Utilizing IoT technologies for monitoring large-scale smart facilities such as power, water and gas distribution networks has been the subject of many studies recently. The aim is to detect anomalous events in the network due to elements’ failure, bad designs, attacks or abuses of the network and alert the network operators in a timely manner. As the centralized cloud-based approaches are impractical in time-critical and real-time Anomaly Detection applications due to 1) high sensor-to-cloud transmission latency 2) high communication cost and 3) high energy consumption at the sensor nodes, the Distributed Anomaly Detection methods based on Deep Neural Networks (DNN) have been applied in past studies vastly. In these methods, in order to detect anomalies in real-time, copies of the Anomaly Detection model are placed at the sensor nodes (rather than placing one at the cloud node) reducing the sensor-to-cloud transmissions significantly. Nevertheless, new normal samples collected at the sensor nodes still need to be transmitted to the cloud node at predefined intervals to re-train the Distributed Anomaly Detection DNNs. In order to minimize these sensor-to-cloud transmissions during the retraining process, in this paper, two well-known lossless coding algorithms: Huffman Coding and Arithmetic Coding were studied and it was observed that the Huffman and Arithmetic Coding were able to reduce the transmission traffic up to 50% and 75% respectively using two IoT benchmark datasets of pipeline measurements. Besides, the Huffman Coding shown to be computationally feasible on resource limited sensors and resulted in up to 10% saving in energy consumption on each sensor resulting in longer network longevity. Moreover, the experimental results showed that the auto-encoder DNN could outperform the one-class SVM in the iterative Distributed Anomaly Detection method.

The rapid increase in the number of equipment connected to different networks in the world has led to the development of diverse and new applications in the Internet of Things, which often use the current network infrastructure. In other words, force the network administrator to implement complex network policies manually. Due to this significant growth of equipment and the increase in the complexity of traditional network configuration, software-defined networks (SDN) integrate and facilitate network management by separating the control and data layers from each other and creating network rules in the data layer. For these facilities, these networks appear to be a good infrastructure for IoT networks, which will enable network programming to develop new and more efficient services to meet real needs. In addition, the variety of IoT equipment can increase complex and inconsistent network rules in SDN-based switches, making network management difficult. Accordingly, in this paper, we will try to model the behavior of Anomaly rules Distributed in software-defined networks such as FTD, FBF, and irrelevant anomalies that have been created by different apps in the Internet of Things. It can identify their relationship with other rules in the network and avoid registering them.

Challenges in the field of information and communication security are of great interest to researchers. The expansion of network boundaries, the intensification and complexity increase of network security attacks, has amplified the need for intelligent, automated and real-time systems to detect network anomalies and threats. To detect anomalies, network traffic needs to be monitored immediately. The Anomaly involves significant and unusual changes in network traffic behavior compared to its normal behavior patterns. In this paper, in order to detect anomalies, a system based on self-organizing multi agent systems is presented. Multi agent systems are made up of agents that interact with each other to achieve a specific goal. These systems are used to solve problems that are difficult for a single agent to solve or integrate. The proposed system architecture is scalable and can adapt to changes in today's networks. The evaluation and analysis of the proposed system in the NSL-KDD dataset shows that the rate of anomalies Detection has improved compared to the recently proposed methods. Also, by proposing an algorithm to optimize the agents’ choices and another one for intelligent agents’ decision weighting, the rate of Anomaly Detection is increased and the time of event analysis is reduced.

Anomaly Detection means detecting samples that are different from the normal samples in the dataset. One of the great challenges in this area is finding labeled data, especially for the abnormal categories. In this paper, we propose a method that uses normal data to detect anomalies. This method is based on established neural networks which are called automated encoder and are considered in deep learning studies. An automated encoder reproduces its input as output and reconstruction deviation to rate anomalies. We have used LSTM blocks to construct encoder instead of using ordinary neurons. In fact, these blocks are a category of recurring neural networks that are specialized in discovering and fetching time and proximity dependencies. The result of employing an automated encoder using LSTM blocks to detect point anomalies shows that this approach has been promising and successful in extracting the normal data’ s internal model and also detecting anomalous data. The AUC factor of the model, in almost all cases, is better than the AUC of an ordinary automated encoder and One Class Support Vector Machine (OC-SVM).

