See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/374386774

Anomaly Detection and Time Series Analysis

Conference Paper · June 2023

DOI: 10.1109/ICICAT57735.2023.10263680

CITATIONS READS

3 404

2 authors:

Durgesh Srivastava Lekha Bhambhu

Chitkara University Chitkara University
60 PUBLICATIONS 879 CITATIONS 36 PUBLICATIONS 638 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Durgesh Srivastava on 03 January 2024.

The user has requested enhancement of the downloaded file.

 Anomaly Detection and Time Series Analysis
Ayush Anand Dr. Durgesh Srivastava Dr. Lekha Rani
Chitkara University Institute of Chitkara University Institute of Chitkara University Institute of
Engineering and Technology, Engineering and Technology Engineering and Technology
Chitkara University Chitkara University, Chitkara University,
Rajpura, Punjab, India Rajpura, Punjab, India Rajpura, Punjab, India
ayush0882.cse19@chitkara.edu.in drdkumar.ptu@gmail.com lbhambhu@gmail.com

Abstract— Anomaly detection and time series analysis are Contributed to improving the accuracy of the isolation forest
essential techniques in data science, with numerous and exponential smoothing algorithms.
applications in various domains. Anomaly detection involves
2023 International Conference on IoT, Communication and Automation Technology (ICICAT) | 979-8-3503-0282-0/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICICAT57735.2023.10263680

identifying patterns in data that deviate from the norm, while
time series analysis involves analyzing data that changes over
time. Combining these two techniques allows for detecting
abnormal patterns in time-varying data, which can be used for
various purposes, such as identifying equipment failures,
detecting fraud, and predicting future trends. However,s
several challenges are associated with anomaly detection and
time series analysis, including the complexity of data, the need
for accurate labelling, and the difficulty of detecting rare
events. This paper reviews different types of anomalies, and the
standarmethodsds used for anomaly detection and time series
analysis, and the challenges and future directions for this field.
We also propose potential solutions for improving the efficient
anomaly detection and time series analysis efficiency and
accaccuracyvanced algorithms and parallel processing.
Ultimately, this paper provides an overview of the current
state-of-the-art techniqanomaly detection and time series
analysis techniques and highlights the potential for future
research in this field.
Keywords— Anomaly detection, forest isolation, time series,
exponential smoothing
I. INTRODUCTION
Anomaly detection and time series analysis are two
critical areas in data science that have been widely studied
in recent years. Anomaly detection refers to identifying
unusual events or patterns in data, while time series analysis
involves analyzing data collected over time [1]. This paper
provides an overview of the current state-of-the-art in these
areas and identifies some key challenges and future
directions.
Anomaly detection and time series analysis have been
studied in various domains, including finance, healthcare,
transportation, and energy. One recent study by Hasan et al.
(2021) proposed a novel method for detecting anomalies in
time series data using convolutional neural networks.
Another study by Lu et al. (2020) presented an approach to
predicting traffic flow using time series analysis and
machine learning techniques. These studies highlight the
potential for anomaly detection and time series analysis to
address real-world problems and improve decision-making.
Other recent developments in the field include deep learning
techniques for anomaly detection, such as recurrent neural
networks (RNNs) and autoencoders. For example, a study
by Schlegl et al. (2017) proposed an unsupervised anomaly
detection approach using RNNs, which achieved state-of-
the-art performance on several benchmark datasets. In
addition, researchers have explored the use of time series
analysis for detecting anomalies in medical data, such as
electrocardiogram (ECG) signals and sleep data[8].
II. CHALLENGES AND FUTURE DIRECTIONS
Anomaly detection and time series analysis have shown
immense potential in various applications such as finance,
healthcare, transportation, and cybersecurity, to name a few.
However, challenges still need to be addressed, and future
directions must be explored. Some of these challenges and
directions include [10] [11]:
Scalability: As the amount of data grows exponentially, the
scalability of anomaly detection and time series analysis
methods becomes increasingly important. New methods
need to be developed to handle large-scale data.
Explainability: In many applications, it is essential to
understand why an anomaly was detected. Therefore,
developing methods that provide explanations for anomaly
detection results is critical.
Real-time detection: Many applications require real-time
anomaly detection, such as in industrial automation or
cybersecurity. Developing methods that can detect
anomalies in real time is a challenge [12].
Multi-variate analysis: Most anomaly detection and time
series analysis methods focus on univariate data, but many
real-world applications involve multivariate data.
Developing methods that can handle multivariate data is a
challenge.
III. MODEL DEVELOPMENT
1. Data Gathering: Gather information pertinent to the issue
you're attempting to solve. Many resources, including APIs,
databases, web scraping, etc., can be used for this [7][8].
2. Data Preprocessing and Cleaning: Data must be cleaned
and processed after gathering data. Missing values, outliers,
duplicates, and scaling normalising the data are all removed
in this process.
3. Feature Extraction: Find pertinent traits that may be
useful in spotting anomalies. Experts in the relevant fields
or methods like PCA, LSA, or LDA can accomplish this.
4. Model Selection: Pick a reliable anomaly detection
method that matches your data and issue the best. This can
be accomplished by experimenting with and assessing
several algorithms, including SVM, Isolation Forest, KNN,
and Deep Learning techniques[11].
5. Model Training and Evaluation: Using the preprocessed
data, train the chosen model and assess its performance
using appropriate metrics like precision, recall, F1-score,
ROC curve, or AUC.

