Document Type : Review Article
Authors
1 Department of Electrical Engineering, Na.C., Islamic Azad University, Najafabad, Iran.
2 Digital Processing and Machine Vision Research Center, Na.C., Islamic Azad University, Najafabad, Iran.
3 Department of Computer Engineering, WT.C., Islamic Azad University, Tehran, Iran.
10.57647/j.mjee.2025.1902.26
Abstract
Anomaly detection in diverse domains is confronted with the challenges posed by the increasing volume, velocity, and complexity of data. This paper presents a comprehensive review of recent advancements and research trends in anomaly detection across various domains, including high-dimensional big data, sensor systems, information and communication technology, IoT data, energy consumption, and real-time networks amidst cyber-attacks. Through a systematic analysis of recent literature, this review synthesizes key findings, methodologies, and challenges, providing insights into current strategies and future directions for anomaly detection technology. The reviewed papers highlight the importance of addressing domain-specific challenges, fostering interdisciplinary collaboration, and advancing methodological innovation to develop robust, scalable, and effective anomaly detection solutions capable of meeting the evolving demands of today’s data-driven world.
Keywords
[1] G. A. Marin, "Network security basics," *IEEE Secur. Privacy*, vol. 3, no. 6, pp. 68–72, Nov. 2005, DOI: 10.1109/MSP.2005.153.
[2] S. Aljawarneh, M. Aldwairi, and M. B. Yassein, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," *J. Comput. Sci.*, vol. 25, pp. 152–160, 2018, DOI: 10.1016/j.jocs.2017.04.009.
[3] D. E. Denning, "An intrusion-detection model," *IEEE Trans. Softw. Eng.*, vol. SE-13, no. 2, pp. 222–232, Feb. 1987, DOI: 10.1016/j.procs.2016.09.346.
[4] S.-J. Horng et al., "A novel intrusion detection system based on hierarchical clustering and support vector machines," *Expert Syst. Appl.*, vol. 38, no. 1, pp. 306–313, 2011, DOI: 10.5815/ijcnis.2016.01.07.
[5] E. De la Hoz, E. De La Hoz, A. Ortiz, J. Ortega, and B. Prieto, "PCA filtering and probabilistic SOM for network intrusion detection," *Neurocomputing*, vol. 164, pp. 71–81, 2015, DOI: 10.1016/j.neucom.2014.09.083.
[6] I. S. Thaseen and C. A. Kumar, "Intrusion detection model using fusion of chi-square feature selection and multi class SVM," *J. King Saud Univ.-Comput. Inf. Sci.*, vol. 29, no. 4, pp. 462–472, 2017, DOI: 10.1016/j.procs.2019.11.170.
[7] M. V. Mahoney and P. K. Chan, "Learning rules for anomaly detection of hostile network traffic," in *Proc. 3rd IEEE Int. Conf. Data Mining*, 2003, DOI: 10.1109/ICDM.2003.1250987.
[8] C. Sinclair, L. Pierce, and S. Matzner, "An application of machine learning to network intrusion detection," in *Proc. 15th Annu. Comput. Secur. Appl. Conf. (ACSAC'99)*, 1999, DOI: 10.1016/j.gltp.2021.08.017.
[9] Z. Chiba, N. Abghour, K. Moussaid, A. El Omri, and M. Rida, "A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection," *Comput. Secur.*, vol. 75, pp. 36–58, 2018, DOI: 10.1016/j.cose.2018.01.023.
[10] A. F. M. Agarap, "A neural network architecture combining gated recurrent unit (GRU) and support vector machine (SVM) for intrusion detection in network traffic data," in *Proc. 2018 10th Int. Conf. Mach. Learn. Comput.*, 2018, DOI: 10.48550/arXiv.1709.03082.
[11] M. M. Rathore et al., "Intrusion detection using decision tree model in high-speed environment," in *Proc. 2018 Int. Conf. Soft-Comput. Netw. Secur. (ICSNS)*, 2018, DOI: 10.1109/ICSNS.2018.8573631.
