Real-Time Anomaly Detection with Synthetic Anomaly Monitoring (SAM)

TL;DR

This paper introduces Synthetic Anomaly Monitoring (SAM), a novel real-time anomaly detection method leveraging causal inference to enhance accuracy and interpretability across various domains.

Contribution

SAM applies synthetic control methods to anomaly detection, offering a new causal framework that improves detection accuracy and interpretability over traditional models.

Findings

SAM outperforms benchmark models in diverse datasets.

SAM provides robust real-time anomaly detection.

Experimental results validate SAM's effectiveness.

Abstract

Anomaly detection is essential for identifying rare and significant events across diverse domains such as finance, cybersecurity, and network monitoring. This paper presents Synthetic Anomaly Monitoring (SAM), an innovative approach that applies synthetic control methods from causal inference to improve both the accuracy and interpretability of anomaly detection processes. By modeling normal behavior through the treatment of each feature as a control unit, SAM identifies anomalies as deviations within this causal framework. We conducted extensive experiments comparing SAM with established benchmark models, including Isolation Forest, Local Outlier Factor (LOF), k-Nearest Neighbors (kNN), and One-Class Support Vector Machine (SVM), across five diverse datasets, including Credit Card Fraud, HTTP Dataset CSIC 2010, and KDD Cup 1999, among others. Our results demonstrate that SAM consistently delivers robust performance, highlighting its potential as a powerful tool for real-time anomaly detection in dynamic and complex environments.