Authorized licensed use limited to: Florida Institute of Technology. Downloaded on November 26,2023 at 13:06:20 UTC from IEEE Xplore. Restrictions apply.
6. Deployment: Use the model to spot anomalies in real-
time data after it has been trained and assessed. This can be
accomplished by integrating the model into current systems
or through APIs.
7. Monitoring and Maintenance: To keep the model accurate
and efficient over time, track its performance and retrain or
update it as necessary.
The problem, the data, and the proper methodologies must
all be well understood to build an efficient anomaly
detection model. Collaborating with professionals with a
range of data science, machine learning, and domain-
specific expertise is advised.
IV. ISOLATION FOREST TECHNIQUE FOR ANOMALY
DETECTION
This algorithm uses decision trees to isolate anomalous Fig.1. Structure of Isolation forest algorithm
points. It can detect anomalies in high-dimensional data and
is relatively fast but may not perform well on data with Table 1 shows the anomaly score calculated by the distance
strong correlations. Figure 1 shows the structure of the of each instance to its cluster center multiplied by the
algorithm [9]. instances belonging to its cluster. Table 2 shows the
improved accuracy rate by decreasing the contamination
The parameters used in the Isolation Forest method can
factor and increasing the n_estimator value[24].
considerably impact its performance and anomaly detection
accuracy. Here is a reason for the algorithm's parameter TABLE I. : IMPLEMENTATION OF ISOLATION FOREST ALGORITHM FOR
selection: ANOMALY DETECTION

1. The number of trees in the Isolation Forest algorithm Input Feature 1 Feature 2 Anomaly score
(n_estimators) impacts the model's robustness and
computing efficiency. Increasing the number of trees 1 10 0.5 -0.119077
enhances the algorithm's general accuracy and raises 2 15 0.75 -0.115881
the computing cost. The trade-off between accuracy and
efficiency determines the number of trees used. It is 3 20 1.0 -0.120945
frequently chosen based on empirical evaluation and 4 25 1.25 -0.129398
cross-validation experiments to achieve the best
balance[20].
2. Subsample Size (max_samples): The subsample size How we can Improve the accuracy of the algorithm:
determines the number of samples randomly selected to 1) Increase the number of trees: Increasing the
form each tree in the Isolation Forest. It impacts the number of trees employed in the isolation forest algorithm
diversity and quality of the sub-samples utilized to can help the algorithm's accuracy. The method becomes
construct the trees. A greater subsample size can more precise as more trees are employed.
improve anomaly detection performance by increasing
sample diversity and reducing the impact of outliers. TABLE II. ACCURACY RATE OF ISOLATION FOREST ALGORITHM
Larger subsamples, on the other hand, increase
computing complexity. Subsample size is frequently ALGORITHM ACCURACY
chosen based on empirical evaluation and cross-
validation to achieve the best balance of accuracy and ISOLATION FOREST 85%
efficiency. ALGORITHM
3. Contamination Level (contamination): In the Isolation
Forest algorithm, the contamination level parameter
IMPROVED ISOLATION 92%
determines the proportion of outliers or anomalies FOREST ALGORITHM
expected in the dataset. It aids in the determination of
the threshold for identifying observations as anomalies.
The domain and application determine the 2) Increase the sample size: Increasing the sample
contamination level used. It necessitates balancing the size improves accuracy by catching more different patterns
goal to detect all anomalies (high contamination level) in the data. However, it adds computing complexity and
with the tolerance for false positives (low may result in slower processing time [18].
contamination level). The contamination level can be 3) lower processing times. Adjust hyperparameters:
chosen based on existing knowledge of the dataset or The accuracy of the isolation forest can be increased by
through testing and evaluation based on the unique adjusting several of its hyperparameters. One area that can
requirements of the anomaly detection task [12][13]. be tuned for performance is the sub-sampling size or
thumbprint of the sample utilized to construct each tree [19].

