Anomaly detection is essential for a broad range of security, surveillance, and monitoring problems in areas ranging from health care and environmental protection to homeland security and manufacturing. However, because of the increasing complexity of systems and data, as well as the increasing sophistication of adversaries, traditional methods of anomaly detection are no longer sufficient. These methods assume that anomalies look substantially different from normal measurements, or that their characteristics remain constant over time. In many practical applications of interest, however, anomalies are only distinguished by subtle spatio-temporal characteristics. For example, a network security event may involve a sequence of traffic patterns, each of which is innocuous in its own right, but which occupy a localized or lower-dimensional spatial domain when viewed together. Alternatively, anomalies may exhibit temporal structure caused by a slow but steady drift from normal to abnormal behavior. This project develops new theoretical and algorithmic approaches to detecting such spatio-temporal anomalies. The research will impact the monitoring of a wide range of critical infrastructures and application domains, including environmental systems, health care networks, power grids, and communication networks.
The project focuses on spatio-temporal anomalies that (1) have significant spatial overlap with the nominal distribution, (2) are distributed on a manifold of lower dimension than nominal measurements, and (3) have time-varying distributional characteristics. The research applies and extends techniques from statistical machine learning, including transductive, manifold-adaptive, and online learning, to the anomaly detection setting. This framework allows the investigators to address several difficult and long-standing challenges such as optimal tracking of drifting anomaly distributions and efficient relaxations of combinatorial graph-based inference algorithms.