Anomaly Detection Review
Anomaly Detection Review
Abstract - Anomaly detection has become a critical Things (IoT) and the increased use of real-time
research area due to its extensive application in monitoring systems, the volume of data generated has
domains such as cybersecurity, healthcare, finance, grown exponentially. This proliferation has
and IoT. With the advent of machine learning and necessitated the development of scalable and efficient
deep learning techniques, there has been a surge in anomaly detection techniques. This paper aims to
the effectiveness and complexity of anomaly explore both traditional and novel approaches to
detection methods. This review paper provides an in- anomaly detection, with a focus on how machine
depth analysis of five significant research papers: a learning and deep learning techniques have been
comprehensive study on machine learning and deep applied in this rapidly evolving field.
learning techniques for IoT anomaly detection, a
survey on deep learning approaches for general OVERVIEW OF SELECTED PAPERS
anomaly detection, a review focusing on CNN-based
anomaly detection for cybersecurity, an evaluation of This review synthesizes insights from five major
machine learning algorithms for anomaly detection, papers that provide foundational work in machine
and a study proposing unsupervised deep learning learning, deep learning, and hybrid approaches for
approaches for network intrusion detection. By anomaly detection.
synthesizing insights from these studies, we aim to
provide a comprehensive understanding of the state- Paper 1: A Review of Machine Learning and Deep
of-the-art in anomaly detection and propose a Learning Techniques for Anomaly Detection in IoT
taxonomy that aligns these techniques based on their Data
application contexts and performance metrics.
This paper provides an extensive review of machine
INTRODUCTION learning and deep learning techniques specifically for
anomaly detection in IoT data streams. It discusses
Anomaly detection, often referred to as outlier or challenges such as the dynamic nature of data, feature
novelty detection, is a critical task in data mining and evolution, and the need for real-time processing.
machine learning. It aims to identify rare events or Techniques analyzed include clustering algorithms,
observations that significantly deviate from the classification models, and hybrid approaches. A key
majority of the data. The primary motivation behind highlight of this work is its taxonomy of techniques
anomaly detection is its ability to highlight unusual based on anomaly types and learning modes.
patterns that may represent system faults, fraud, or
cyber-attacks. With the evolution of the Internet of
Paper 2: Deep Learning for Anomaly Detection: A This paper proposes a novel approach using
Survey unsupervised deep learning techniques—Auto
Encoder (AE) and Restricted Boltzmann Machine
This survey presents a comprehensive overview of (RBM)—for feature extraction and anomaly detection
deep learning-based anomaly detection techniques in network intrusion systems. The evaluation of these
across diverse domains, including video surveillance, methods on the KDD-99 dataset shows that the
cybersecurity, and healthcare. The study categorizes combination of RBM with iterative k-means clustering
these techniques into supervised, semi-supervised, and significantly improves detection accuracy compared to
unsupervised models. A key contribution of this work traditional methods.
is its structured organization of deep learning models,
such as autoencoders, convolutional neural networks COMPARATIVE ANALYSIS AND TAXONOMY
(CNNs), and recurrent neural networks (RNNs).
Based on these studies, we propose a taxonomy of
Paper 3: Anomaly Detection for Cyber-Security anomaly detection techniques categorized into
Based on Convolution Neural Network: A Survey machine learning, deep learning, and hybrid models.
Each technique has distinct strengths depending on the
This paper focuses on CNN-based techniques for context of application, as summarized below:
anomaly detection in the cybersecurity domain. It
highlights the use of CNNs to process high- Machine Learning Techniques
dimensional input data, making them suitable for
network intrusion detection and log analysis. The These include clustering-based (e.g., k-means),
study proposes a unified cross-framework for statistical models, and support vector machines. They
organizing CNN-based solutions and presents future are effective for structured, low-dimensional data but
research directions to enhance the detection struggle with evolving and large-scale datasets.
capabilities of CNNs for cyber-attack scenarios.
Deep Learning Techniques
Paper 4: Evaluation of Machine Learning
Algorithms for Anomaly Detection Techniques such as autoencoders, CNNs, and LSTMs
provide strong feature extraction capabilities. CNNs
This study evaluates the performance of twelve are particularly effective for high-dimensional data,
machine learning algorithms applied to anomaly while RNNs excel in temporal anomaly detection.
detection across three publicly available datasets:
CICIDS-2017, UNSW-NB15, and the Industrial Hybrid Models
Control System (ICS) datasets. The paper focuses on
how these algorithms detect cyber-attacks like DoS, These models combine traditional machine learning
SQL injection, and port scanning. A key finding is with deep learning to leverage the strengths of both.
that Random Forest (RF) consistently outperforms They are effective for high-complexity scenarios like
other algorithms, achieving the highest accuracy, cybersecurity, where data is both structured and
precision, recall, and F1-score across all datasets. unstructured.
CONCLUSION