pith. sign in

arxiv: 2605.02970 · v1 · submitted 2026-05-03 · 💻 cs.CR · cs.AI

Decompose to Understand, Fuse to Detect: Frequency-Decoupled Anomaly Detection for Encrypted Network Traffic

Xinglin Lian , Chengtai Cao , Ting Zhong , Yong Wang , Kai Chen , Fan Zhou This is my paper

Pith reviewed 2026-05-10 16:09 UTC · model grok-4.3

classification 💻 cs.CR cs.AI
keywords anomaly detectionencrypted trafficfrequency decompositionnetwork anomalyreconstruction erroruncertainty fusioncybersecurityspectral mismatch
0
0 comments X

The pith

Frequency-decoupled processing overcomes spectral mismatch to improve anomaly detection in encrypted network traffic.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Encrypted traffic contains both low and high frequency components, but standard reconstruction methods used for anomaly detection tend to learn only the low-frequency parts, leaving the high-frequency details unrepresented and hurting detection accuracy. The paper introduces FreeUp, which splits the traffic signals into separate low-frequency and high-frequency branches that are trained independently to capture each band fully. It then combines the reconstruction results from both branches using a fusion method based on their uncertainty to produce a single, more reliable anomaly score. Experiments show this yields better results than existing approaches on several datasets. Readers should care because as more traffic becomes encrypted, effective anomaly detection becomes essential for security without relying on decrypted content.

Core claim

The paper claims that the pervasive full-frequency nature of encrypted traffic creates a spectral mismatch with low-frequency biased reconstruction methods, leading to incomplete representations and reduced anomaly detection performance. FreeUp resolves this through frequency decomposition into dedicated branches with customized training and an uncertainty-inspired fusion scoring mechanism that integrates the branch outputs comprehensively.

What carries the argument

FreeUp framework using frequency band decomposition processed by separate dedicated branches and combined via uncertainty-inspired fusion scoring.

If this is right

  • Consistent outperformance over state-of-the-art baselines on multiple benchmarks for encrypted traffic anomaly detection.
  • More reliable anomaly scores by quantifying and integrating reconstruction uncertainty from frequency-specific components.
  • Stable independent learning of low- and high-frequency information without one dominating the other.
  • Addresses the limitation of spectral mismatch inherent in image-based modeling of traffic.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar frequency decoupling strategies could apply to other reconstruction-based anomaly detection tasks where signals have mixed frequency content.
  • The finding that simple reconstruction error is inadequate for dual-branch models suggests broader use of uncertainty metrics in ensemble or multi-component detection systems.

Load-bearing premise

That the spectral mismatch between high-frequency encrypted traffic and low-frequency reconstruction bias is the primary limiter of performance, and that separate branches with uncertainty fusion will overcome it without introducing new artifacts.

What would settle it

An experiment where a standard single-branch reconstruction method matches or exceeds FreeUp's performance on the same benchmarks, or where disabling the high-frequency branch or the fusion step causes no drop in accuracy, would show the mismatch is not the key issue.

Figures

Figures reproduced from arXiv: 2605.02970 by Chengtai Cao, Fan Zhou, Kai Chen, Ting Zhong, Xinglin Lian, Yong Wang.

Figure 1
Figure 1. Figure 1: Illustration of the full-frequency phenomenon via frequency distribu [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Spectral mismatch in traffic images: limitations of the full-frequency [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The overall framework of FreeUp. (1) The model first decouples the input into low- and high-frequency bands, which are reconstructed by separate [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: Spatial–spectral comparison under the frequency-constrained loss. [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Dynamic fusion of anomaly scores (density distribution) after multi-task learning across three datasets. [PITH_FULL_IMAGE:figures/full_fig_p008_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Sensitivity analysis of key hyperparameters across three datasets. [PITH_FULL_IMAGE:figures/full_fig_p009_7.png] view at source ↗
read the original abstract

Network traffic anomaly detection represents a critical cybersecurity task, yet widespread encryption makes this task increasingly challenging. In response, image-based methods that model traffic as visual patterns have emerged as the dominant approach. However, this work pioneers the identification of a pervasive ``full-frequency'' characteristic and an associated limitation termed ``spectral mismatch'' within this paradigm. Specifically, while encrypted traffic exhibits prominent high-frequency components, mainstream reconstruction methods demonstrate an inherent bias toward learning low-frequency information. This fundamental mismatch results in incomplete representations that consequently degrade anomaly detection performance. To address this challenge, we propose FreeUp, a novel frequency-decoupled framework designed explicitly for encrypted traffic analysis. FreeUp decomposes traffic data into distinct low- and high-frequency bands, processing them through separate, dedicated branches along with a customized training strategy that ensures stable and independent frequency-specific learning. Furthermore, recognizing that simple reconstruction error proves inadequate for evaluating dual-branch architectures, we introduce an uncertainty-inspired fusion scoring mechanism. This mechanism quantifies the reconstruction uncertainty of the frequency-specific branches and dynamically integrates their outputs, yielding a more comprehensive and reliable anomaly score. Extensive experiments across multiple benchmarks demonstrate that FreeUp consistently outperforms state-of-the-art baselines. The code is available at https://github.com/ikun0124/FreeUp.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper identifies a pervasive 'full-frequency' characteristic and 'spectral mismatch' in image-based anomaly detection for encrypted network traffic: traffic exhibits prominent high-frequency components while mainstream reconstruction methods are biased toward low-frequency information, yielding incomplete representations and degraded detection. It proposes FreeUp, a frequency-decoupled framework that decomposes input into low- and high-frequency bands processed by separate dedicated branches (with a customized training strategy to ensure independent learning), plus an uncertainty-inspired fusion mechanism that quantifies per-branch reconstruction uncertainty to produce a combined anomaly score. Extensive experiments across multiple benchmarks are reported to show consistent outperformance over state-of-the-art baselines, with code released.

Significance. If the results hold after addressing experimental controls, the work could meaningfully advance encrypted-traffic anomaly detection by directly targeting a frequency-domain limitation in the dominant image-based paradigm; the open code supports reproducibility. The core idea of explicit frequency decoupling plus uncertainty fusion is a plausible response to the identified mismatch and could generalize beyond the specific benchmarks if the high-frequency band is shown to carry discriminative signal rather than noise.

major comments (3)
  1. [§4] §4 (Experiments and Results): the claim of consistent outperformance over SOTA baselines is load-bearing for the central contribution, yet the reported setup provides no details on data splits, error bars across runs, or controls for total model capacity (e.g., ablation against a single-branch network with parameter count matched to the dual-branch FreeUp). Without these, gains could arise from increased capacity or altered optimization dynamics rather than frequency decoupling per se, directly weakening the argument that spectral mismatch is the primary limiter.
  2. [§3.2] §3.2 (Uncertainty-inspired Fusion): the fusion scoring mechanism is presented as necessary for dual-branch architectures because simple reconstruction error is inadequate, but no ablation compares it to alternatives such as averaging the two branch errors or using a single deeper reconstruction network. This is critical because the skeptic's concern requires evidence that the fusion is provably superior and does not introduce new artifacts.
  3. [§3.1] §3.1 (Frequency Decomposition and Training Strategy): the framework rests on the assumption that high-frequency content carries the primary anomaly signal and that the customized training ensures truly independent branch learning without cross-branch leakage. No spectrum analysis, gradient-isolation metrics, or controlled ablation isolating the high-frequency branch contribution is described; if high-frequency components are largely noise or redundant, the decoupling may not address the claimed mismatch.
minor comments (2)
  1. [Introduction] The term 'full-frequency' characteristic is introduced in the abstract and introduction but lacks a precise mathematical definition or reference to standard signal-processing notions of frequency content in traffic images; adding this would improve clarity.
  2. [§4] Figure captions and axis labels in the experimental results should explicitly state the number of runs and whether shaded regions represent standard deviation or confidence intervals.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed comments. We address each major point below and will incorporate the suggested controls and ablations to strengthen the experimental validation and supporting analyses.

read point-by-point responses

  1. Referee: [§4] §4 (Experiments and Results): the claim of consistent outperformance over SOTA baselines is load-bearing for the central contribution, yet the reported setup provides no details on data splits, error bars across runs, or controls for total model capacity (e.g., ablation against a single-branch network with parameter count matched to the dual-branch FreeUp). Without these, gains could arise from increased capacity or altered optimization dynamics rather than frequency decoupling per se, directly weakening the argument that spectral mismatch is the primary limiter.

    Authors: We agree these details are necessary to isolate the contribution of frequency decoupling. In the revised manuscript we will expand §4 to specify the data splitting protocol (including temporal splits to prevent leakage), report mean performance with standard deviation across at least five independent runs with different random seeds, and add a capacity-matched single-branch ablation whose total parameter count equals that of FreeUp. These additions will allow direct assessment of whether the observed gains derive from the proposed decoupling rather than capacity or optimization effects. revision: yes

  2. Referee: [§3.2] §3.2 (Uncertainty-inspired Fusion): the fusion scoring mechanism is presented as necessary for dual-branch architectures because simple reconstruction error is inadequate, but no ablation compares it to alternatives such as averaging the two branch errors or using a single deeper reconstruction network. This is critical because the skeptic's concern requires evidence that the fusion is provably superior and does not introduce new artifacts.

    Authors: We acknowledge that explicit comparisons are required to substantiate the fusion design. The revised version will include new ablations in §3.2 that directly compare the uncertainty-inspired fusion against (i) simple averaging of the per-branch reconstruction errors and (ii) a single deeper reconstruction network with parameter count matched to the dual-branch model. These experiments will quantify detection performance and stability, confirming whether the proposed fusion yields superior and artifact-free scores. revision: yes

  3. Referee: [§3.1] §3.1 (Frequency Decomposition and Training Strategy): the framework rests on the assumption that high-frequency content carries the primary anomaly signal and that the customized training ensures truly independent branch learning without cross-branch leakage. No spectrum analysis, gradient-isolation metrics, or controlled ablation isolating the high-frequency branch contribution is described; if high-frequency components are largely noise or redundant, the decoupling may not address the claimed mismatch.

    Authors: The manuscript identifies the full-frequency characteristic but does not present the requested supporting visualizations or isolation metrics. We will revise §3.1 to add frequency-spectrum plots of the traffic data, gradient-isolation statistics demonstrating limited cross-branch leakage under the customized training strategy, and a controlled ablation that removes the high-frequency branch to measure its isolated contribution. These additions will directly test whether the high-frequency band supplies discriminative signal rather than noise. revision: yes

Circularity Check

0 steps flagged

No circularity: derivation chain is self-contained and independent of fitted inputs or self-citations.

full rationale

The paper introduces FreeUp as a novel frequency-decoupled framework that decomposes encrypted traffic into low- and high-frequency bands, processes them via separate branches with a customized training strategy, and fuses outputs using an uncertainty-inspired scoring mechanism. No equations, derivations, or first-principles results are shown that reduce the anomaly score or performance claims to fitted parameters by construction. The spectral mismatch identification and proposed components are presented as addressing limitations in prior image-based methods without load-bearing reliance on self-citations, uniqueness theorems from the same authors, or renaming of known empirical patterns. The central claims rest on the independent design of the dual-branch architecture and fusion mechanism, making the derivation self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Abstract-only review prevents full enumeration; the core claim rests on the domain assumption of pervasive high-frequency content in encrypted traffic and the ad-hoc design of separate branches plus fusion, with no free parameters or invented entities explicitly named.

axioms (1)
  • domain assumption Encrypted traffic exhibits prominent high-frequency components while reconstruction methods bias toward low-frequency information
    Stated directly as the identified pervasive characteristic and limitation in the abstract.

pith-pipeline@v0.9.0 · 5536 in / 1116 out tokens · 55911 ms · 2026-05-10T16:09:33.921744+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages

  1. [1]

    Leveraging human-in-the-loop machine learning and gan-synthesized data for intrusion detection in unmanned aerial vehicle networks

    Qingli Zeng and Farid Na ¨ıt-Abdesselam. Leveraging human-in-the-loop machine learning and gan-synthesized data for intrusion detection in unmanned aerial vehicle networks. InICC, pages 1557–1562, 2024

    work page 2024

  2. [2]

    Bijack: Breaking bitcoin network with tcp vulnerabilities

    Shaoyu Li, Shanghao Shi, Yang Xiao, Chaoyu Zhang, Y Thomas Hou, and Wenjing Lou. Bijack: Breaking bitcoin network with tcp vulnerabilities. InESORICS, pages 306–326, 2023

    work page 2023

  3. [3]

    Multi-view multi-label network traffic classification based on mlp- mixer neural network.Computer Networks, 253:110746, 2024

    Yu Zheng, Zhangxuan Dang, Xinglin Lian, Chunlei Peng, and Xinbo Gao. Multi-view multi-label network traffic classification based on mlp- mixer neural network.Computer Networks, 253:110746, 2024

    work page 2024

  4. [4]

    Enhancing UA V network security: A human-in-the-loop and gan-based approach to intrusion detection.IEEE Internet of Things Journal, 12(12):20870–20884, 2025

    Qingli Zeng and Farid Na ¨ıt-Abdesselam. Enhancing UA V network security: A human-in-the-loop and gan-based approach to intrusion detection.IEEE Internet of Things Journal, 12(12):20870–20884, 2025

    work page 2025

  5. [5]

    Xinchen Zhang, Running Zhao, Zhihan Jiang, Handi Chen, Yulong Ding, Edith C. H. Ngai, and Shuang-Hua Yang. Continual learning with strategic selection and forgetting for network intrusion detection. In INFOCOM, pages 1–10, 2025

    work page 2025

  6. [6]

    ECNet: Robust malicious network traffic detection with multi-view feature and confidence mechanism.IEEE Transactions on Information Forensics and Security, 19:6871–6885, 2024

    Xueying Han, Song Liu, Junrong Liu, Bo Jiang, Zhigang Lu, and Baoxu Liu. ECNet: Robust malicious network traffic detection with multi-view feature and confidence mechanism.IEEE Transactions on Information Forensics and Security, 19:6871–6885, 2024

    work page 2024

  7. [7]

    FGA-IDS: A federated learning and gan-augmented intrusion detection system for UA V networks

    Qingli Zeng, Semire Olatunde-Salawu, and Farid Na ¨ıt-Abdesselam. FGA-IDS: A federated learning and gan-augmented intrusion detection system for UA V networks. InCIC, pages 50–59, 2024

    work page 2024

  8. [8]

    Dynamic multi-scale topological representation for enhancing network intrusion detection

    Meihui Zhong, Mingwei Lin, and Zhu He. Dynamic multi-scale topological representation for enhancing network intrusion detection. Computers & Security, 135:103516, 2023

    work page 2023

  9. [9]

    Noise resistant encrypted malicious traffic detection through kernel-enhanced contrastive view alignment.IEEE Transactions on Networking, pages 1–13, 2025

    Meihui Zhong, Ting Zhong, Yong Wang, Kai Chen, and Fan Zhou. Noise resistant encrypted malicious traffic detection through kernel-enhanced contrastive view alignment.IEEE Transactions on Networking, pages 1–13, 2025

    work page 2025

  10. [10]

    Xinchen Zhang, Running Zhao, Zhihan Jiang, Zhicong Sun, Yulong Ding, Edith C. H. Ngai, and Shuang-Hua Yang. AOC-IDS: autonomous online framework with contrastive learning for intrusion detection. In INFOCOM, pages 581–590, 2024

    work page 2024

  11. [11]

    Facing Anomalies Head-On: Network traffic anomaly detection via uncertainty-inspired inter-sample differences

    Xinglin Lian, Chengtai Cao, Yan Liu, Xovee Xu, Yu Zheng, and Fan Zhou. Facing Anomalies Head-On: Network traffic anomaly detection via uncertainty-inspired inter-sample differences. InWWW, pages 3908– 3917, 2025

    work page 2025

  12. [12]

    A novel self-supervised framework based on masked autoencoder for traffic classification.IEEE/ACM Transactions on Networking, 32(3):2012–2025, 2024

    Ruijie Zhao, Mingwei Zhan, Xianwen Deng, Fangqi Li, Yanhao Wang, Yijun Wang, Guan Gui, and Zhi Xue. A novel self-supervised framework based on masked autoencoder for traffic classification.IEEE/ACM Transactions on Networking, 32(3):2012–2025, 2024

    work page 2012

  13. [13]

    ATVITSC: A novel encrypted traffic classification method based on deep learning.IEEE Transactions on Information Forensics and Security, 19:9374–9389, 2024

    Ya Liu, Xiao Wang, Bo Qu, and Fengyu Zhao. ATVITSC: A novel encrypted traffic classification method based on deep learning.IEEE Transactions on Information Forensics and Security, 19:9374–9389, 2024

    work page 2024

  14. [14]

    Semi-supervised anomaly traffic detection via multi-frequency reconstruction.Pattern Recognition, 161:111215, 2025

    Xinglin Lian, Yu Zheng, Zhangxuan Dang, Chunlei Peng, and Xinbo Gao. Semi-supervised anomaly traffic detection via multi-frequency reconstruction.Pattern Recognition, 161:111215, 2025

    work page 2025

  15. [15]

    ARCADE: adversarially regularized convolutional autoencoder for network anomaly detection.IEEE Transactions on Network and Service Management, 20(2):1305–1318, 2023

    Willian Tessaro Lunardi, Martin Andreoni Lopez, and Jean Pierre Gi- acalone. ARCADE: adversarially regularized convolutional autoencoder for network anomaly detection.IEEE Transactions on Network and Service Management, 20(2):1305–1318, 2023

    work page 2023

  16. [16]