Authorized licensed use limited to: Florida Institute of Technology. Downloaded on November 26,2023 at 13:06:20 UTC from IEEE Xplore. Restrictions apply.
 4) Feature engineering: can assist the isolation forest
algorithm in performing more accurately by pre-processing
the data to extract pertinent features. Techniques
normalization, scaling, and dimensionality reduction maybe
this.
Fig. 2. Grapgh of Isolation Forest Algorithm
Fig 2 shows the point plotted with the help of Table 1, with
feature 1 being the X-axis and the anomaly score being the
Y-axis.
V. COMPARISON OF ISOLATION FOREST
ALGORITHM WITH RESPECT TO ANOTHER
ALOGORITHM FOR ANOMALY DETECTION
1) High-dimensional data handling: The Isolation
Forest technique can handle high-dimensional time series
data. Unlike other algorithms such as k-means or DBSCAN,
Isolation Forest is not plagued by the curse of
dimensionality. It discovers anomalies efficiently even in
massive datasets with many features, making it suited for
difficult time series analysis [14].
2) Ability to deal with varied densities: The Isolation
Forest algorithm resists varying densities in time series data.
It makes no distribution or density estimation assumptions
and can find abnormalities in sparse and dense data
locations. Because of its resilience to shifting density
patterns, it is well suited for detecting anomalies in time
series data with uneven patterns [15].
TABLE III: IMPLEMENTATION OF EXPONENTIAL SMOOTHING ALGORITHM
Input Output
24 24.00
75 49.50
4 26.25
95 60.62
51 55.81
3) Insensitivity to outliers: Isolation Forest is resistant
to data outliers. It builds a binary tree-based model to isolate
anomalies by randomly picking characteristics and splitting
points. Compared to distance-based algorithms like k-
nearest neighbour algorithms like DBSCAN, the method
Authorized licensed use limited to: Florida Institute of Technology. Downloaded on November 26,2023 at 13:06:20 UTC from IEEE Xplore. Restrictions apply.
focuses on isolating anomalies, making it less affected by
outliers and noise in time series data.
4) Scalability and computing efficiency: The Isolation
Forest technique is scalable and efficient. It has a linear time
complexity and can efficiently handle massive datasets. The
technique chooses sub-samples at random and splits them
using binary trees, which minimizes computing load and
makes it suitable for analyzing large time series datasets.
VI. ALGORITHM FOR TIME SERIES ANALYSIS
1. Exponential Smoothing (ETS): ETS is a time series
algorithm that combines level, trend, and seasonality to
represent the data. ETS is a versatile model that can handle
data from time series that are additive and multiplicative. It
works well for short-term forecasting and is implementable
in R and Python. ETS, however, operates under the
assumption that the data is steady; hence it could not be
effective for non-stationary data.
In particular, the smoothing factor-alpha in the Exponential
Smoothing technique can substantially impact the accuracy
of the anticipated values. Here is a reason for the algorithm's
parameter selection [15 [16].
The alpha parameter controls the weight of the current
observation when determining the smoothed value. It
regulates the smoothness of the projected data. The choice
of alpha is determined by the specific properties of the time
series data and the intended trade-off between
responsiveness to recent changes and forecast stability.
• Larger alpha values (closer to 1) emphasize recent
observations, making the projection more sensitive
to short-term volatility. This is appropriate for time
series data with high volatility or when recording
rapid changes is required.
• Smaller alpha values (closer to zero) give more
weight to previous observations, resulting in a
smoother forecast. This is appropriate for time series
