Search Results (167)

Air traffic is increasingly complicated, and with the expansion of the aviation industry, a growing emphasis on the safety of flight is being driven. According to flight experience and safety regulation standards, flight abnormal behavior is typically manifested through trajectories as well as other behavioral characteristics. Trajectory anomaly detection is a critical component for ensuring flight safety. This paper presents a comprehensive review that covers flight abnormal behavior analysis and trajectory anomaly detection. The definition of flight abnormal behavior and trajectory is clarified at first. Then, this paper proposes a framework of anomaly detection in flight trajectory. On this basis, the review expounds upon the methodologies that have been employed in three primary types of trajectory anomaly detection: speed anomalies, altitude anomalies, and heading deviations. The main applications in this field consist of anomaly warning, online real-time anomaly detection, and the quantitative evaluation of flight abnormal behavior. Future research should encompass studies on the classification of flight traffic behavior classification, the integration of flight trajectory, and other data sources to identify flight abnormal behaviors. This study contributes to furnish more actionable insights for the advancement of trajectory anomaly detection technologies, offering significant implications for an in-depth comprehension of flight abnormal behavior. Full article

Intrusion detection aims to effectively detect abnormal attacks in Internet of Things (IoT) networks, which is crucial for cybersecurity. However, it is difficult for traditional intrusion detection methods to effectively extract data features from traffic data, and most existing models are too complex to be deployed on edge servers. Addressing this need, this paper proposes a hybrid feature selection method and a lightweight deep learning intrusion detection model. Firstly, the data feature space is reduced using variance filtering, mutual information, and the Pearson Correlation Coefficient, thereby reducing the computational cost of subsequent model training. Then, an intrusion detection model based on a Temporal Convolutional Network (TCN) is constructed. This model utilizes dilated causal convolutions to effectively capture long-term temporal dependencies in network traffic. Simultaneously, the residual connections are used to mitigate the vanishing gradient problem, making the model easier to train and converge. Finally, experiments are conducted on the newly released Edge-IIoTset dataset. The results show that the proposed feature selection algorithm maintains good detection performance despite a significant reduction in feature dimensionality. Furthermore, compared with other models, the proposed TCN-based approach achieves higher classification accuracy with lower computational overhead, demonstrating its suitability for deployment in resource-constrained edge computing environments. Full article

With the rapid growth of large-scale networks, traditional rule-based and supervised anomaly detection methods struggle with heavy reliance on labeled data, slow response to rapidly changing patterns, and difficulty in capturing complex temporal anomalies. At the same time, real-world traffic exhibits strong class imbalance, where normal samples overwhelmingly dominate, causing many existing models to miss subtle but critical abnormal behaviors. To address these challenges, this paper proposes an unsupervised temporal anomaly detection framework for network traffic based on a Transformer-autoencoder bidirectional prediction and reconstruction model. The framework combines the advantages of autoencoders and regression models, using multi-head self-attention and positional encoding to capture long-range temporal dependencies in traffic sequences. A masked decoding mechanism is further employed to prevent information leakage from future time steps. The model jointly generates forward and backward predictions as well as reconstructed sequences, and designs multiple anomaly scoring strategies that integrate prediction and reconstruction errors to enhance the sensitivity to point, contextual, and collective anomalies under highly imbalanced data. Experiments on three public benchmark datasets demonstrate that the proposed method significantly improves detection performance, achieving up to an F1 score of 0.960 and a precision of 0.949, with recall approaching 1.0, while reducing false alarms, thereby showing strong applicability to practical network security scenarios. Full article

With the rapid growth of live-streaming e-commerce and digital marketing, abnormal marketing behaviors have become increasingly concealed, coordinated, and intertwined across heterogeneous data modalities, posing substantial challenges to data-driven platform governance and early risk identification. Existing approaches often fail to jointly model cross-modal temporal semantics, the gradual evolution of weak abnormal signals, and organized group-level manipulation. To address these challenges, a data-driven multimodal abnormal behavior detection framework, termed MM-FGDNet, is proposed for large-scale live-streaming environments. The framework models abnormal behaviors from two complementary perspectives, namely temporal evolution and cooperative group structure. A cross-modal temporal alignment module first maps video, text, audio, and user behavioral signals into a unified temporal semantic space, alleviating temporal misalignment and semantic inconsistency across modalities. Building upon this representation, a temporal fraud pattern modeling module captures the progressive transition of abnormal behaviors from early incipient stages to abrupt outbreaks, while a cooperative manipulation detection module explicitly identifies coordinated interactions formed by organized user groups and automated accounts. Extensive experiments on real-world multi-platform live-streaming e-commerce datasets demonstrate that MM-FGDNet consistently outperforms representative baseline methods, achieving an AUC of 0.927 and an F1 score of 0.847, with precision and recall reaching 0.861 and 0.834, respectively, while substantially reducing false alarm rates. Moreover, the proposed framework attains an Early Detection Score of 0.689. This metric serves as a critical benchmark for operational viability, quantifying the system’s capacity to shift platform governance from passive remediation to proactive prevention. It confirms the reliable identification of the “weak-signal” stage—rigorously defined as the incipient phase where subtle, synchronized deviations in interaction rhythms manifest prior to traffic inflation outbreaks—thereby providing the necessary time window for preemptive intervention against coordinated manipulation. Ablation studies further validate the independent contributions of each core module, and cross-domain generalization experiments confirm stable performance across new streamers, new product categories, and new platforms. Overall, MM-FGDNet provides an effective and scalable data-driven artificial intelligence solution for early detection of coordinated abnormal behaviors in live-streaming systems. Full article

