IoT Anomaly Detection 101: Data Science to Predict the Unexpected

As first published in DarkReading.

Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.

Data science and artificial intelligence (AI) techniques have been applied successfully for a number of years to predict or detect all kinds of events in very different domains, including:

Biology DNA fragments
Customer behaviors
Life cycle control of mechanical pieces in IoT
Creation of new molecules in the pharma industry
Mood analysis in social media
Fraud detection in credit card transactions
Disease wave prediction in epidemiology
Heart beat classification in the ECG signal
Human face recognition
Speech recognition

If you run a quick web search on "machine learning use cases," you will find pages and pages of links to documents describing machine learning (ML) algorithms to detect or predict some kind of event group in some kind of data domain.

Generally, the key to a successful machine learning based application is a sufficiently general training set. The ML model, during training, should have a sufficient number of available examples to learn about each event group. This is one of the key points to any data science project: the availability of a sufficiently large number of event examples to train the algorithm.

Applying machine learning to IoT event prediction

Can security teams apply a machine learning algorithm to predict or recognize deterioration of mechanical pieces, or to detect cybersecurity breaches? The answer is, yes! Data science techniques have already been successfully utilized in the field of IoT and cybersecurity. For example, a classic usage of machine learning in IoT is demand prediction. How many customers will visit the restaurant this evening? How many cartons of milk will be sold? How much energy will be consumed tomorrow? Knowing the numbers in advance allows for better planning.

Healthcare is another very common area for usage of data science in IoT. There are many sports fitness applications and devices to monitor our vital signs, making available an abundance of data available in near real time that can be studied and used to assess a person's health condition.

Another common case study in IoT is predictive maintenance. The capability to predict if and when a mechanical piece will need maintenance leads to an optimum maintenance schedule and extends the lifespan of the machinery until its last breath. Considering that many machinery pieces are quite sophisticated and expensive, this is not a small advantage. This approach works well if a dataset is available — and even better if the dataset has been labeled. Labeled data means that each vector of numbers describing an event has been preassigned to a given class of events.

Anomaly discovery: looking for the unexpected

A special branch of data science, however, is dedicated to discovering anomalies. What is an anomaly? An anomaly is an extremely rare episode, hard to assign to a specific class, and hard to predict. It is an unexpected event, unclassifiable with current knowledge. It's one of the hardest use cases to crack in data science because:

The current knowledge is not enough to define a class
More often than not, no examples are available in the data to describe the anomaly

So, the problem of anomaly detection can be easily summarized as looking for an unexpected, abnormal event of which we know nothing and for which we have no data examples. As hopeless as this may seem, it is not an uncommon use case.

Fraudulent transactions, for example, rarely happen and often occur in an unexpected modality
Expensive mechanical pieces in IoT will break at some point without much indication on how they will break
A new arrhythmic heart beat with an unrecognizable shape sometimes shows up in ECG tracks
A cybersecurity threat might appear and not be easily recognized because it has never been seen before

In these cases, the classic data science approach, based on a set of labeled data examples, cannot be applied. The solution to this problem is a twist on the usual algorithm learning from examples.

Fig. 1 Anomaly detection problems do not offer a classic training set with labeled examples for classes: a signal from a normally functioning system and a signal from a system with an analogy. In this case, we can only train a machine learning model on a training set with "normal" examples and use a distance measure between the original signal and the predicted signal to trigger an anomaly alarm.

In IoT data, signal time series are produced by sensors strategically located on or around a mechanical component. A time series is the sequence of values of a variable over time. In this case, the variable describes a mechanical property of the object, and it is measured via one or more sensors.

Usually, the mechanical piece is working correctly. As a consequence, we have tons of examples for the piece working in normal conditions and close to zero examples for the piece failure. This is especially true if the piece plays a critical role in a mechanical chain because it is usually retired before any failure happens and compromises the whole machinery.

In IoT, a critical problem is to predict the chance of a mechanical failure before it actually happens. In this way, we can use the mechanical piece throughout its entire life cycle without endangering the other pieces in the mechanical chain. This task of predicting possible signs of mechanical failure is called anomaly detection in predictive maintenance.

Learn more here:

Read about this topic in our Anomaly Detection innovation note
Look up "anomaly detection" on the KNIME Hub to find example workflows. For example this workflow Anomaly Detection. Time Series AR Deployment

Part two of IoT Anomaly Detection 101 will be out next Thursday: Anomaly Detection Techniques: Defining Normal