息科技股份有限公司 Real-time anomaly detection parallelization method based on multi-source prediction
CN112751813A (en) * 2019-10-31 2021-05-04 国网浙江省电力有限公司 Network intrusion detection method and device
CN111177224A (en) * 2019-12-30 2020-05-19 浙江大学 Time sequence unsupervised anomaly detection method based on conditional regularized flow model
CN111562996A (en) * 2020-04-11 2020-08-21 北京交通大学 Method and system for detecting time sequence abnormality of key performance index data
CN111562996B (en) * 2020-04-11 2021-11-23 北京交通大学 Method and system for detecting time sequence abnormality of key performance index data
CN111884874A (en) * 2020-07-15 2020-11-03 中国舰船研究设计中心 Programmable data plane-based ship network real-time anomaly detection method
CN111884874B (en) * 2020-07-15 2022-02-01 中国舰船研究设计中心 Programmable data plane-based ship network real-time anomaly detection method
CN112040338A (en) * 2020-07-31 2020-12-04 中国建设银行股份有限公司 Video playing cheating detection method and device and electronic equipment
CN112131272B (en) * 2020-09-22 2023-11-10 平安科技(深圳)有限公司 Method, device, equipment and storage medium for detecting multi-element KPI time sequence
CN112131272A (en) * 2020-09-22 2020-12-25 平安科技(深圳)有限公司 Detection method, device, equipment and storage medium for multi-element KPI time sequence
CN112257917A (en) * 2020-10-19 2021-01-22 北京工商大学 Time series abnormal mode detection method based on entropy characteristics and neural network
CN112257917B (en) * 2020-10-19 2023-05-12 北京工商大学 Time sequence abnormal mode detection method based on entropy characteristics and neural network
CN112445842A (en) * 2020-11-20 2021-03-05 北京思特奇信息技术股份有限公司 Abnormal value detection method and system based on time series data
CN112416643A (en) * 2020-11-26 2021-02-26 清华大学 Unsupervised anomaly detection method and unsupervised anomaly detection device
CN112511538A (en) * 2020-11-30 2021-03-16 杭州安恒信息技术股份有限公司 Network security detection method based on time sequence and related components
CN113098640B (en) * 2021-03-26 2022-03-08 电子科技大学 Frequency spectrum anomaly detection method based on channel occupancy prediction
CN113098640A (en) * 2021-03-26 2021-07-09 电子科技大学 Frequency spectrum anomaly detection method based on channel occupancy prediction
CN113076215A (en) * 2021-04-08 2021-07-06 华南理工大学 Unsupervised anomaly detection method independent of data types
CN113469247B (en) * 2021-06-30 2022-04-01 广州天懋信息系统股份有限公司 Network asset abnormity detection method
CN113469247A (en) * 2021-06-30 2021-10-01 广州天懋信息系统股份有限公司 Network asset abnormity detection method
CN113553232A (en) * 2021-07-12 2021-10-26 厦门大学 Technology for carrying out unsupervised anomaly detection on operation and maintenance data through online matrix portrait
CN113553232B (en) * 2021-07-12 2023-12-05 厦门大学 Technology for carrying out unsupervised anomaly detection on operation and maintenance data through online matrix image
CN117539739A (en) * 2023-12-11 2024-02-09 国网河南省电力公司经济技术研究院 User continuous behavior anomaly monitoring method based on double features

Also Published As

Publication number Publication date
CN110071913B (en) 2020-10-02

Similar Documents

Publication Publication Date Title
CN110071913A (en) A kind of time series method for detecting abnormality based on unsupervised learning
CN110555479B (en) Fault feature learning and classifying method based on 1DCNN and GRU fusion
CN108960303B (en) Unmanned aerial vehicle flight data anomaly detection method based on LSTM
CN110376457A (en) Non-intrusion type load monitoring method and device based on semi-supervised learning algorithm
CN110263846A (en) The method for diagnosing faults for being excavated and being learnt based on fault data depth
CN102789545B (en) Based on the Forecasting Methodology of the turbine engine residual life of degradation model coupling
CN106021826B (en) One kind is based on aero-engine complete machine method for predicting residual useful life under operating mode&#39;s switch and the matched variable working condition of similitude
CN109460574A (en) A kind of prediction technique of aero-engine remaining life
CN109948117A (en) A kind of satellite method for detecting abnormality fighting network self-encoding encoder
CN108760302A (en) A kind of on-line monitoring and fault diagnosis system of wind power generating set bearing
CN114297918B (en) Aero-engine residual life prediction method based on full-attention depth network and dynamic ensemble learning
CN109917777B (en) Fault detection method based on mixed multi-sampling rate probability principal component analysis model
CN104239712B (en) Real-time evaluation method for anti-interference performance of radar
CN106338406A (en) On-line monitoring and fault early-warning system and method for traction electric transmission system of train
CN115187832A (en) Energy system fault diagnosis method based on deep learning and gram angular field image
CN114549589B (en) Rotator vibration displacement measurement method and system based on lightweight neural network
CN110781266A (en) Urban perception data processing method based on time-space causal relationship
CN109374631A (en) A kind of tunnel state evaluating method
CN111753877B (en) Product quality detection method based on deep neural network migration learning
CN110138614A (en) A kind of online network flow abnormal detecting method and system based on tensor model
Li et al. Life-cycle modeling driven by coupling competition degradation for remaining useful life prediction
CN114048546A (en) Graph convolution network and unsupervised domain self-adaptive prediction method for residual service life of aircraft engine
CN116364203A (en) Water quality prediction method, system and device based on deep learning
WO2024027487A1 (en) Health degree evaluation method and apparatus based on intelligent operations and maintenance scene
Hawkins et al. Modeling probability knowledge and choice in decisions from experience

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant