(ch9) Deep Learning for Anomaly Detection: A Survey

Deep Learning for Anomaly Detection: A Survey
https://www.researchgate.net/publication/330357393_Deep_Learning_for_Anomaly_Detection_A_Survey

参看前文：

ch8:https://blog.csdn.net/qq_40305043/article/details/106310729

9 Applications of Deep Anomaly Detection 深度异常检测的应用
9.1 Intrusion Detection 入侵检测
9.2 Fraud Detection 欺诈识别
9.3 Malware Detection 恶意软件检测
9.4 Medical Anomaly Detection 医学异常检测
9.5 Deep learning for Anomaly detection in Social Networks 深度学习用于社交网络中的异常检测
9.6 Log Anomaly Detection 日志异常检测
9.7 Internet of things (IoT) Big Data Anomaly Detection 物联网（IoT）大数据异常检测
9.8 Industrial Anomalies Detection 工业异常检测
9.9 Anomaly Detection in Time Series 时间序列中的异常检测
9.10 Video Surveillance 视频监控

9 Applications of Deep Anomaly Detection 深度异常检测的应用

In this section, we discuss several applications of deep anomaly detection. For each application domain, we discuss the following four aspects:
—the notion of an anomaly;
—nature of the data;
—challenges associated with detecting anomalies;
—existing deep anomaly detection techniques.

在本节中，我们讨论深度异常检测的几种应用。对于每个应用程序领域，我们讨论以下四个方面：
-异常的概念；
-数据的性质；
-与检测异常有关的挑战；
-现有的深度异常检测技术。

9.1 Intrusion Detection

The intrusion detection system (IDS) refers to identifying malicious activity in a computer-related system (Phoha [2002]). IDS may be deployed at single computers known as Host Intrusion Detection (HIDS) to large networks Network Intrusion Detection (NIDS). The classification of deep anomaly detection techniques for intrusion detection is in Figure 11. IDS depending on detection method are classified into signature-based or anomaly based. Using signature-based IDS is not efficient to detect new attacks, for which no specific signature pattern is available, hence anomaly based detection methods are more popular. In this survey, we focus on deep anomaly detection (DAD) methods and architectures employed in intrusion detection.

入侵检测系统（IDS）是指识别与计算机相关的系统中的恶意活动（Phoha [2002]）。 IDS可以部署在单台计算机上称为主机入侵检测（HIDS），也可以部署到大型网络上称为网络入侵检测（NIDS）。用于入侵检测的深度异常检测技术的分类如图11所示。根据检测方法，IDS分为基于签名的或基于异常的。使用基于签名的IDS不能有效地检测新的攻击，因为新的攻击没有可用的特定签名模式，因此基于异常的检测方法更加流行。在此调查中，我们重点研究入侵检测中使用的深度异常检测（DAD）方法和体系结构。

9.1.1 Host-Based Intrusion Detection Systems (HIDS):

Such systems are installed software programs which monitors a single host or computer for malicious activity or policy violations by listening to system calls or events occurring within that host (Vigna and Kruegel [2005]). The system call logs could be generated by programs or by user interaction resulting in logs as shown in Figure 9b. Malicious interactions lead to the execution of these system calls in different sequences. HIDS may also monitor the state of a system, its stored information, in Random Access Memory (RAM), in the file system, log files or elsewhere for a valid sequence. Deep anomaly detection (DAD) techniques applied for HIDS are required to handle the variable length and sequential nature of data. The DAD techniques have to either model the sequence data or compute the similarity between sequences. Some of the success-full DAD techniques for HIDS is illustrated in Table 3.

