Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Large Language Models can Deliver Accurate and Interpretable Time Series Anomaly Detection (2405.15370v1)

Published 24 May 2024 in cs.CL

Abstract: Time series anomaly detection (TSAD) plays a crucial role in various industries by identifying atypical patterns that deviate from standard trends, thereby maintaining system integrity and enabling prompt response measures. Traditional TSAD models, which often rely on deep learning, require extensive training data and operate as black boxes, lacking interpretability for detected anomalies. To address these challenges, we propose LLMAD, a novel TSAD method that employs LLMs to deliver accurate and interpretable TSAD results. LLMAD innovatively applies LLMs for in-context anomaly detection by retrieving both positive and negative similar time series segments, significantly enhancing LLMs' effectiveness. Furthermore, LLMAD employs the Anomaly Detection Chain-of-Thought (AnoCoT) approach to mimic expert logic for its decision-making process. This method further enhances its performance and enables LLMAD to provide explanations for their detections through versatile perspectives, which are particularly important for user decision-making. Experiments on three datasets indicate that our LLMAD achieves detection performance comparable to state-of-the-art deep learning methods while offering remarkable interpretability for detections. To the best of our knowledge, this is the first work that directly employs LLMs for TSAD.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (57)
  1. Gpt-4 technical report. arXiv preprint arXiv:2303.08774 (2023).
  2. Anomaly detection on big data in financial markets. In Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017. 998–1001.
  3. Toward explainable deep neural network based anomaly detection. In 2018 11th international conference on human system interaction (HSI). IEEE, 311–317.
  4. A review on outlier/anomaly detection in time series data. ACM Computing Surveys (CSUR) 54, 3 (2021), 1–33.
  5. Language models are few-shot learners. Advances in neural information processing systems 33 (2020), 1877–1901.
  6. Language Models are Few-Shot Learners. arXiv:2005.14165 [cs.CL]
  7. Automatic root cause analysis via large language models for cloud incidents. In Proceedings of the Nineteenth European Conference on Computer Systems. 674–688.
  8. ImDiffusion: Imputed Diffusion Models for Multivariate Time Series Anomaly Detection. Proceedings of the VLDB Endowment 17, 3 (2023), 359–372.
  9. Anomaly detection for IoT time-series data: A survey. IEEE Internet of Things Journal 7, 7 (2019), 6481–6494.
  10. Time Series Anomaly Detection Based on Language Model. In Proceedings of the Eleventh ACM International Conference on Future Energy Systems. 544–547.
  11. Everything of thoughts: Defying the law of penrose triangle for thought generation. arXiv preprint arXiv:2311.04254 (2023).
  12. A survey on in-context learning. arXiv preprint arXiv:2301.00234 (2022).
  13. Is chatgpt a good causal reasoner? a comprehensive evaluation. arXiv preprint arXiv:2305.07375 (2023).
  14. Large language models are zero-shot time series forecasters. Advances in Neural Information Processing Systems 36 (2024).
  15. The elements of statistical learning: data mining, inference, and prediction. Vol. 2. Springer.
  16. Unsupervised online anomaly detection on multivariate sensing time series data for smart manufacturing. In 2019 IEEE 12th conference on service-oriented computing and applications (SOCA). IEEE, 90–97.
  17. Exathlon: A benchmark for explainable anomaly detection over time series. arXiv preprint arXiv:2010.05073 (2020).
  18. Exathlon: a benchmark for explainable anomaly detection over time series. Proceedings of the VLDB Endowment 14, 11 (2021), 2613–2626.
  19. Xpert: Empowering incident management with query recommendations via large language models. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13.
  20. Time-llm: Time series forecasting by reprogramming large language models. arXiv preprint arXiv:2310.01728 (2023).
  21. Large models for time series and spatio-temporal data: A survey and outlook. arXiv preprint arXiv:2310.10196 (2023).
  22. Position Paper: What Can Large Language Models Tell Us about Time Series Analysis. arXiv preprint arXiv:2402.02713 (2024).
  23. Assess and Summarize: Improve Outage Understanding with Large Language Models. In Proceedings of the Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).