Hyperspectral Anomaly Detection is one of the main challenging topics in both military and civilian fields. The spectral information contained in a hyperspectral cube provides a high ability for Anomaly Detection. In addition, the costly spatial information of adjacent pixels such as texture can also improve the discrimination between anomalous targets and background. Most studies miss the worthful spatial characteristics. Moreover, some works that include the spatial features in the Anomaly Detection process extract features from each hyperspectral band that is a two dimensional image while the original structure of hyperspectral cube contains three dimensions. Ignoring the nature of hyperspectral image leads to lose the contained spectral-spatial correlations in the hyperspectral cube. To deal with this difficulty, in this work, the fused spectral and spatial features obtained by applying 3D Gabor filters are proposed for hyperspectral Anomaly Detection. Exploiting the 3D structure of hyperspectral cube by capturing multiple scales, orientations and its spectral-dependent characteristics provides an appropriate spectral-spatial feature space for anomalous targets Detection. The extracted features are applied to the regularized RX detector to provide the Detection map. The experiments show the superior performance of the proposed Gabor 3D based detector in terms of Detection accuracy and computation time

ObjectiveAccording to the International Standards on Auditing (ISA), financial transaction complexity, an inherent fraud risk factor, stands among the criteria for selecting accounting journal entries to test, and implement analytical procedures for Anomaly Detection to assess fraud risk. However, the extant academic and professional literature lacks a structural definition of accounting journal entry complexity. This study aims to fill this gap by (1) proposing a novel quantitative measure of journal entry complexity and (2) applying it to Anomaly Detection techniques to identify and assess the risks of material misstatement.MethodsGiven the purpose of this study, the Design Science (DS) methodology (Hevner et al., 2004) was adopted. The DS includes two phases: artifact design and evaluation. In the design phase, a content analysis of ISA and a literature review of complexity and diversity were conducted to establish the basis for defining journal entry complexity. Subsequently, the proposed measure was adapted from diversity indices used in the biological sciences to meet the specific requirements of the research problem. This adjustment incorporated innovations from both exaptations and improvements in the contributions of DS. In the evaluation phase, descriptive and observational approaches were employed to assess and verify the novelty and utility of the proposed artifact.ResultsIn the absence of an explicit definition of transaction complexity in auditing standards and guidelines, the content analysis of ISA led to the extraction of five conceptual dimensions of complexity: (1) the number and relationships of components, (2) the nature and form of transactions, (3) measurement and processing of information, (4) quantity and quality of knowledge, and (5) the degree of change and uncertainty regarding the subject matter. Based on the first dimension of this conceptualization and its adaptation to the theoretical foundations of diversity in biological sciences, the journal entry complexity measure was defined from a structural and data-driven perspective, as a function of the number and diversity of accounts involved. Next, by adapting the biodiversity index (Clarke & Warwick, 1998) and adopting the taxonomic distance measure based on the path length to determine account distances, a quantitative measure of journal entry complexity, as a design science artifact of the model type, was provided. The measure was then applied to detect global and contextual anomalies in journal entries. The implementation and evaluation phases continued through a case study using the Python programming language for analyzing journal entry complexity to identify global and size and pattern-based contextual anomalies in 2,895 journal entries of a manufacturing company. The results and insights obtained from applying the measure were then discussed and evaluated.ConclusionAdopting an interdisciplinary approach, this study applies theoretical foundations and biodiversity measurement methods from biological sciences to create a systematic and flexible mechanism for measuring the complexity of journal entries and identifying anomalies. It seeks to improve the identification and assessment of material misstatement risks in audit analytical procedures. Moreover, using this measure helps in planning and optimizing audit resource allocation by accounting for the complexity level of audit engagements. It also improves audit sampling and prioritizes auditing journal entries based on their complexity, as an inherent risk factor.