此类系统安装了软件程序，该软件程序通过侦听该主机中发生的系统调用或事件来监视单个主机或计算机是否存在恶意活动或违反策略的行为（Vigna和Kruegel [2005]）。系统调用日志可以通过程序生成，也可以通过用户交互生成日志，如图9b所示。恶意交互导致这些系统调用以不同的顺序执行。 HIDS还可以监视系统的状态，其在随机存取存储器（RAM）中，文件系统，日志文件中或其他地方的存储信息，以获取有效序列。需要使用应用于HIDS的深度异常检测（DAD）技术来处理数据的可变长度和序列性质。 DAD技术必须对序列数据建模或计算序列之间的相似度。表3说明了一些用于HIDS的成功的DAD技术。

9.1.2 Network Intrusion Detection Systems (NIDS):

NIDS systems deal with monitoring the entire network for suspicious traffic by examining each and every network packet. Owing to real-time streaming behavior, the nature of data is synonymous to big data with high volume, velocity, variety. The network data also has a temporal aspect associated with it. Some of the success-full DAD techniques for NIDS is illustrated in Table 4 . This survey also lists the data-sets used for evaluating the DAD intrusion detection methods in Table 5. A challenge faced by DAD techniques in intrusion detection is that the nature of anomalies keeps changing over time as the intruders adapt their network attacks to evade the existing intrusion detection solutions.

NIDS系统通过检查每个网络数据包来监视整个网络的可疑流量。由于实时流媒体的行为，数据的本质就等同于大数据的高容量、高速度和多样性。网络数据还具有与之相关的时间方面。表4说明了一些成功的用于NIDS的DAD技术。本调查还列出了表5中用于评估DAD入侵检测方法的数据集。DAD技术在入侵检测中面临的一个挑战是，随着入侵者调整其网络攻击以逃避现有的入侵检测解决方案，异常的性质会随着时间不断变化。

9.2 Fraud Detection 反欺诈

Fraud is a deliberate act of deception to access valuable resources (Abdallah et al. [2016]). The PricewaterhouseCoopers (PwC) global economic crime survey of 2018 (Lavion [2018], Zhao [2013]) found that half of the 7,200 companies they surveyed had experienced fraud of some nature. Fraud detection refers to the detection of unlawful activities across various industries, illustrated in Figure 12.

欺诈是一种故意的欺骗行为，以获取宝贵的资源（Abdallah等人，2016年）。普华永道（PwC）对2018年全球经济犯罪的调查（Lavion [2018]，Zhao [2013]）发现，他们所调查的7,200家公司中有一半经历过某种性质的欺诈。欺诈检测是指检测各个行业中的非法活动，如图12所示。

Fraud in telecommunications, insurance ( health, automobile, etc) claims, banking ( tax return claims, credit card transactions etc) represent significant problems in both governments and private businesses. Detecting and preventing fraud is not a simple task since fraud is an adaptive crime. Many traditional machine learning algorithms have been applied successfully in fraud detection (Sorournejad et al. [2016]). The challenge associated with detecting fraud is that it requires real-time detection and prevention. This section focuses on deep anomaly detection (DAD) techniques for fraud detection.

电信，保险（健康，汽车等）索赔，银行业（退税索赔，信用卡交易等）的欺诈在政府和私人企业中均构成严重问题。由于欺诈是一种适应性犯罪，因此检测和防止欺诈并非易事。许多传统的机器学习算法已成功应用于欺诈检测（Sorournejad等人，2016年）。与检测欺诈相关的挑战是它需要实时检测和预防。本节重点介绍用于欺诈检测的深度异常检测（DAD）技术。

9.2.1 Banking fraud

Credit card has become a popular payment method in online shopping for goods and services. Credit card fraud involves theft of a payment card details, and use it as a fraudulent source of funds in a transaction. Many techniques for credit card fraud detection have been presented in the last few years (Zhou et al. [2018], Suganya and Kamalraj [2015]). We will briefly review some of DAD techniques as shown in Table 6. The challenge in credit card fraud detection is that frauds have no consistent patterns. The typical approach in credit card fraud detection is to maintain a usage profile for each user and monitor the user profiles to detect any deviations. Since there are billions of credit card users this technique of user profile approach is not very scalable. Owing to the inherent scalable nature of DAD techniques techniques are gaining broad spread adoption in credit card fraud detection.

信用卡已成为商品和服务在线购物中一种流行的付款方式。信用卡欺诈涉及盗窃支付卡详细信息，并将其用作交易中的欺诈资金来源。过去几年中已经提出了许多用于信用卡欺诈检测的技术（Zhou等人[2018]，Suganya和Kamalraj [2015]）。我们将简要回顾一些DAD技术，如表6所示。信用卡欺诈检测中的挑战是欺诈没有一致的模式。信用卡欺诈检测的典型方法是维护每个用户的使用情况配置文件，并监视用户配置文件以检测任何偏差。由于有数十亿的信用卡用户，因此这种用户配置文件方法的技术不是很可扩展。由于DAD技术固有的可扩展性，因此技术在信用卡欺诈检测中得到了广泛的采用。

9.2.2 Mobile cellular network fraud 移动蜂窝网络欺诈

In recent times, mobile cellular networks have witnessed rapid deployment and evolution supporting billions of users and a vastly diverse array of mobile devices. Due to this broad adoption and low mobile cellular service rates, mobile cellular networks is now faced with frauds such as voice scams targeted to steal customer private information, and messaging related scams to extort money from customers. Detecting such fraud is of paramount interest and not an easy task due to volume and velocity of the mobile cellular network. Traditional machine learning methods with static feature engineering techniques fail to adapt to the nature of evolving fraud. Table 7 lists DAD techniques for mobile cellular network fraud detection.

最近，移动蜂窝网络经历了快速部署和发展，支持了数十亿用户和各种各样的移动设备。由于这种广泛的采用和较低的移动蜂窝服务费率，移动蜂窝网络现在面临着欺诈，如语音诈骗的目标是窃取客户的私人信息，和短信相关的诈骗敲诈客户的钱。由于移动蜂窝网络的容量和速度，检测这样的欺诈是至关重要的，并且不是一项容易的任务。传统的基于静态特征工程技术的机器学习方法已经不能适应不断进化的欺诈的本质。表7列出了移动蜂窝网络欺诈检测的DAD技术。

9.2.3 Insurance fraud 保险欺诈

Several traditional machine learning methods have been applied successfully to detect fraud in insurance claims (Joudaki et al. [2015], Roy and George [2017]). The traditional approach for fraud detection is based on features which are fraud indicators. The challenge with these traditional approaches is that the need for manual expertise to extract robust features. Another challenge is insurance fraud detection is the that the incidence of frauds is far less than the total number of claims, and also each fraud is unique in its way. In order to overcome these limitations several DAD techniques are proposed which are illustrated in Table 8.

一些传统的机器学习方法已成功应用于检测保险索赔中的欺诈行为（Joudaki等人[2015]，Roy和George [2017]）。用于欺诈检测的传统方法基于作为欺诈指示符的特征。这些传统方法的挑战在于，需要人工专业知识来提取健壮的特征。另一个挑战是保险欺诈检测，因为欺诈的发生率远远少于索赔总数，而且每种欺诈在其方式上都是独特的。为了克服这些限制，提出了几种DAD技术，如表8所示。

9.2.4 Healthcare fraud 医疗保健欺诈

Healthcare is an integral component in people’s lives, waste, abuse, and fraud drive up costs in healthcare by tens of billions of dollars each year. Healthcare insurance claims fraud is a significant contributor to increased healthcare costs, but its impact can be mitigated through fraud detection. Several machine learning models have been used effectively in health care insurance fraud (Bauder and Khoshgoftaar [2017]). Table 9 presents an overview of DAD methods for health-care fraud identification.

医疗保健是人们生活中不可或缺的组成部分，浪费、滥用和欺诈每年使医疗保健成本增加数百亿美元。医疗保险索赔欺诈是增加医疗成本的一个重要因素，但其影响可以通过欺诈检测来减轻。一些机器学习模型已被有效地用于医疗保险欺诈(Bauder and Khoshgoftaar[2017])。表9概述了用于医疗欺诈识别的DAD方法。

9.3 Malware Detection 恶意软件检测

Malware, short for Malicious Software. In order to protect legitimate users from malware, machine learning based efficient malware detection methods are proposed (Ye et al. [2017]). In classical machine learning methods, the process of malware detection is usually divided into two stages: feature extraction and classification/clustering. The performance of traditional malware detection approaches critically depend on the extracted features and the methods for classification/clustering. The challenge associated in malware detection problems is the sheer scale of data, for instance considering data as bytes a specific sequence classification problem could be of the order of two million time steps. Furthermore, the malware is very adaptive in nature, wherein the attackers would use advanced techniques to hide the malicious behavior. Some DAD techniques which address these challenges effectively and detect malware are shown in Table 10.

恶意软件，是恶意软件的缩写。为了保护合法用户免受恶意软件的侵害，提出了基于机器学习的高效恶意软件检测方法(Ye et al.[2017])。在经典的机器学习方法中，恶意软件检测的过程通常分为两个阶段:特征提取和分类/聚类。传统的恶意软件检测方法的性能在很大程度上取决于提取的特征和分类/聚类方法。与恶意软件检测问题相关的挑战是数据的绝对规模，例如，考虑到数据是字节，一个特定的序列分类问题可能是200万步的数量级。此外，恶意软件在本质上具有很强的适应性，攻击者会使用先进的技术来隐藏恶意行为。表10显示了一些有效应对这些挑战和检测恶意软件的DAD技术。

9.4 Medical Anomaly Detection 医学异常检测

Several studies have been conducted to understand the theoretical and practical applications of deep learning in medical and bio-informatics (Min et al. [2017], Cao et al. [2018a], Zhao et al. [2016], Khan and Yairi [2018]). Finding rare events (anomalies) in areas such as medical image analysis, clinical electroencephalography (EEG) records, enable to diagnose and provide preventive treatments for a variety of medical conditions. Deep learning based architectures are employed with great success to detect medical anomalies as illustrated in Table 11. The vast amount of imbalanced data in medical domain presents significant challenges to detect outliers. Additionally deep learning techniques for long have been considered as black-box techniques. Even though deep learning models produce outstanding performance, these models lack interpret-ability. In recent times models with good interpret-ability are proposed and shown to produce state-of-the-art performance (Gugulothu et al., Amarasinghe et al. [2018b], Choi [2018]).

为了理解深度学习在医学和生物信息学中的理论和实践应用，已经进行了一些研究(Min等[2017]，Cao等[2018a]， Zhao等[2016]，Khan和Yairi[2018])。在医学图像分析、临床脑电图(EEG)记录等领域发现罕见事件(异常)，以便对各种疾病进行诊断并提供预防治疗。基于深度学习的体系结构被成功地用于检测医学异常，如表11所示。医学领域中大量的不平衡数据对异常值的检测提出了巨大的挑战。此外，长期以来，深度学习技术一直被认为是黑盒技术。尽管深度学习模型产生了出色的表现，但这些模型缺乏解释能力。近年来，人们提出了具有良好解释能力的模型，并证明这些模型能够产生最先进的性能(Gugulothu et al.， Amarasinghe et al. [2018b]， Choi[2018])。

9.5 Deep learning for Anomaly detection in Social Networks 深度学习用于社交网络中的异常检测

In recent times, online social networks have become part and parcel of daily life. Anomalies in a social network are irregular often unlawful behavior pattern of individuals within a social network; such individuals may be identified as spammers, sexual predators, online fraudsters, fake users or rumor-mongers. Detecting these irregular patterns is of prime importance since if not detected, the act of such individuals can have a serious social impact. A survey of traditional anomaly detection techniques and its challenges to detect anomalies in social networks is a well studied topic in literature (Liu and Chawla [2017], Savage et al. [2014], Anand et al. [2017], Yu et al. [2016], Cao et al. [2018b], Yu et al. [2016]). The heterogeneous and dynamic nature of data presents significant challenges to DAD techniques. Despite these challenges, several DAD techniques illustrated in Table 12 are shown outperform state-of-the-art methods.

近年来，在线社交网络已经成为日常生活的重要一部分。社会网络中的异常是指社会网络中个体不规则的、往往是非法的行为模式;这些人可能会被认定为垃圾邮件发送者、性侵犯者、网络骗子、虚假用户或造谣者。检测这些不规则的模式是至关重要的，因为如果不检测到，这些人的行为可能会产生严重的社会影响。对传统异常检测技术及其在检测社交网络异常方面的挑战的研究是文献中一个很好的研究主题(Liu and Chawla [2017]， Savage et al. [2014]， Anand et al. [2017]， Yu et al. [2016]， Cao et al. [2018b]， Yu et al.[2016])。数据的异构性和动态性给DAD技术带来了重大挑战。尽管存在这些挑战，表12中所示的一些DAD技术仍然胜过最先进的方法。

9.6 Log Anomaly Detection 日志异常检测

Anomaly detection in log file aims to find text, which can indicate the reasons and the nature of the failure of a system. Most commonly, a domain-specific regular-expression is constructed from past experience which finds new faults by pattern matching. The limitation of such approaches is that newer messages of failures are easily are not detected (Memon [2008]). The unstructured and diversity in both format and semantics of log data pose significant challenges to log anomaly detection. Anomaly detection techniques should adapt to the concurrent set of log data generated and detect outliers in real time. Following the success of deep neural networks in real time text analysis, several DAD techniques illustrated in Table 13 model the log data as a natural language sequence are shown very effective in detecting outliers.

日志文件中异常检测的目的是查找文本，以显示系统故障的原因和性质。最常见的是，根据过去的经验构造特定于领域的正则表达式，通过模式匹配发现新的错误。这种方法的局限性在于，较新的失败消息很容易被检测不到(Memon[2008])。日志数据在格式和语义上的非结构化和多样性给日志异常检测带来了巨大的挑战。异常检测技术应适应生成的日志数据并发集，实时检测离群点。随着深度神经网络在实时文本分析中的成功，表13所示的几种DAD技术显示出作为自然语言序列的日志数据在检测离群值方面非常有效。

9.7 Internet of things (IoT) Big Data Anomaly Detection 物联网（IoT）大数据异常检测

IoT is identified as a network of devices that are interconnected with soft-wares, servers, sensors and etc. In the field of the Internet of things (IoT), data generated by weather stations, Radio-frequency identification (RFID) tags, IT infrastructure components, and some other sensors are mostly time-series sequential data. Anomaly detection in these IoT networks identifies fraudulent, faulty behavior of these massive scales of interconnected devices. The challenges associated with outlier detection is that heterogeneous devices are interconnected which renders the system more complex. A thorough overview of using deep learning (DL), to facilitate analytics and learning in the IoT domain is presented by (Mohammadi et al. [2018]). Table 14 illustrates the DAD techniques employed IoT devices.

物联网是指与软件、服务器、传感器等互联的设备网络。在物联网(IoT)领域，气象站产生的数据、射频识别(RFID)标签、IT基础设施组件和其他一些传感器大多是时间序列顺序数据。在这些物联网网络中，异常检测可以识别这些大规模互连设备的欺诈和错误行为。与异常值检测相关的挑战是，异构设备相互连接，这使得系统更加复杂。(Mohammadi等[2018]【76】)全面概述了使用深度学习(DL)促进物联网领域的分析和学习。表14展示了使用物联网设备的DAD技术。

9.8 Industrial Anomalies Detection 工业异常检测

Industrial systems consisting of wind turbines, power plants, high-temperature energy systems, storage devices and with rotating mechanical parts are exposed to enormous stress on a day-to-day basis. Damage to these type of systems not only causes economic loss but also a loss of reputation, therefore detecting and repairing them early is of utmost importance. Several machine learning techniques have been used to detect such damage in industrial systems (Ramotsoela et al. [2018], Mart´ı et al. [2015]). Several papers published utilizing deep learning models for detecting early industrial damage show great promise (Atha and Jahanshahi [2018], de Deijn [2018], Wang et al. [2018c]). Damages caused to equipment are rare events, thus detecting such events can be formulated as an outlier detection problem. The challenges associated with outlier detection in this domain is both volumes as well as the dynamic nature of data since failure is caused due to a variety of factors. Some of the DAD techniques employed across various industries are illustrated in Table 15.

由风力涡轮机、发电厂、高温能源系统、存储设备和旋转机械部件组成的工业系统每天都承受着巨大的压力。对这类系统的破坏不仅会造成经济损失，还会造成声誉的损失，因此及早发现和修复是至关重要的。几个机器学习技术已经用于检测工业系统中的这种损害(Ramotsoela et al. [2018], Mart´ı et al. [2015])。利用深度学习模型检测早期工业损害的几篇论文显示了巨大的前景(Atha and Jahanshahi [2018]， de Deijn [2018]， Wang et al. [2018c])。设备损坏是一种罕见的事件，因此检测此类事件可以表述为离群检测问题。在这个领域中，与离群值检测相关的挑战是数据量和数据的动态特性，因为故障是由各种因素引起的。表15说明了不同行业使用的一些DAD技术。

9.9 Anomaly Detection in Time Series 时间序列中的异常检测

Data recorded continuously over duration is known as time series. Time series data can be broadly classified into univariate and multivariate time series. In case of univariate time series, only single variable (or feature) varies over time. For instance, the data collected from a temperature sensor within the room for each second is an uni-variate time series data. A multivariate time series consists several variables (or features) which change over time. An accelerometer which produces three-dimensional data for every second one for each axis (x, y, z) is a perfect example of multivariate time series data. In the literature, types of anomalies in univariate and multivariate time series are categorized into following groups: (1) Point Anomalies. 8.4.1 (2) Contextual Anomalies 8.4.2 (3) Collective Anomalies 8.4.3. In recent times, many deep learning models have been proposed for detecting anomalies within univariate and multivariate time series data as illustrated in Table 16 and Table 17 respectively. Some of the challenges to detect anomalies in time series using deep learning models data are:

在持续时间内连续记录的数据称为时间序列。时间序列数据可以大致分为单变量和多变量时间序列。在单变量时间序列的情况下，只有单个变量（或特征）会随时间变化。例如，每秒从房间内的温度传感器收集的数据是单变量时间序列数据。多元时间序列包含随时间变化的几个变量（或特征）。对于每个时间轴（x，y，z）而言，每秒产生一次三维数据的加速度计就是多变量时间序列数据的完美示例。在文献中，单变量和多变量时间序列中的异常类型可分为以下几类：（1）点异常。 8.4.1（2）上下文异常8.4.2（3）集体异常8.4.3。近年来，已提出了许多深度学习模型，用于检测单变量和多变量时间序列数据中的异常，如表16和表17所示。使用深度学习模型检测时间序列数据异常的一些挑战是：

Lack of defined pattern in which an anomaly is occurring may be
defined.
Noise within the input data seriously affects the performance of
algorithms.
As the length of the time series data increases the computational
complexity also increases.
Time series data is usually non-stationary, non-linear and
dynamically evolving. Hence DAD models should be able to detect
anomalies in real time.
缺乏可定义异常发生的模式。
输入数据中的噪声严重影响算法的性能。
随着时间序列数据长度的增加，计算复杂度也随之增加。
时间序列数据通常是非平稳、非线性和动态演化的。因此，DAD模型应该能够实时检测异常。

9.9.1 Uni-variate time series deep anomaly detection 单变量时间序列深度异常检测

The advancements in deep learning domain offer opportunities to extract rich hierarchical features which can greatly improve outlier detection within uni-variate time series data. The list of industry standard tools and datasets (both deep learning based and non-deep learning based) for benchmarking anomaly detection algorithms on both univariate and multivariate time-series data is presented and maintained at Github repository(https://github.com/rob-med/awesome-TS-anomaly-detection). Table 16 illustrates various deep architectures adopted for anomaly detection within uni-variate time series data.