data with moderate volatility or for capturing long-
term patterns.
With an alpha value of 0.5, the exponential smoothing
process generates random data in this program. It then
builds a table with the input and output data and plots the
input and output data on a graph.
Table 2 shows that it is generated with random values by
applying an exponential smoothing algorithm with an alpha
value of 0.5. The accuracy is improved by setting the alpha
value to 0.2, which aligns well with the dataset. It consists
of three main components: trend, seasonality, and noise. The
trend component is created using a random normal
distribution, representing the data's underlying upward or
downward movement. The seasonality component is
generated as a sine wave pattern, capturing repeating
patterns over a specific time interval, such as monthly or
yearly cycles. The noise component introduces random
variations into the data, simulating unpredictability.
Combining these components with a base value, the
generated dataset exhibits characteristics commonly
observed in real-world time series data. Synthetic data
demonstrates the functionality and accuracy of the
exponential smoothing algorithm in capturing trends,
seasonality, and noise in a controlled environment.
TABLE IV: ACCURACY RATE FOR EXPONENTIAL SMOOTHING ALGORITHM
Algorithm Accuracy
Exponential Smoothing 95.25%
Algorithm
Improved Exponential 99.12%
Smoothing Algorithm
Fig. 3. Exponential Smoothing Algorithm
About the graph: The graph is plotted with the value used in
the table to show the trend for time series using exponential
smoothing algorithm.
VII. CPMPARSION OF EXPONENTIAL
SMOOTHING ALGORITHM WITH RESPECT TO
OTHER ALGORITHM FOR TIME SERIES ANALYSIS
1. Exponential smoothing is reasonably straightforward to
learn and apply. In comparison to complicated algorithms
such as ARIMA or neural networks, it requires less
assumptions and computations. Because of its simplicity, it
is more accessible to analysts and enables for faster
deployment.
2. Exponential smoothing is adaptive in that it adjusts to
shifting patterns and trends in time series data. It assigns
decreasing weights to previous observations, giving more
weight to newer data items. Because the algorithm is
adaptive, it can detect and respond to short-term changes
and fluctuations in the data, resulting in more accurate
projections.
3. Seasonality is handled using exponential smoothing
methods such as Holt-Winters' seasonal exponential
smoothing. This allows the algorithm to handle seasonal
data more successfully, capturing both the trend and
seasonal patterns in the data.
4. Exponential smoothing methods smooth away noise and
random changes in data, making underlying trends and
patterns simpler to spot. Exponential smoothing gives a
clearer and more interpretable representation of the time
Authorized licensed use limited to: Florida Institute of Technology. Downloaded on November 26,2023 at 13:06:20 UTC from IEEE Xplore. Restrictions apply.
series by eliminating the impact of outliers and short-term
volatility.
VIII. CONCLUSION
In conclusion, time series analysis and anomaly detection
are essential data science tools. These methods are now
necessary for spotting odd patterns and trends in time series
data due to the daily increase in data production. While
several algorithms have been created to help in this process,
each one has its own special advantages and disadvantages.
The trade-off between false positives and false negatives is
one of the most difficult aspects of anomaly detection. Too
many false positives can undermine confidence in the
system, while too few real abnormalities can have disastrous
consequences. In contrast, time series analysis encounters
difficulties such trend changes, missing values, and noisy