[12] B. Cui, S. He, and H. Jin, "Multi-layer anomaly detection for Internet traffic based on data mining," in *Proc. 2015 9th Int. Conf. Innov. Mobile Internet Serv. Ubiquitous Comput.*, Jul. 2015, DOI: 10.1109/IMIS.2015.43.
[13] P. A. A. Resende and A. C. Drummond, "A survey of random forest based methods for intrusion detection systems," *ACM Comput. Surv.*, vol. 51, no. 3, pp. 1–36, 2018, DOI: 10.1145/3178582.
[14] H. Feng, M. Li, X. Hou, and Z. Xu, "Study of network intrusion detection method based on SMOTE and GBDT," *Appl. Res. Comput.*, vol. 34, no. 12, pp. 3745–3748, 2017, DOI: 10.1145/3290480.3290505.
[15] J. Yang, J. Deng, S. Li, and Y. Hao, "Improved traffic detection with support vector machine based on restricted Boltzmann machine," *Soft Comput.*, vol. 21, no. 11, pp. 3101–3112, 2017, DOI: 10.1007/s00500-015-1994-9.
[16] S. A. Aljawarneh and R. Vangipuram, "GARUDA: Gaussian dissimilarity measure for feature representation and anomaly detection in Internet of things," *J. Supercomput.*, vol. 76, no. 6, pp. 4376–4413, 2020, DOI: 10.1145/3460620.3460757.
[17] J.-Y. Jiang, R.-J. Liou, and S.-J. Lee, "A fuzzy self-constructing feature clustering algorithm for text classification," *IEEE Trans. Knowl. Data Eng.*, vol. 23, no. 3, pp. 335–349, Mar. 2010, DOI: 10.1109/TKDE.2010.122.
[18] D. J. Weller-Fahy, B. J. Borghetti, and A. A. Sodemann, "A survey of distance and similarity measures used within network intrusion anomaly detection," *IEEE Commun. Surv. Tutor.*, vol. 17, no. 1, pp. 70–91, 2014, DOI: 10.1109/COMST.2014.2336610.
[19] W.-C. Lin, S.-W. Ke, and C.-F. Tsai, "CANN: An intrusion detection system based on combining cluster centers and nearest neighbors," *Knowl.-Based Syst.*, vol. 78, pp. 13–21, 2015, DOI: 10.1016/j.knosys.2015.01.009.
[20] R. K. Gunupudi, M. Nimmala, N. Gugulothu, and S. R. Gali, "CLAPP: A self constructing feature clustering approach for anomaly detection," *Future Gener. Comput. Syst.*, vol. 74, pp. 417–429, 2017, DOI: 10.1016/j.future.2016.12.040.
[21] A. Nagaraja, B. Uma, and R. k. Gunupudi, "UTTAMA: An intrusion detection system based on feature clustering and feature transformation," *Found. Sci.*, vol. 25, no. 4, pp. 1049–1075, 2020, DOI: 10.1007/s10699-019-09589-5.
[22] F. Ullah, S. Ullah, G. Srivastava, and J. C.-W. Lin, "IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic," *Digit. Commun. Netw.*, vol. 10, no. 1, pp. 190–204, 2024, DOI: 10.1016/j.dcan.2023.03.008.
[23] Z. Wu, H. Zhang, P. Wang, and Z. Sun, "RTIDS: A robust transformer-based approach for intrusion detection system," *IEEE Access*, vol. 10, pp. 64375–64387, 2022, DOI: 10.1109/ICACCS60874.2024.10717109.
[24] Y. Liu and L. Wu, "Intrusion detection model based on improved transformer," *Appl. Sci.*, vol. 13, no. 10, p. 6251, 2023, DOI: 10.3390/app13106251.