As cyberattacks become more intelligent and diverse, enterprises’ digital assets face greater challenges. We developed a learning-based endpoint attack detection system (DLEADS) that continuously monitors CPU usage, memory load, disk I/O, network traffic, and other system metrics. By feeding data into a convolutional neural network, the system presents high accuracy in detecting abnormal behavior and classifying various attack types, enabling early warning and rapid incident response. DLEADS demonstrates high performance on real-world enterprise datasets, offering a practical solution for automated cybersecurity management. Full article

With the widespread adoption of the Internet of Things (IoT) and smart devices, the volume of data generated in sensor networks has increased dramatically, with diverse and structurally complex types that pose growing security risks. Anomaly detection in sensor networks has become a key technology for ensuring system stability and secure operation. This paper proposes a sensor anomaly detection model, termed RESTADM, which integrates a Transformer and a Radial Basis Function (RBF) neural network. The model first employs the Transformer to effectively capture the temporal dependencies in sensor data and then uses the RBF neural network to accurately identify anomalies. Experimental results on two public benchmark datasets, SMD and PSM, demonstrate the state-of-the-art performance of RESTADM. Our model achieves impressive F1-scores of 98.56% on SMD and 97.70% on PSM. This represents a statistically significant improvement compared to a range of baseline algorithms, including traditional models like CNN and LSTM, as well as the standard Transformer model. This validates the effectiveness of our proposed Transformer-RBF fusion, confirming the model’s high accuracy and robustness and offering an efficient security solution for intelligent sensing systems. Full article

Amid rapid advancements in artificial intelligence, the detection of abnormal human behaviors in complex traffic environments has garnered significant attention. However, detection errors frequently occur due to interference from complex backgrounds, small targets, and other factors. Therefore, this paper proposes a research methodology that integrates the anomaly detection YOLO-SGCF algorithm with the tracking BoT-SORT-ReID algorithm. The detection module uses YOLOv8 as the baseline model, incorporating Swin Transformer to enhance global feature modeling capabilities in complex scenes. CBAM and CA attention are embedded into the Neck and backbone, respectively: CBAM enables dual-dimensional channel-spatial weighting, while CA precisely captures object location features by encoding coordinate information. The Neck layer incorporates GSConv convolutional modules to reduce computational load while expanding feature receptive fields. The loss function is replaced with Focal-EIoU to address sample imbalance issues and precisely optimize bounding box regression. For tracking, to enhance long-term tracking stability, ReID feature distances are incorporated during the BoT-SORT data association phase. This integrates behavioral category information from YOLO-SGCF, enabling the identification and tracking of abnormal pedestrian behaviors in complex environments. Evaluations on our self-built dataset (covering four abnormal behaviors: Climb, Fall, Fight, Phone) show mAP@50%, precision, and recall reaching 92.2%, 90.75%, and 86.57% respectively—improvements of 3.4%, 4.4%, and 6% over the original model—while maintaining an inference speed of 328.49 FPS. Additionally, generalization testing on the UCSD Ped1 dataset (covering six abnormal behaviors: Biker, Skater, Car, Wheelchair, Lawn, Runner) yielded an mAP score of 92.7%, representing a 1.5% improvement over the original model and outperforming existing mainstream models. Furthermore, the tracking algorithm achieved an MOTA of 90.8% and an MOTP of 92.6%, with a 47.6% reduction in IDS, demonstrating superior tracking performance compared to existing mainstream algorithms. Full article

