With the continuous development of the IoT, interconnected sensing devices can collect and transfer a large amount of data from various application fields among themselves. These data vary greatly in structure and correlation, but most of them are generated in the form of sequence (Chowdhury, 2019). The sequence dataset is an ordered list made up of sequential items, such as events or numbers, on which there is a strong correlation among them. How to effectively mine such datasets is a hot topic within various disciplines, areas, and applications (Truong, Hai, Le, Fournier-Viger, & Fujita, 2021). In addition to common research based on frequent pattern mining, anomaly detection research that focuses on rare pattern mining is also becoming increasingly popular.
1.1 Research Background
Anomaly detection, as an analytical approach to data structure, aims to exhibit implicit knowledge by mining rare patterns that do not satisfy the overall expectations. It is widely used in many application fields, such as fraud detection (Trivedi, Monik, & Mridushi, 2016), intrusion prevention (R. Zhang, Xia, Shao, Ren, & Cheng, 2020), image identification (K. Zhang, Wang, & Kuo, 2022), etc. Currently, the meaning of an anomaly is commonly referred to by the following definition, which was originally proposed by Hawkins (Auth, 1980): “An outlier is an observation that deviates so much from the other observations as to arouse suspicions that it was generated by a different mechanism.’ Anomaly and outlier are interchangeable terms commonly used in this field.
As a data pattern, the anomaly is similar to novelty but distinct from noisy data (Cappozzo, Greselin, & Murphy, 2020). An anomaly is not necessarily incorrect by itself but contains implicit information, which is always more valuable for analysis than normal forms. Noisy data are usually generated by observation errors such as missing data or random variance, such as acquisition errors, hardware fault, which are not produced by any data generation mechanism. Not only are they worthless, but they also act as irritating hindrances to analysis. Novelty data are mainly associated with evolving datasets, for example, social evolution and natural sciences, which represent an unknown data pattern that may reflect new themes (Shah, Azam, Ali, Khan, & Yao, 2021). In the initial stages, novelty can be treated as an anomaly, and the discovery approach is similar to that of anomaly detection. The main difference is that each novelty will be incorporated into the normal pattern after verification, and the following data that belong to it will no longer be treated as novelty. Whereas, no matter how many times the anomaly is recorded, if the conditions remain unchanged, it will still be judged as an anomaly in the next occurrence.
The desired trait of the anomaly is the key point to selecting an appropriate anomaly detection approach (Al-Ghaili, Ibrahim, Hairi, Rahim, & Kasim, 2021). Based on it, the anomaly can be divided into point anomaly, contextual anomaly and collective anomaly. Detection approaches based on contextual and point anomaly mainly focus on analyzing whether a single data presents abnormal performance. If the contextual attributes are empty, point anomaly is a special type of contextual anomaly (Zamini & Hasheminejad, 2019). For sequence datasets, most abnormal behaviors are characterized by complexity and interactivity, which are difficult to detect by a single data observation itself or a single interval, but can be identified as collective anomaly(Huiling Qin, Xianyuan Zhan, & Yu Zheng, 2021).Thus, as a special category, collective anomaly is used to reflect abnormal patterns which are presented by multiple segments or datasets based on association relations. Therefore, the detection methods and techniques should be flexible for different applications.