ADSaS: Comprehensive real-time anomaly detection system

Sooyeon Lee; Huy Kang Kim

doi:10.1007/978-3-030-17982-3_3

ADSaS: Comprehensive real-time anomaly detection system

Sooyeon Lee, Huy Kang Kim

Graduate School of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average (SARIMA) model and Seasonal Trend decomposition using Loess (STL), to detect complex and various anomalies. Usually, SARIMA and STL are used only for stationary and periodic time-series, but by combining, we show they can detect anomalies with high accuracy for data that is even noisy and non-periodic. We compared the algorithm to Long Short Term Memory (LSTM), a deep-learning-based algorithm used for anomaly detection system. We used a total of seven real-world datasets and four artificial datasets with different time-series properties to verify the performance of the proposed algorithm.

Original language	English
Title of host publication	Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers
Editors	Brent ByungHoon Kang, JinSoo Jang
Publisher	Springer Verlag
Pages	29-41
Number of pages	13
ISBN (Print)	9783030179816
DOIs	https://doi.org/10.1007/978-3-030-17982-3_3
Publication status	Published - 2019 Jan 1
Event	19th World International Conference on Information Security and Application, WISA 2018 - Jeju Island, Korea, Republic of Duration: 2018 Aug 23 → 2018 Aug 25

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11402 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th World International Conference on Information Security and Application, WISA 2018
Country	Korea, Republic of
City	Jeju Island
Period	18/8/23 → 18/8/25

Fingerprint

Keywords

Anomaly detection
Data stream
Real-time
SARIMA
STL

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Lee, S., & Kim, H. K. (2019). ADSaS: Comprehensive real-time anomaly detection system. In B. B. Kang, & J. Jang (Eds.), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers (pp. 29-41). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17982-3_3

ADSaS : Comprehensive real-time anomaly detection system. / Lee, Sooyeon; Kim, Huy Kang.

Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. ed. / Brent ByungHoon Kang; JinSoo Jang. Springer Verlag, 2019. p. 29-41 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, S & Kim, HK 2019, ADSaS: Comprehensive real-time anomaly detection system. in BB Kang & J Jang (eds), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11402 LNCS, Springer Verlag, pp. 29-41, 19th World International Conference on Information Security and Application, WISA 2018, Jeju Island, Korea, Republic of, 18/8/23. https://doi.org/10.1007/978-3-030-17982-3_3

Lee S, Kim HK. ADSaS: Comprehensive real-time anomaly detection system. In Kang BB, Jang J, editors, Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Springer Verlag. 2019. p. 29-41. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-17982-3_3

Lee, Sooyeon ; Kim, Huy Kang. / ADSaS : Comprehensive real-time anomaly detection system. Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. editor / Brent ByungHoon Kang ; JinSoo Jang. Springer Verlag, 2019. pp. 29-41 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{59f44783451d4387b8318e3a377e6e02,

title = "ADSaS: Comprehensive real-time anomaly detection system",

abstract = "Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average (SARIMA) model and Seasonal Trend decomposition using Loess (STL), to detect complex and various anomalies. Usually, SARIMA and STL are used only for stationary and periodic time-series, but by combining, we show they can detect anomalies with high accuracy for data that is even noisy and non-periodic. We compared the algorithm to Long Short Term Memory (LSTM), a deep-learning-based algorithm used for anomaly detection system. We used a total of seven real-world datasets and four artificial datasets with different time-series properties to verify the performance of the proposed algorithm.",

keywords = "Anomaly detection, Data stream, Real-time, SARIMA, STL",

author = "Sooyeon Lee and Kim, {Huy Kang}",

year = "2019",

month = "1",

day = "1",

doi = "10.1007/978-3-030-17982-3_3",

language = "English",

isbn = "9783030179816",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "29--41",

editor = "Kang, {Brent ByungHoon} and JinSoo Jang",

booktitle = "Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers",

note = "19th World International Conference on Information Security and Application, WISA 2018 ; Conference date: 23-08-2018 Through 25-08-2018",

}

TY - GEN

T1 - ADSaS

T2 - 19th World International Conference on Information Security and Application, WISA 2018

AU - Lee, Sooyeon

AU - Kim, Huy Kang

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average (SARIMA) model and Seasonal Trend decomposition using Loess (STL), to detect complex and various anomalies. Usually, SARIMA and STL are used only for stationary and periodic time-series, but by combining, we show they can detect anomalies with high accuracy for data that is even noisy and non-periodic. We compared the algorithm to Long Short Term Memory (LSTM), a deep-learning-based algorithm used for anomaly detection system. We used a total of seven real-world datasets and four artificial datasets with different time-series properties to verify the performance of the proposed algorithm.

AB - Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average (SARIMA) model and Seasonal Trend decomposition using Loess (STL), to detect complex and various anomalies. Usually, SARIMA and STL are used only for stationary and periodic time-series, but by combining, we show they can detect anomalies with high accuracy for data that is even noisy and non-periodic. We compared the algorithm to Long Short Term Memory (LSTM), a deep-learning-based algorithm used for anomaly detection system. We used a total of seven real-world datasets and four artificial datasets with different time-series properties to verify the performance of the proposed algorithm.

KW - Anomaly detection

KW - Data stream

KW - Real-time

KW - SARIMA

KW - STL

UR - http://www.scopus.com/inward/record.url?scp=85065013521&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065013521&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-17982-3_3

DO - 10.1007/978-3-030-17982-3_3

M3 - Conference contribution

AN - SCOPUS:85065013521

SN - 9783030179816

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 29

EP - 41

BT - Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers

A2 - Kang, Brent ByungHoon

A2 - Jang, JinSoo

PB - Springer Verlag

Y2 - 23 August 2018 through 25 August 2018

ER -

Access to Document

10.1007/978-3-030-17982-3_3