    Samet Akcay, Amir Atapour Abarghouei, and Toby P. Breckon. GANomaly: Semi-supervised anomaly detection via adversarial training. InACCV, pages 622–637, 2018

    work page 2018

  17. [17]

    A semi-supervised anomaly network traffic detection framework via multimodal traffic information fusion

    Yu Zheng, Xinglin Lian, Zhangxuan Dang, Chunlei Peng, Chao Yang, and Jianfeng Ma. A semi-supervised anomaly network traffic detection framework via multimodal traffic information fusion. InCIKM, pages 4455–4459, 2023

    work page 2023

  18. [18]

    ET-BERT: A contextualized datagram representation with pre- training transformers for encrypted traffic classification

    Xinjie Lin, Gang Xiong, Gaopeng Gou, Zhen Li, Junzheng Shi, and Jing Yu. ET-BERT: A contextualized datagram representation with pre- training transformers for encrypted traffic classification. InWWW, pages 633–642, 2022

    work page 2022

  19. [19]

    Spectral bias in practice: The role of function frequency in general- ization

    Sara Fridovich-Keil, Raphael Gontijo Lopes, and Rebecca Roelofs. Spectral bias in practice: The role of function frequency in general- ization. InNeurIPS, 2022

    work page 2022

  20. [20]

    Frequency-aware feature fusion for dense image predic- tion.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12):10763–10780, 2024

    Linwei Chen, Ying Fu, Lin Gu, Chenggang Yan, Tatsuya Harada, and Gao Huang. Frequency-aware feature fusion for dense image predic- tion.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12):10763–10780, 2024

    work page 2024

  21. [21]

    GLAD: towards better reconstruction with global and local adaptive diffusion models for unsupervised anomaly detection

    Hang Yao, Ming Liu, Zhicun Yin, Zifei Yan, Xiaopeng Hong, and Wangmeng Zuo. GLAD: towards better reconstruction with global and local adaptive diffusion models for unsupervised anomaly detection. In ECCV, volume 15129, pages 1–17, 2024

    work page 2024

  22. [22]

    Deep learning face attributes in the wild

    Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. Deep learning face attributes in the wild. InICCV, pages 3730–3738, 2015

    work page 2015

  23. [23]

    MVTec AD - A comprehensive real-world dataset for unsupervised anomaly detection

    Paul Bergmann, Michael Fauser, David Sattlegger, and Carsten Steger. MVTec AD - A comprehensive real-world dataset for unsupervised anomaly detection. InCVPR, pages 9592–9600, 2019

    work page 2019

  24. [24]

    Bing Tu, Xianchang Yang, Wei He, Jun Li, and Antonio Plaza. Hy- perspectral anomaly detection using reconstruction fusion of quaternion frequency domain analysis.IEEE Transactions on Neural Networks and Learning Systems, 35(6):8358–8372, 2024

    work page 2024

  25. [25]

    Yasir Ali Farrukh, Syed Wali, Irfan Khan, and Nathaniel D. Bastian. SeNet-I: An approach for detecting network intrusions through seri- alized network traffic images.Engineering Applications of Artificial Intelligence, 126(Part D):107169, 2023

    work page 2023

  26. [26]

    Detection of doh tunnels us- ing time-series classification of encrypted traffic

    Mohammadreza MontazeriShatoori, Logan Davidson, Gurdip Kaur, and Arash Habibi Lashkari. Detection of doh tunnels us- ing time-series classification of encrypted traffic. InIEEE DASC/PiCom/CBDCom/CyberSciTech, pages 63–70, 2020

    work page 2020

  27. [27]

    unFlowS: An unsupervised construction scheme of flow spectrum for network traffic detection.IEEE Transac- tions on Information Forensics and Security, 20:3330–3345, 2025

    Luming Yang, Yongjun Wang, Lin Liu, Junjie Huang, Jiangyong Shi, Shaojing Fu, and Shize Guo. unFlowS: An unsupervised construction scheme of flow spectrum for network traffic detection.IEEE Transac- tions on Information Forensics and Security, 20:3330–3345, 2025

    work page 2025

  28. [28]

    Catch missing details: Image reconstruction with frequency augmented variational autoencoder

    Xinmiao Lin, Yikang Li, Jenhao Hsiao, Chiuman Ho, and Yu Kong. Catch missing details: Image reconstruction with frequency augmented variational autoencoder. InCVPR, pages 1736–1745, 2023

    work page 2023

  29. [29]

