Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.5
2.5
Journals
Applied Sciences
Special Issues
Machine Learning and Its Application for Anomaly Detection
applsci-logo
Submit to Special Issue Submit Abstract to Special Issue Review for Applied Sciences Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

Machine Learning and Its Application for Anomaly Detection

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 31 December 2026 | Viewed by 9744

Special Issue Editors

Dr. Naeem Ayoub

E-Mail Website
Guest Editor
SDU Technology Entrepreneurship and Innovation, University of Southern Denmark, 6400 Sønderborg, Denmark
Interests: predictive maintenance; data analysis; image processing; autonomous UAVs; generative AI; anomaly detection
Special Issues, Collections and Topics in MDPI journals
Dr. Amira Mouakher

E-Mail Website
Guest Editor
Department of Mathematics and Computer Science, UMR 218 ESPACE-DEV, University of Perpignan, Via Domitia, 66100 Perpignan, France
Interests: AI; eXplainable AI; big data; LLMs; ontologies

Special Issue Information

Dear Colleagues,

Anomaly detection plays a critical role in various domains, including cybersecurity, finance, industrial monitoring, and healthcare. Traditional detection methods often face challenges when dealing with high-dimensional data, rapidly changing environments, and intricate anomaly patterns. In contrast, machine learning (ML) has emerged as a robust solution, equipping practitioners with sophisticated techniques that enhance accuracy, scalability, and adaptability in anomaly detection.

This Special Issue seeks to showcase pioneering research and innovative applications of ML in the field of anomaly detection. We invite submissions that advance both theoretical frameworks and practical implementations, addressing topics such as, but not limited to, deep learning-based anomaly detection, real-time monitoring systems, the interpretability of ML-driven anomaly detection, and the synergistic integration of ML with edge and cloud computing.

Potential topics of interest include, but are not limited to:

  • Supervised, unsupervised, and semi-supervised ML methodologies for anomaly detection;
  • The utilization of deep learning and generative models for anomaly identification;
  • Anomaly detection applications in cybersecurity, finance, healthcare, and industrial systems;
  • Time-series anomaly detection and predictive maintenance strategies;
  • Federated and privacy-preserving ML techniques focused on anomaly detection;
  • Image anomaly detection (medical imaging, industrial inspection, remote sensing, and security);
  • Frameworks for real-time and streaming anomaly detection;
  • Explainable and interpretable ML approaches in the context of anomaly detection.

We encourage researchers and practitioners to submit original research articles, case studies, and reviews that contribute to the evolution of ML-based anomaly detection. This Special Issue aims to foster interdisciplinary dialogue and present novel solutions that advance the frontiers of anomaly detection technologies.

Dr. Naeem Ayoub
Dr. Amira Mouakher
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • anomaly detection
  • explainable AI (XAI)
  • time-series analysis
  • generative AI
  • predictive maintenance
  • cybersecurity
  • industrial monitoring
  • healthcare analytics
  • real-time systems
  • federated learning
  • privacy-preserving machine learning
  • image anomaly detection
  • edge computing
  • cloud-based detection
  • outlier detection
  • adaptive detection systems and industrial IoTs

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (5 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

32 pages, 2876 KB  
Article
CCNETS: A Modular Causal Learning Framework for Pattern Recognition in Imbalanced Datasets
by Hanbeot Park, Yunjeong Cho and Hunhee Kim
Appl. Sci. 2026, 16(4), 1998; https://doi.org/10.3390/app16041998 - 17 Feb 2026
Viewed by 765
Abstract
Handling class imbalance remains a central challenge in machine learning, particularly in pattern recognition tasks where identifying rare but critical anomalies is of paramount importance. Traditional generative models often decouple data synthesis from classification, leading to a distribution mismatch that limits their practical [...] Read more.
Handling class imbalance remains a central challenge in machine learning, particularly in pattern recognition tasks where identifying rare but critical anomalies is of paramount importance. Traditional generative models often decouple data synthesis from classification, leading to a distribution mismatch that limits their practical benefit. To address these shortcomings, we introduce Causal Cooperative Networks (CCNETS), a modular framework that establishes a functional causal link between generation, inference, and reconstruction. CCNETS is composed of three specialized cooperative modules: an Explainer for latent feature abstraction, a Reasoner for probabilistic label prediction, and a Producer for context-aware data synthesis. These components interact through a dynamic causal feedback loop, where classification outcomes directly guide targeted sample synthesis to adaptively reinforce vulnerable decision boundaries. A key innovation, our proposed Zoint mechanism, enables the adaptive fusion of latent and observable features, enhancing semantic richness and decision-making robustness under uncertainty. We evaluated CCNETS on two distinct real-world datasets: Credit Card Fraud Detection dataset, characterized by extreme imbalance (fraud rate < 0.2%), and the AI4I 2020 Predictive Maintenance dataset (failure rate < 4%). Across comprehensive experimental setups, CCNETS consistently outperformed baseline methods, achieving superior F1-scores, and AUPRC. Furthermore, data synthesized by CCNETS demonstrated enhanced generalization and learning stability under limited data conditions. These results establish CCNETS as a scalable, interpretable, and hybrid soft computing framework that effectively aligns synthetic data with classifier objectives, advancing robust imbalanced learning. Full article
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)
Show Figures