深度学习领域的进步为提取丰富的层次特征提供了机会，这些特征可以极大地改善单变量时间序列数据中的离群点检测。在Github知识库(https://github.com/rob-med/awesome-anomaly-detection)提供了行业标准工具和数据集(包括基于深度学习和基于非深度学习的)，用于对单变量和多变量时间序列数据的异常检测算法进行基准测试。表16展示了在单变量时间序列数据中用于异常检测的各种深层体系结构。

9.9.2 Multi-variate time series deep anomaly detection 多变量时间序列深度异常检测

Anomaly detection in multivariate time series data is a challenging task. Effective multivariate anomaly detection enables fault isolation diagnostics. RNN and LSTM based methods(https://github.com/pnnl/safekit) are shown to perform well in detecting interpretable anomalies within multivariate time series dataset. DeepAD, a generic framework based on deep learning for multivariate time series anomaly detection is proposed by (Buda et al. [2018]). Interpretable, anomaly detection systems designed using deep attention based models are effective in explaining the anomalies detected (Yuan et al. [2018b], Guo and Lin [2018]). Table 17 illustrates various deep architectures adopted for anomaly detection within multivariate time series data.

多变量时间序列数据的异常检测是一项具有挑战性的工作。有效的多变量异常检测可以进行故障隔离诊断。基于RNN和LSTM的方法(https://github.com/pnnl/safekit)在检测多元时间序列数据集中的可解释异常方面表现良好。(Buda等[2018])提出了一种基于深度学习的多变量时间序列异常检测的通用框架DeepAD。使用基于深度关注模型设计的可解释的异常检测系统可以有效地解释检测到的异常(Yuan等[2018b]， Guo和Lin[2018])。表17给出了多变量时间序列数据异常检测所采用的各种深度架构。

9.10 Video Surveillance 视频监控

Video Surveillance also popularly known as Closed-circuit television (CCTV) involves monitoring designated areas of interest in order to ensure security. In videos surveillance applications unlabelled data is available in large amounts, this is a significant challenge for supervised machine learning and deep learning methods. Hence video surveillance applications have been modeled as anomaly detection problems owing to lack of availability of labeled data. Several works have studied the state-of-the-art deep models for video anomaly detection and have classified them based on the type of model and criteria of detection (Kiran et al. [2018], Chong and Tay [2015]). The challenges of robust 24/7 video surveillance systems are discussed in detail by (Boghossian and Black [2005]). The lack of an explicit definition of an anomaly in real-life video surveillance is a significant issue that hampers the performance of DAD methods as well. DAD techniques used in video surveillance are illustrated in Table 19.

视频监控也通常被称为闭路电视(CCTV)，包括监控指定的关注区域，以确保安全。在视频监控应用程序中，未标记的数据大量可用，这对有监督的机器学习和深度学习方法是一个重大挑战。因此，由于缺乏可用的标记数据，视频监控应用已被建模为异常检测问题。已有多篇文章对目前最先进的视频异常检测深度模型进行了研究，并根据模型类型和检测标准对其进行了分类(Kiran et al. [2018]， Chong and Tay[2015])。Boghossian和Black[2005]详细讨论了健壮的24/7视频监视系统的挑战。在实际的视频监控中，缺乏对异常的明确定义是一个严重的问题，这也阻碍了DAD方法的执行。视频监控中使用的DAD技术如表19所示。