[25] Z. Xiang and X. Li, "RETRACTED ARTICLE: Fusion of transformer and ML-CNN-BiLSTM for network intrusion detection," *EURASIP J. Wireless Commun. Netw.*, vol. 2023, no. 1, p. 71, 2023, DOI: 10.1186/s13638-023-02279-8.
[26] V. Dutta, M. Pawlicki, R. Kozik, and M. Choraś, "Unsupervised network traffic anomaly detection with deep autoencoders," *Logic J. IGPL*, vol. 30, no. 6, pp. 912–925, 2022, DOI: 10.1093/jigpal/jzac002.
[27] K. He, W. Zhang, X. Zong, and L. Lian, "Network intrusion detection based on feature image and deformable vision transformer classification," *IEEE Access*, vol. 12, pp. 44335–44350, 2024, DOI: 10.1109/ACCESS.2024.3376434.
[28] T. Jiang, X. Fu, and M. Wang, "BBO-CFAT: Network intrusion detection model based on BBO algorithm and hierarchical transformer," *IEEE Access*, 2024, DOI: 10.1109/ACCESS.2024.3386405.
[29] Z. Long, H. Yan, G. Shen, X. Zhang, H. He, and L. Cheng, "A transformer-based network intrusion detection approach for cloud security," *J. Cloud Comput.*, vol. 13, no. 1, p. 5, 2024, DOI: 10.1186/s13677-023-00574-9.
[30] H. Chen, G.-R. You, and Y.-R. Shiue, "Hybrid intrusion detection system based on data resampling and deep learning," *Int. J. Adv. Comput. Sci. Appl.*, vol. 15, no. 2, 2024, DOI: 10.14569/IJACSA.2024.0150214.
[31] F. S. Melícias et al., "GPT and interpolation-based data augmentation for multiclass intrusion detection in IIoT," *IEEE Access*, 2024, DOI: 10.1109/ACCESS.2024.3360879.
[32] A. Patcha and J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," *Comput. Netw.*, vol. 51, no. 12, pp. 3448–3470, 2007, DOI: 10.1016/j.comnet.2007.02.001.
[33] R. Ul Islam, M. S. Hossain, and K. Andersson, "A novel anomaly detection algorithm for sensor data under uncertainty," *Soft Comput.*, vol. 22, no. 5, pp. 1623–1639, 2018, DOI: 10.1007/s00500-016-2425-2.
[34] H. Saeedi Emadi and S. M. Mazinani, "A novel anomaly detection algorithm using DBSCAN and SVM in wireless sensor networks," *Wireless Pers. Commun.*, vol. 98, no. 2, pp. 2025–2035, 2018, DOI: 10.1007/s11277-017-4961-1.
[35] K. Agrawal, T. Alladi, A. Agrawal, V. Chamola, and A. Benslimane, "NovelADS: A novel anomaly detection system for intra-vehicular networks," *IEEE Trans. Intell. Transp. Syst.*, vol. 23, no. 11, pp. 22596–22606, Nov. 2022, DOI: 10.1109/TITS.2022.3146024.
[36] H. Sarmadi and A. Karamodin, "A novel anomaly detection method based on adaptive Mahalanobis-squared distance and one-class kNN rule for structural health monitoring under environmental effects," *Mech. Syst. Signal Process.*, vol. 140, p. 106495, 2020, DOI: 10.1016/j.ymssp.2019.106495.
[37] H. Guo, Z. Zhou, D. Zhao, and W. Gaaloul, "EGNN: Energy-efficient anomaly detection for IoT multivariate time series data using graph neural network," *Future Gener. Comput. Syst.*, vol. 151, pp. 45–56, 2024, DOI: 10.1016/j.future.2023.09.028.
[38] S. Alangari, "An unsupervised machine learning algorithm for attack and anomaly detection in IoT sensors," *Wireless Pers. Commun.*, pp. 1–25, 2024, DOI: 10.1007/s11277-023-10811-8.