    Point cloud analysis for ml-based malicious traffic detection: Reducing majorities of false positive alarms

    Chuanpu Fu, Qi Li, Ke Xu, and Jianping Wu. Point cloud analysis for ml-based malicious traffic detection: Reducing majorities of false positive alarms. InCCS, pages 1005–1019, 2023

    work page 2023

  30. [30]

    Deep evidential regression

    Alexander Amini, Wilko Schwarting, Ava Soleimany, and Daniela Rus. Deep evidential regression. InNeurIPS, pages 14927–14937, 2020

    work page 2020

  31. [31]

    Big data bayesian linear regression and variable selection by normal-inverse-gamma summation.Bayesian Analysis, 13(4):1011– 1035, 2018

    Hang Qian. Big data bayesian linear regression and variable selection by normal-inverse-gamma summation.Bayesian Analysis, 13(4):1011– 1035, 2018

    work page 2018

  32. [32]

    Ghorbani

    Euclides Carlos Pinto Neto, Sajjad Dadkhah, Raphael Ferreira, Alireza Zohourian, Rongxing Lu, and Ali A. Ghorbani. CICIoT2023: A real- time dataset and benchmark for large-scale attacks in iot environment. Sensors, 23(13):5941, 2023

    work page 2023

  33. [33]

    Ghorbani

    Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun, and Ali A. Ghorbani. Characterization of tor traffic using time based features. InICISSP, pages 253–262. SciTePress, 2017

    work page 2017

  34. [34]

    PhoGAD: Graph- based anomaly behavior detection with persistent homology optimiza- tion

    Ziqi Yuan, Haoyi Zhou, Tianyu Chen, and Jianxin Li. PhoGAD: Graph- based anomaly behavior detection with persistent homology optimiza- tion. InWSDM, pages 920–929, 2024

    work page 2024

  35. [35]

    Deep autoencoding gaussian mixture model for unsupervised anomaly detection

    Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Dae-ki Cho, and Haifeng Chen. Deep autoencoding gaussian mixture model for unsupervised anomaly detection. InICLR, 2018

    work page 2018

  36. [36]

    Neural transformation learning for deep anomaly detection beyond images

    Chen Qiu, Timo Pfrommer, Marius Kloft, Stephan Mandt, and Maja Rudolph. Neural transformation learning for deep anomaly detection beyond images. InICML, pages 8703–8714, 2021

    work page 2021

  37. [37]

    MCM: masked cell modeling for anomaly detection in tabular data

    Jiaxin Yin, Yuanyuan Qiao, Zitang Zhou, Xiangchao Wang, and Jie Yang. MCM: masked cell modeling for anomaly detection in tabular data. InICLR, 2024

    work page 2024

  38. [38]

    Anomaly Transformer: Time series anomaly detection with association discrep- ancy

    Jiehui Xu, Haixu Wu, Jianmin Wang, and Mingsheng Long. Anomaly Transformer: Time series anomaly detection with association discrep- ancy. InICLR, 2022

    work page 2022

  39. [39]

    TSLANet: Rethinking transformers for time series represen- tation learning

    Emadeldeen Eldele, Mohamed Ragab, Zhenghua Chen, Min Wu, and Xiaoli Li. TSLANet: Rethinking transformers for time series represen- tation learning. InICML, pages 12409–12428, 2024

    work page 2024

  40. [40]

    Payload level anomaly network traffic detection via semi-supervised contrastive learning

    Xinglin Lian, Yang Liu, Shanfeng Wang, and Yu Zheng. Payload level anomaly network traffic detection via semi-supervised contrastive learning. InTrustCom, pages 2559–2566, 2024

    work page 2024

  41. [41]

    Semi-supervised learning for anomaly traffic detection via bidirectional normalizing flows.IEEE Transactions on Network and Service Management, 22(5):5106–5117, 2025

    Zhangxuan Dang, Yu Zheng, Xinglin Lian, Chunlei Peng, Qiuyu Chen, and Xinbo Gao. Semi-supervised learning for anomaly traffic detection via bidirectional normalizing flows.IEEE Transactions on Network and Service Management, 22(5):5106–5117, 2025

    work page 2025

  42. [42]

    TimesNet: Temporal 2d-variation modeling for general time series analysis

    Haixu Wu, Tengge Hu, Yong Liu, Hang Zhou, Jianmin Wang, and Mingsheng Long. TimesNet: Temporal 2d-variation modeling for general time series analysis. InICLR, 2023

    work page 2023