Intelligent recognition of ship motion states is a key technology for achieving smart maritime supervision and optimized port scheduling. To enhance both the modeling efficiency and recognition accuracy of AIS trajectory data, this paper proposes a ship behavior recognition method that integrates trajectory-to-image conversion with a convolutional neural network (CNN) for classifying three typical motion states: mooring, anchoring, and sailing. Firstly, a multi-step preprocessing pipeline is established, incorporating trajectory cleaning, interpolation complementation, and segmentation to ensure data completeness and consistency; secondly, dynamic features—including speed, heading, and temporal progression—are encoded into an RGB three-channel image, which not only preserves the original spatial and temporal information of the trajectory but also strengthens the dimension of the feature expression of the image. Thirdly, the lightweight CNN architecture (CNN-Lite) is designed to automatically extract spatial motion patterns from these images, with data augmentation techniques further enhancing model robustness and generalization across diverse scenarios. Finally, comprehensive comparative experiments are conducted to evaluate the proposed method. On a real-world AIS dataset, the proposed method achieves an accuracy of 91.54%, precision of 91.51%, recall of 91.54%, and F1-score of 91.52%—demonstrating superior or highly competitive performance compared with SVM, KNN, MLSTM, ResNet-50 and Swin-Transformer in both classification accuracy and model stability. These results confirm that constructing dynamic-feature-enriched RGB trajectory images and designing a lightweight CNN can effectively improve ship behavior recognition performance and provide a practical and efficient technical solution for abnormal anchoring detection, maritime traffic monitoring, and development of intelligent shipping systems. Full article

Deficiencies in road anomaly detection systems precipitate multifaceted risks, including elevated collision probabilities from unidentified hazards, compromised traffic flow efficiency, and exponential maintenance costs. Contemporary methods struggle with complex road environments, dynamic viewing perspectives, and limited datasets. We present AVD-YOLO, an enhanced YOLO variant that synergistically integrates Active Vision-Driven (AVD) multi-scale feature extraction with Position Modulated Attention (PMA) mechanisms. PMA addresses diminished target-background discriminability under variable illumination and weather conditions by capturing long range spatial dependencies, enhancing weak-feature target detection. The AVD technique mitigates missed detections caused by real-time viewing distance variations through adaptive multi-receptive field mechanisms, maintaining conceptual target fixation while dynamically adjusting feature scales. To address data scarcity, a comprehensive Multi-Class Road Anomaly Dataset (MCRAD) comprising 14,208 annotated images across nine anomaly categories is constructed. Experiments demonstrate that AVD-YOLO improves detection accuracy, achieving a 1.6% gain in mAP@0.5 and a 2.9% improvement in F1-score over baseline. These performance gains indicate both more precise localization of abnormal objects and a better balance between precision and recall, thereby enhancing the overall robustness of the detection model. Full article

A critical task in infrastructure security is to model user traffic in transportation systems to alert whenever anomalous behavior is observed. Discerning those abnormal samples is possible by auditing the available data, which then enables proper policy making to guarantee fair tariffs and the design of strategies to tackle problems such as passenger congestion. In this paper, we present an offline cybersecurity approach for the multimodal modeling of user traffic for the Colombian metro. To identify the anomalies, we design custom Deep Autoencoders based on the embeddings produced by the Self-Supervised Learning TabNet architecture. Additionally, we provide explainability through a SHAP-based component and the analysis of external image data using LLaVA as the selected Large Multimodal Model. The results indicate that most problems that occur on one metro line also affect the other, demonstrating the interconnectivity of the metro system, a crucial aspect that motivates the coordinated emergency response to improve the passenger travel experience. Although the detected problems might already have been identified and reported on social media, the transparency provided helps create confidence when an abnormality is observed, and in case there is no backup information on our official external data sources, it represents an alert to examine it more deeply, becoming an intelligent assessment tool for the metro. This article also sheds light on the potential of the publicly available dataset used and the importance of expanding its existing variables and information. Full article

Traffic anomaly detection plays a crucial role in improving road safety and enabling timely responses to abnormal events. Recent research has explored generative and predictive models to enhance detection accuracy; however, the dynamic and complex nature of traffic scenes often introduces noise and uncertainty, reducing reliability. This work presents TGU-Net, a Temporal Generative U-Net framework designed for real-time traffic anomaly detection in urban environments. The proposed model integrates two key innovations: (1) a temporal modeling component that captures dependencies across consecutive frames, and (2) contextual scene enrichment that enhances the distinction between normal and anomalous behaviors. These additions mitigate reconstruction noise and improve detection robustness without compromising computational efficiency. Experimental evaluations on a synthetically generated CARLA-based dataset demonstrate that TGU-Net achieves strong performance in precision, recall, and early anomaly detection, confirming its potential as a scalable and reliable framework for real-world traffic monitoring systems. Full article

