Exploring Data and Knowledge combined Anomaly Explanation of Multivariate Industrial Data

TL;DR

This paper presents a novel 3-step method combining data and domain knowledge to explain anomalies in multivariate IoT time series data, addressing a gap in existing detection-focused techniques.

Contribution

It introduces a formalized approach utilizing domain knowledge and set-cover algorithms for anomaly explanation, with knowledge update mechanisms to enhance accuracy.

Findings

High-quality anomaly explanations on real IoT datasets

Effective use of domain knowledge for anomaly interpretation

Improved anomaly explanation accuracy through knowledge updates

Abstract

The demand for high-performance anomaly detection techniques of IoT data becomes urgent, especially in industry field. The anomaly identification and explanation in time series data is one essential task in IoT data mining. Since that the existing anomaly detection techniques focus on the identification of anomalies, the explanation of anomalies is not well-solved. We address the anomaly explanation problem for multivariate IoT data and propose a 3-step self-contained method in this paper. We formalize and utilize the domain knowledge in our method, and identify the anomalies by the violation of constraints. We propose set-cover-based anomaly explanation algorithms to discover the anomaly events reflected by violation features, and further develop knowledge update algorithms to improve the original knowledge set. Experimental results on real datasets from large-scale IoT systems verify that our method computes high-quality explanation solutions of anomalies. Our work provides a guide to navigate the explicable anomaly detection in both IoT fault diagnosis and temporal data cleaning.