Stock market fraud, particularly front-running, is a deceptive practice in which traders exploit prior knowledge of significant orders placed by others to profit from stock price movements. Front-running is considered illegal because it involves using confidential or non-public information to manipulate the market for personal gain. This paper tries ti propose a novel, unsupervised, and real-time Anomaly Detection method based on behavioral analysis, specifically designed to identify front-running fraud within stock market transactions. The method focuses on building individual behavioral profiles for each trader, capturing their specific traits and patterns in stock buying and selling. These profiles serve as baselines for what is considered as 'normal' trading behavior for each trader. To detect anomalies, we introduce a statistical framework where the risk of each transaction will be calculated by evaluating the deviation from the expected behavior based on the trader's historical actions. This deviation is a measure of how unusual the current transaction is in comparison to the trader’s typical actions. The risk calculation involves the use of the log-likelihood ratio, a concept derived from Detection theory, which compares the likelihood of a transaction being normal or fraudulent. The conditional probability of a transaction being either fraudulent or non-fraudulent is computed, and the ratio of these probabilities has been taken on a logarithmic scale to define the transaction risk. This risk metric is then utilized to flag potentially suspicious behavior for further investigations. Bayesian probability theory underpins the model, specifically employing Bayes' rule to update the likelihood of fraud as more data will be accumulated over time. The model assumes the independence of risk components, which simplifies the complexity of the system and improves computational efficiency. Despite the potential limitation of assuming independence, empirical studies have shown that this assumption often yields reliable results for detecting anomalous behavior, making the approach both practical and effective. Behavioral profiling plays a key role in this method. By observing the individual’s trading history—such as the frequency, timing, and amounts of trades—the system learns a trader’s typical behavior. This behavioral information is critical because it accounts for the natural variance in a trader's actions over time, allowing the model to distinguish between normal fluctuations and abnormal activities that might indicate fraud. Key behavioral indicators include the timing of trades, the volume of trades, the frequency of transactions with specific counterparties, and the trader’s overall market engagement. Traders whose actions significantly deviate from their established patterns—such as purchasing large quantities of stocks at unusual times or interacting with the same trader excessively—are flagged as high-risk. The simulation section of the paper uses 16 months of stock market transaction data, where features such as transaction amounts, time of trade, urgency, and consistency in trading with particular traders are analyzed to calculate the risk profile. The system ranks traders based on the risk scores of their transactions, enabling the Detection of front-running activities in near real-time. The results from the simulation indicate that the proposed method is highly effective in identifying front-running fraud. The use of behavioral profiling ensures that the system is adaptive to individual trading patterns, making it resistant to the evolving nature of fraud in financial markets. The methodology also provides a significant advantage over traditional rule-based systems, which often struggle to adapt to new fraud techniques as they emerge. Furthermore, this approach can be applied in live trading environments, making it a practical tool for regulatory bodies and market surveillance. This paper contributes to the growing field of financial fraud Detection by introducing an innovative approach that combines behavioral analysis with advanced statistical techniques. The findings underline the importance of real-time monitoring and adaptive fraud Detection systems in maintaining market integrity. In the simulation section, stock market data of 16 months is used. Features related to amounts, hours, urgency, and trading with one trader in buying/selling have been used to obtain the ranking. Results show that the proposed method is effective in detecting front running cases

Anomaly Detection is an important issue in a wide range of applications, such as security, health and intrusion Detection in social networks. Most of the developed methods only use graph structural or content information to detect anomalies. Due to the integrated structure of many networks, such as social networks, applying these methods faces limitations and this has led to the development of hybrid methods. In this paper, a proposed hybrid method for Anomaly Detection is presented based on community Detection in graph and feature selection which exploits anomalies as incompatible members in communities and uses an algorithm based on the Detection and combination of similar communities. The experimental results of the proposed method on two datasets with real anomalies demonstrate its capability in the Detection of anomalous nodes which is comparable to the latest scientific methods.