Network attacks are becoming increasingly diverse and sophisticated, resulting in complex cybersecurity challenges, which can be fundamentally viewed as a disruption of the symmetry or balanced state in normal network behavior. To address these challenges, graph representation learning methods have gained prominence in network anomaly detection. These methods effectively represent complex network traffic data as graphs and capture data relationships. By integrating deep learning, graph neural networks, and other techniques, graph representation learning enhances the accuracy and efficiency of network anomaly detection in complex network environments. This paper proposes a novel network anomaly detection model based on graph representation learning called ETG-EESAGE. The model constructs an event key time subgraph (ETG) to group similar data and enhance structural features. Then, it introduces an edge enhancement sampling aggregation algorithm (EESAGE) to capture node relations and differentiate edge information accurately. The model generates richer node feature representations during aggregation and detects abnormal nodes using a threshold. Experimental evaluations on the CIC-IDS2017 dataset demonstrate the strong performance of the proposed model across multiple daily subsets. Under optimal configuration settings, ETG-EESAGE achieves an average accuracy of 95.5%, precision of 97.9%, recall of 97.3%, and F1-score of 97.7%, outperforming other baseline algorithms. The model also exhibits strong interpretability and applicability in real-world network anomaly detection scenarios. Full article

Distributed denial of service (DDoS) attacks pose a serious risk to the operational stability of a network for companies, often leading to service disruptions and financial damage and a loss of trust and credibility. The increasing sophistication and scale of these threats highlight the pressing need for advanced mitigation strategies. Despite the numerous existing studies on DDoS detection, many rely on large, redundant feature sets and lack validation for real-time applicability, leading to high computational complexity and limited generalization across diverse network conditions. This study addresses this gap by proposing a feature-optimized and computationally efficient ML framework for DDoS detection and mitigation using benchmark dataset. The proposed approach serves as a foundational step toward developing a low complexity model suitable for future real-time and hardware-based implementation. The dataset was systematically preprocessed to identify critical parameters, such as packet length Min, Total Backward Packets, Avg Fwd Segment Size, and others. Several ML algorithms, involving Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, and Cat-Boost, are applied to develop models for detecting and mitigating abnormal network traffic. The developed ML model demonstrates high performance, achieving 99.78% accuracy with Decision Tree and 99.85% with Random Forest, representing improvements of 1.53% and 0.74% compared to previous work, respectively. In addition, the Decision Tree algorithm achieved 99.85% accuracy for mitigation. with an inference time as low as 0.004 s, proving its suitability for identifying DDoS attacks in real time. Overall, this research presents an effective approach for DDoS detection, emphasizing the integration of ML models into existing security systems to enhance real-time threat mitigation. Full article

Industrial control systems (ICS), as critical infrastructure supporting national operations, are increasingly threatened by sophisticated stealthy network attacks. These attacks often break malicious behaviors into multiple highly camouflaged packets, which are embedded into large-scale background traffic with low frequency, making them semantically and temporally indistinguishable from normal traffic and thus evading traditional detection. Existing methods largely rely on flow-level statistics or long-sequence modeling, resulting in coarse detection granularity, high latency, and poor byte-level interpretability, falling short of industrial demands for real-time and actionable detection. To address these challenges, we propose Avocado, a fine-grained, multi-level intrusion detection model. Avocado’s core innovation lies in contextual flow-feature fusion: it models each packet jointly with its surrounding packet sequence, enabling independent abnormality detection and precise localization. Moreover, a shared-query multi-head self-attention mechanism is designed to quantify byte-level importance within packets. Experimental results show that Avocado significantly outperforms state-of-the-art flow-level methods on NGAS and CLIA-M221 datasets, improving packet-level detection ACC by 1.55% on average, and reducing FPR and FNR to 3.2%, 3.6% (NGAS), and 3.7%, 4.3% (CLIA-M221), respectively, demonstrating its superior performance in both detection and interpretability. Full article

In open-network environments of smart buildings and urban infrastructure, abnormal traffic from security and energy monitoring systems is critical for operational safety and decision reliability. We can develop malware that exploits building automation protocols to simulate attacks involving the falsification or modification of chiller controller commands, thereby endangering the entire network infrastructure. Intrusion detection systems rely on abundant labeled abnormal traffic data to detect attack patterns, improving network system reliability. However, transmitting such data faces two major challenges: single-feature representations fail to capture comprehensive traffic features, limiting the information representation for artificial intelligence (AI)-based detection models, and unconcealed abnormal traffic is easily intercepted by firewalls or intrusion detection systems, hindering cross-departmental sharing. Existing methods struggle to balance feature integrity and transmission stealth, often sacrificing one for the other or relying on easily detectable spatial-domain steganography. To address these gaps, we propose a multi-channel imaging hiding method that reconstructs abnormal traffic into multi-channel images by combining three mappings to generate grayscale images that depict traffic state transitions, dynamic trends, and internal similarity, respectively. These images are combined to enhance feature representation and embedded into frequency-domain adversarial examples, enabling evasion of security devices while preserving traffic integrity. Experimental results demonstrate that our method captures richer information than single-representation approaches, achieving a PSNR of 44.5 dB (a 6.0 dB improvement over existing methods) and an SSIM of 0.97. The high-fidelity reconstructions enabled by these gains facilitate the secure and efficient sharing of abnormal traffic data, thereby enhancing AI-driven security in smart buildings. Full article