[39] E. Altulaihan, M. A. Almaiah, and A. Aljughaiman, "Anomaly detection IDS for detecting DoS attacks in IoT networks based on machine learning algorithms," *Sensors*, vol. 24, no. 2, p. 713, 2024, DOI: 10.3390/s24020713.
[40] M. M. Inuwa and R. Das, "A comparative analysis of various machine learning methods for anomaly detection in cyber attacks on IoT networks," *Internet Things*, vol. 26, p. 101162, 2024, DOI: 10.1016/j.iot.2024.101162.
[41]Alsalman, D. (2024). A Comparative Study of Anomaly Detection Techniques for IoT Security using AMoT (Adaptive Machine Learning for IoT Threats). IEEE Access. DOI:10.3390/s24020713.
[42] A. K. Mishra, S. Paliwal, and G. Srivastava, "Anomaly detection using deep convolutional generative adversarial networks in the internet of things," *ISA Trans.*, vol. 145, pp. 493–504, 2024, DOI: 10.1016/j.isatra.2023.12.005.
[43] U. Tahir, M. K. Abid, M. Fuzail, and N. Aslam, "Enhancing IoT security through machine learning-driven anomaly detection," *VFAST Trans. Softw. Eng.*, vol. 12, no. 2, pp. 01–13, 2024, DOI: 10.21015/vtse.v12i1.1766.
[44] K. Nimmy, M. Dilraj, S. Sankaran, and K. Achuthan, "Leveraging power consumption for anomaly detection on IoT devices in smart homes," *J. Ambient Intell. Humaniz. Comput.*, vol. 14, no. 10, pp. 14045–14056, 2023, DOI: 10.1007/s12652-022-04110-6.
[45] A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, and I. Refanidis, "A graph neural network method for distributed anomaly detection in IoT," *Evolving Syst.*, vol. 12, no. 1, pp. 19–36, 2021, DOI: 10.1007/s12530-020-09347-0.
[46] H. Wang, Q. Bao, Z. Shui, L. Li, and H. Ji, "A novel approach to credit card security with generative adversarial networks and security assessment," 2024, DOI: 10.53469/wjimt.2024.07(02).03.
[47] V. Shanmuganathan and A. Suresh, "LSTM-Markov based efficient anomaly detection algorithm for IoT environment," *Appl. Soft Comput.*, vol. 136, p. 110054, 2023, DOI: 10.1016/j.asoc.2023.110054.
[48] M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "Security analysis of network anomalies mitigation schemes in IoT networks," *IEEE Access*, vol. 8, pp. 43355–43374, 2020, DOI: 10.1109/ACCESS.2020.2976624.
[49] W. Ma, "Analysis of anomaly detection method for Internet of things based on deep learning," *Trans. Emerg. Telecommun. Technol.*, vol. 31, no. 12, p. e3893, 2020, DOI: 10.1002/ett.3893.
[50] A. Yahyaoui, T. Abdellatif, S. Yangui, and R. Attia, "READ-IoT: Reliable event and anomaly detection framework for the Internet of Things," *IEEE Access*, vol. 9, pp. 24168–24186, 2021, DOI: 10.1109/ACCESS.2021.3056149.
[51] K. N. Durai, R. Subha, and A. Haldorai, "A novel method to detect and prevent SQLIA using ontology to cloud web security," *Wireless Pers. Commun.*, vol. 117, no. 4, pp. 2995–3014, 2021, DOI: 10.1007/s11277-020-07243-z.
[52] S. Gupta et al., "A novel approach toward the prevention of the side channel attacks for enhancing the network security," 2022, DOI: 10.21203/rs.3.rs-1334345/v1.
[53] Q. He and H. He, "A novel method to enhance sustainable systems security in cloud computing based on the combination of encryption and data mining," *Sustainability*, vol. 13, no. 1, p. 101, 2021, DOI: 10.3390/su13010101.