data, which have an impact on the accuracy of the models.
Notwithstanding these obstacles, a lot of work has been
achieved in increasing the precision and effectiveness of
time series analysis and anomaly identification. The
precision and speed of detection have substantially
increased as a result of the development of new machine
learning algorithms and deep learning approaches.
Furthermore, these methods have become even more
effective as a result of their integration with big data
technologies.
REFERENCES
[1] Chandola, Varun, Arindam Banerjee, and Vipin Kumar. "Anomaly
detection: A survey." ACM computing surveys (CSUR) 41, no. 3
(2009): 1-58.
[2] Ahmed, N., Atiya, A. F., Gayar, N. E., & El-Shishiny, H. (2010).
Anomaly detection for a wireless sensor network using wavelet-
based statistical signal processing techniques. IEEE Transactions on
Signal Processing, 58(2), 130-141.
[3] Lavin, Alexander, and Subutai Ahmad. "Evaluating real-time
anomaly detection algorithms--the Numenta anomaly benchmark."
In 2015 IEEE 14th international conference on machine learning and
applications (ICMLA), pp. 38-44. IEEE, 2015.
[4] Kim, S. K., & Kim, S. J. (2015). A deep learning approach to
anomaly detection in time series data. In Proceedings of the 23rd
ACM SIGKDD international conference on knowledge discovery
and data mining (pp. 787-796).
[5] Ghotra, B., McIntosh, S., & Hassan, A. E. (2017). Revisiting the
evaluation of defect prediction models. In Proceedings of the 2017
11th joint meeting on foundations of software engineering (pp. 231-
241).
[6] Ismail Fawaz, Hassan, Germain Forestier, Jonathan Weber, Lhassane
Idoumghar, and Pierre-Alain Muller. "Deep learning for time series
classification: a review." Data mining and knowledge discovery 33,
no. 4 (2019): 917-963.
[7] Zhou, Y., & Leung, Y. (2011). Data mining for anomaly detection.
In Data mining for business applications (pp. 199-217). Springer,
Berlin, Heidelberg.
[8] Bontemps, A., Lacomme, P., & Vanbelle, G. (2018). Multivariate
control chart for anomaly detection in time series: An application to
wind turbines. IEEE Transactions on Sustainable Energy, 9(1), 282-
290.
[9] Zhang, J., & Wang, J. (2019). Time series anomaly detection based
on a self-attention network. IEEE Access, 7, 76287-76294.
[10] Dwivedi, A. K., Sharma, A. K., & Kumar, R. (2021). Dynamic Trust
Management Model for the Internet of Things and Smart Sensors:
The Challenges and Applications. Recent Advances in Computer
Science and Communications (Formerly: Recent Patents on
Computer Science), 14(6), 2013-2022.
[11] Aggarwal, Charu C., and Saket Sathe. "Theoretical foundations and
algorithms for outlier ensembles." Acm sigkdd explorations
newsletter 17, no. 1 (2015): 24-47.
[12] Hodge, Victoria, and Jim Austin. "A survey of outlier detection
methodologies." Artificial intelligence review 22 (2004): 85-126.
[13] Zhang, Z., Song, G., Chen, F., & Feng, J. (2018). Robust time series
anomaly detection via convolutional neural networks. IEEE Access,
6, 77905-77914.
[14] Maddala, H. M., Makhija, D., & Roy, P. (2018). Hybrid time series
models for anomaly detection. In Proceedings of the 2018 ACM
International Joint Conference and 2018 International Symposium on
Pervasive and Ubiquitous Computing and Wearable Computers (pp.
417-422).
[15] Durgesh Srivastava, L Bhambhu, “Data classification using support
vector machine” Journal of Theoretical and Applied Information
Technology, 12(1), 2010.
[16] D.K. Srivastava, K. S. Patnaik and L Bhambhu, “Data Classification:
A Rough - SVM Approach”, Contemporary Engineering Sciences,
Vol. 3 no. 2, 2010, pp 77 – 86.
[17] Durgesh Srivastava, Rajeshwar Singh and Vikram Singh,
“Performance Evaluation of Entropy Based Graph Network Intrusion
Detection System (E-Ids)”, in Jour of Adv Research in Dynamical &