Figure 1

18 pages, 977 KB  
Article
BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems
by Mustafa Berk Keles and Mehmet Gokturk
Appl. Sci. 2026, 16(2), 876; https://doi.org/10.3390/app16020876 - 14 Jan 2026
Viewed by 491
Abstract
Detecting fraudulent and anomalous transactions in large-scale digital payment systems is significantly challenging due to severe class imbalance and the fact that transactional risk is tightly coupled to the historical interactions and behaviors of transacting parties. In this study, a scalable Behavioral Interaction-Aware [...] Read more.
Detecting fraudulent and anomalous transactions in large-scale digital payment systems is significantly challenging due to severe class imbalance and the fact that transactional risk is tightly coupled to the historical interactions and behaviors of transacting parties. In this study, a scalable Behavioral Interaction-Aware Gradient Boosting (BI-GBDT) framework is proposed for anomaly detection in tabular transaction data to overcome these challenges. The methodology models sending and receiving behaviors separately through direction-specific clustering based on transaction frequency and amount. Each transaction is characterized by cluster-pair prevalence ratios, which capture the population-level prevalence of sender–receiver interaction patterns. To handle extreme class imbalance, all transactions are clustered, and a cluster-level risk score is computed as the ratio of anomalous transactions to the total number of transactions within each cluster. This score is incorporated as a feature, serving as a behavioral risk prior highlighting concentrated anomaly. These interaction-aware features are integrated into a GBDT in a big data environment. Experiments were conducted on a large masked real-world payment dataset spanning six months and containing more than 456 million transactions, with the prediction task defined as binary classification between fraudulent and non-fraudulent transactions. Unlike standard GBDT models trained only on transactional attributes and graph-based approaches, BI-GBDT captures sender–receiver interaction patterns in a graph-free manner and outperforms a baseline GBDT, reducing the false positive rate from 37.0% to 4.3%, increasing recall from 52.3% to 72.0%, and improving accuracy from 63.0% to 95.7%. Full article
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)
Show Figures

Figure 1

29 pages, 2154 KB  
Article
A Lightweight Training Approach for MITM Detection in IoT Networks: Time-Window Selection and Generalization
by Yi-Min Yang, Ko-Chin Chang and Jia-Ning Luo
Appl. Sci. 2025, 15(22), 12147; https://doi.org/10.3390/app152212147 - 16 Nov 2025
Cited by 1 | Viewed by 932
Abstract
The world has adopted so many IoT devices but it comes with its own share of security vulnerabilities. One such issue is ARP spoofing attack which allows a man-in-the-middle to intercept packets and thereby modify the communication. Also, this allows an intruder to [...] Read more.
The world has adopted so many IoT devices but it comes with its own share of security vulnerabilities. One such issue is ARP spoofing attack which allows a man-in-the-middle to intercept packets and thereby modify the communication. Also, this allows an intruder to gain access to the user’s entire local area network. The ACI-IoT-2023 dataset captures ARP spoofing attacks, yet its absence of specified extracted features hinders its application in machine learning-aided intrusion detection systems. To combat this, we present a framework for ARP spoofing detection which improves the dataset by extracting ARP-specific features and evaluating their impact under different time-window configurations. Beyond generic feature engineering and model evaluation, we contribute by treating ARP spoofing as a time-window pattern and aligning the window length with observed spoofing persistence from the dataset timesheet—turning window choice into an explainable, repeatable setting for constrained IoT devices; by standardizing deployment-oriented efficiency profiling (inference latency, RAM usage, and model size) reported alongside accuracy, precision, recall and F1-scores to enable edge-feasible model selection; and by providing an ARP-focused, reproducible pipeline that reconstructs L2 labels from public PCAPs and derives missing link-layer indicators, yielding a transparent path from labeling to windowed features to training evaluation. Our research systematically analyzes five models with multiple time-windows, including Decision Tree, Random Forest, XGBoost, CatBoost, and K-Nearest Neighbors. This study shows that XGBoost and CatBoost provide maximum performance at the 1800 s window that corresponds to the longest spoofing duration in the timesheet, achieving accuracy greater than 0.93%, precision above 0.95%, recall near 0.91%, and F1-scores above 0.93%. Although Decision Tree has the least inference latency (∼0.4 ms.), its lower recall risks missed attacks. By contrast, XGBoost and CatBoost sustain strong detection with less than 6$ ms inference and moderate RAM, indicating practicality for IoT deployment. We also observe diminishing returns beyond (∼1800 s) due to temporal over-aggregation. Full article
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)
Show Figures