[54] K. N. Mishra and C. Chakraborty, "A novel approach toward enhancing the quality of life in smart cities using clouds and IoT-based technologies," in *Digital Twin Technologies and Smart Cities*, M. Farsi, A. Daneshkhah, A. Hosseinian-Far, and H. Jahankhani, Eds. Cham, Switzerland: Springer, 2020, pp. 19–35, DOI: 10.1007/978-3-030-18732-3_2.
[55] M. A. Almaiah et al., "A novel approach for improving the security of IoT–medical data systems using an enhanced dynamic Bayesian network," *Electronics*, vol. 12, no. 20, p. 4316, 2023, DOI: 10.3390/electronics12204316.
[56] B. Wang, Y. Sun, and X. Xu, "A scalable and energy-efficient anomaly detection scheme in wireless SDN-based mMTC networks for IoT," *IEEE Internet Things J.*, vol. 8, no. 3, pp. 1388–1405, Mar. 2020, DOI: 10.1109/JIOT.2020.3011521.
[57] S. P. Praveen et al., "A novel approach for enhance fusion based healthcare system in cloud computing," *J. Inf. Secur. Internet Things*, vol. 9, no. 1, pp. 84–96, 2023, DOI: 10.54216/JISIoT.090106.
[58] L. Cui et al., "Security and privacy-enhanced federated learning for anomaly detection in IoT infrastructures," *IEEE Trans. Ind. Informat.*, vol. 18, no. 5, pp. 3492–3500, May 2021, DOI: 10.1109/TII.2021.3107783.
[59] I. Ullah and Q. H. Mahmoud, "Design and development of RNN anomaly detection model for IoT networks," *IEEE Access*, vol. 10, pp. 62722–62750, 2022, DOI: 10.1109/ACCESS.2022.3176317.
[60] S. Thudumu, P. Branch, J. Jin, and J. Singh, "A comprehensive survey of anomaly detection techniques for high dimensional big data," *J. Big Data*, vol. 7, no. 1, p. 42, 2020, DOI: 10.1186/s40537-020-00320-x.
[61] G. Fernandes et al., "A comprehensive survey on network anomaly detection," *Telecommun. Syst.*, vol. 70, no. 3, pp. 447–489, 2019, DOI: 10.1007/s11235-018-0475-8.
[62] L. Erhan et al., "Smart anomaly detection in sensor systems: A multi-perspective review," *Inf. Fusion*, vol. 67, pp. 64–79, 2021, DOI: 10.1016/j.inffus.2020.10.001.
[63] Y. Himeur, K. Ghanem, A. Alsalemi, F. Bensaali, and A. Amira, "Artificial intelligence based anomaly detection of energy consumption in buildings: A review, current trends and new perspectives," *Appl. Energy*, vol. 287, p. 116601, 2021, DOI: 10.1016/j.apenergy.2021.116601.
[64] R. A. Ariyaluran Habeeb, F. Nasaruddin, A. Gani, I. A. Targio Hashem, E. Ahmed, and M. Imran, "Real-time big data processing for anomaly detection: A survey," *Int. J. Inf. Manage.*, vol. 45, pp. 289–307, 2019, DOI: 10.1016/j.ijinfomgt.2018.08.006.
[65] H. Wang, M. J. Bah, and M. Hammad, "Progress in outlier detection techniques: A survey," *IEEE Access*, vol. 7, pp. 107964–108000, 2019, DOI: 10.1109/ACCESS.2019.2932769.
[66] G. Pang, C. Shen, L. Cao, and A. V. D. Hengel, "Deep learning for anomaly detection: A review," *ACM Comput. Surv.*, vol. 54, no. 2, pp. 1–38, 2021, DOI: 10.1145/3439950.
[67] A. A. Cook, G. Mısırlı, and Z. Fan, "Anomaly detection for IoT time-series data: A survey," *IEEE Internet Things J.*, vol. 7, no. 7, pp. 6481–6494, Jul. 2020, DOI: 10.1109/JIOT.2019.2958185.
)