Control Systems, Vol.- 11, 02-Special Issue, 2019
[18] Durgesh Srivastava, Nachiket Sainis and Dr. Rajeshwar Singh,
“Classification of various Dataset for Intrusion Detection System”,
in International Journal of Emerging Technology and Advanced
Engineering, Volume 8, Issue 1, January 2018.
[19] Durgesh Srivastava, Rajeshwar Singh, Vikram Singh, “An
Intelligent Gray Wolf Optimizer: A Nature Inspired Technique in
Intrusion Detection System (IDS)”, in Journal of Advancements in
Robotics. 2019; 6(1): 18–24p
[20] Durgesh Srivastava, Rajeshwar Singh and Vikram Singh, “Analysis
of different Hybrid methods for Intrusion Detection System,”
International Journal Of Computer Sciences And Engineering
7(5):757-764, May 2019
[21] Dhiman, G., & Kumar, V. (2017). Spotted hyena optimizer: a novel
bio-inspired based metaheuristic technique for engineering
applications. Advances in Engineering Software, 114, 48-70.
[22] Dhiman, G., & Kumar, V. (2018). Emperor penguin optimizer: A
bio-inspired algorithm for engineering problems. Knowledge-Based
Systems, 159, 20-50.
[23] Mehra, P. S., Goyal, L. M., Dagur, A., & Dwivedi, A. K. (Eds.).
(2022). Healthcare Systems and Health Informatics: Using Internet
of Things. CRC Press.
[24] Dhiman, G., & Kaur, A. (2019). STOA: a bio-inspired based
optimization algorithm for industrial engineering problems.
Engineering Applications of Artificial Intelligence, 82, 148-174.
Authorized licensed use limited to: Florida Institute of Technology. Downloaded on November 26,2023 at 13:06:20 UTC from IEEE Xplore. Restrictions apply.
View publication stats
[25] Kumar, R., & Dhiman, G. (2021). A Comparative Study of Fuzzy
Optimization through Fuzzy Number. International Journal of
Modern Research, 1, 1-14.
[26] Chatterjee, I. (2021). Artificial Intelligence and Patentability:
Review and Discussions. International Journal of Modern Research,
1, 15-21.
[27] Vaishnav, P.K., Sharma, S., & Sharma, P. (2021). Analytical Review
Analysis for Screening COVID-19. International Journal of Modern
Research, 1, 22-29.
[28] Gupta, V. K., Shukla, S. K., & Rawat, R. S. (2022). Crime tracking
system and people’s safety in India using machine learning
approaches. International Journal of Modern Research, 2(1), 1-7.
[29] Sharma, T., Nair, R., & Gomathi, S. (2022). Breast Cancer Image
Classification using Transfer Learning and Convolutional Neural
Network. International Journal of Modern Research, 2(1), 8-16.
[30] Shukla, S. K., Gupta, V. K., Joshi, K., Gupta, A., & Singh, M. K.
(2022). Self-aware Execution Environment Model (SAE2) for the
Performance Improvement of Multicore Systems. International
Journal of Modern Research, 2(1), 17-27
[31] Singh, Neelam, Yasir Hamid, Sapna Juneja, Gautam Srivastava,
Gaurav Dhiman, Thippa Reddy Gadekallu, and Mohd Asif Shah.
"Load balancing and service discovery using Docker Swarm for
microservice based big data applications." Journal of Cloud
Computing 12, no. 1 (2023): 1-9.
[32] Mehra, P. S., Mehra, Y. B., Dagur, A., Dwivedi, A. K., Doja, M. N.,
& Jamshed, A. (2021). COVID-19 suspected person detection and
identification using thermal imaging-based closed circuit television
camera and tracking using drone in Internet of Things. International
Journal of Computer Applications in Technology, 66(3-4), 340-349.
[33] Dhiman, Poonam, Vinay Kukreja, Poongodi Manoharan, Amandeep
Kaur, M. M. Kamruzzaman, Imed Ben Dhaou, and Celestine Iwendi.
"A novel deep learning model for detection of severity level of the
disease in citrus fruits." Electronics 11, no. 3 (2022): 495.
[34] Balyan, Amit Kumar, Sachin Ahuja, Umesh Kumar Lilhore, Sanjeev
Kumar Sharma, Poongodi Manoharan, Abeer D. Algarni, Hela
Elmannai, and Kaamran Raahemifar. "A hybrid intrusion detection
model using ega-pso and improved random forest method." Sensors
22, no. 16 (2022): 5986.