Figure 1

19 pages, 3864 KB  
Article
DyP-CNX: A Dynamic Preprocessing-Enhanced Hybrid Model for Network Intrusion Detection
by Mingshan Xia, Li Wang, Yakang Li, Jiahong Xu and Fazhi Qi
Appl. Sci. 2025, 15(17), 9431; https://doi.org/10.3390/app15179431 - 28 Aug 2025
Viewed by 906
Abstract
With the continuous growth of network threats, intrusion detection systems need to have robustness and adaptability to effectively identify malicious behaviors. However, factors such as noise interference, class imbalance, and complex attack pattern recognition have posed significant challenges to traditional systems. To address [...] Read more.
With the continuous growth of network threats, intrusion detection systems need to have robustness and adaptability to effectively identify malicious behaviors. However, factors such as noise interference, class imbalance, and complex attack pattern recognition have posed significant challenges to traditional systems. To address these issues, this paper proposes a dynamic preprocessing-enhanced DyP-CNX framework. The framework designs a sliding window dynamic interquartile range (IQR) standardization mechanism to effectively suppress the temporal non-stationarity interference of network traffic. It also combines a random undersampling strategy to mitigate the class imbalance problem. The model architecture adopts a CNN-XGBoost collaborative learning framework, combining a dual-channel convolutional neural network (CNN) and two-stage extreme gradient boosting (XGBoost) to integrate the original statistical features and deep semantic features. On the UNSW-NB15 and CSE-CIC-IDS2018 datasets, the method achieved F1 values of 91.57% and 99.34%, respectively. The experimental results show that the DyP-CNX method has the potential to handle the feature drift and pattern confusion problems in complex network environments, providing a new technical solution for adaptive intrusion detection systems. Full article
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)
Show Figures

Figure 1

25 pages, 2432 KB  
Article
LogRESP-Agent: A Recursive AI Framework for Context-Aware Log Anomaly Detection and TTP Analysis
by Juyoung Lee, Yeonsu Jeong, Taehyun Han and Taejin Lee
Appl. Sci. 2025, 15(13), 7237; https://doi.org/10.3390/app15137237 - 27 Jun 2025
Cited by 3 | Viewed by 5617
Abstract
As cyber threats become increasingly sophisticated, existing log-based anomaly detection models face critical limitations in adaptability, semantic interpretation, and operational automation. Traditional approaches based on CNNs, RNNs, and LSTMs struggle with inconsistent log formats and often lack interpretability. To address these challenges, we [...] Read more.
As cyber threats become increasingly sophisticated, existing log-based anomaly detection models face critical limitations in adaptability, semantic interpretation, and operational automation. Traditional approaches based on CNNs, RNNs, and LSTMs struggle with inconsistent log formats and often lack interpretability. To address these challenges, we propose LogRESP-Agent, a modular AI framework built around a reasoning-based agent for log-driven security prediction and response. The architecture integrates three core capabilities, including (1) LLM-based anomaly detection with semantic explanation, (2) contextual threat reasoning via Retrieval-Augmented Generation (RAG), and (3) recursive investigation capabilities enabled by a planning-capable LLM agent. This architecture supports automated, multi-step analysis over heterogeneous logs without reliance on fixed templates. Experimental results validate the effectiveness of our approach on both binary and multi-class classification tasks. On the Monster-THC dataset, LogRESP-Agent achieved 99.97% accuracy and 97.00% F1-score, while also attaining 99.54% accuracy and 99.47% F1-score in multi-class classification using the EVTX-ATTACK-SAMPLES dataset. These results confirm the agent’s ability to not only detect complex threats but also explain them in context, offering a scalable foundation for next-generation threat detection and response automation. Full article
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-5
Back to TopTop