  24. Eamonn Keogh and Chotirat Ann Ratanamahatana. 2005. Exact indexing of dynamic time warping. Knowledge and information systems 7 (2005), 358–386.
  25. Anomaly detection in time series with robust variational quasi-recurrent autoencoders. In 2022 IEEE 38th International Conference on Data Engineering (ICDE). IEEE, 1342–1354.
  26. Large language models are zero-shot reasoners. Advances in neural information processing systems 35 (2022), 22199–22213.
  27. A benchmark dataset for time series anomaly detection. von Yahoo Research (2015).
  28. Constructing large-scale real-world benchmark datasets for aiops. arXiv preprint arXiv:2208.03938 (2022).
  29. Logprompt: Prompt engineering towards zero-shot and interpretable log analysis. arXiv preprint arXiv:2308.07610 (2023).
  30. Robust and rapid adaption for concept drift in software system anomaly detection. In 2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 13–24.
  31. Meta. 2024. Introducing Meta Llama 3: The Most Capable Openly Available LLM to Date. https://ai.meta.com/blog/meta-llama-3/
  32. Rethinking the role of demonstrations: What makes in-context learning work? arXiv preprint arXiv:2202.12837 (2022).
  33. Explainable anomaly detection on high-dimensional time series data. In Proceedings of the 15th ACM International Conference on Distributed and Event-based Systems. 2–14.
  34. Time-series anomaly detection service at microsoft. In Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining. 3009–3017.
  35. Stan Salvador and Philip Chan. 2004. FastDTW: Toward accurate dynamic time warping in linear time and space. In KDD workshop on mining temporal and sequential data, Vol. 6. Seattle, Washington, 70–80.
  36. Anomaly detection in time series: a comprehensive evaluation. Proceedings of the VLDB Endowment 15, 9 (2022), 1779–1797.
  37. Anomaly detection in streams with extreme value theory. In Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. 1067–1075.
  38. Large Language Models for Forecasting and Anomaly Detection: A Systematic Literature Review. arXiv preprint arXiv:2402.10350 (2024).
  39. GRU-based interpretable multivariate time series anomaly detection in industrial control system. Computers & Security 127 (2023), 103094.
  40. Llama 2: Open foundation and fine-tuned chat models. arXiv preprint arXiv:2307.09288 (2023).
  41. Root Cause Analysis for Microservice Systems via Hierarchical Reinforcement Learning from Human Feedback. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. 5116–5125.
  42. Experimental comparison of representation methods and distance measures for time series data. Data Mining and Knowledge Discovery 26 (2013), 275–309.
  43. Chain-of-thought prompting elicits reasoning in large language models. Advances in neural information processing systems 35 (2022), 24824–24837.
  44. Identifying root-cause metrics for incident diagnosis in online service systems. In 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE). IEEE, 91–102.
  45. Unsupervised anomaly detection via variational auto-encoder for seasonal kpis in web applications. In Proceedings of the 2018 world wide web conference. 187–196.
  46. Anomaly transformer: Time series anomaly detection with association discrepancy. arXiv preprint arXiv:2110.02642 (2021).
  47. Temporal Data Meets LLM–Explainable Financial Time Series Forecasting. arXiv preprint arXiv:2306.11025 (2023).
  48. Hamed Zamani and W Bruce Croft. 2016. Embedding-based query language models. In Proceedings of the 2016 ACM international conference on the theory of information retrieval. 147–156.
  49. TraceArk: Towards Actionable Performance Anomaly Alerting for Online Service Systems. In 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 258–269.
  50. UFO: A UI-Focused Agent for Windows OS Interaction. arXiv preprint arXiv:2402.07939 (2024).
  51. AllHands: Ask Me Anything on Large-scale Verbatim Feedback via Large Language Models. arXiv preprint arXiv:2403.15157 (2024).
  52. A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data. In Proceedings of the AAAI conference on artificial intelligence, Vol. 33. 1409–1416.
  53. TFAD: A decomposition time series anomaly detection architecture with time-frequency analysis. In Proceedings of the 31st ACM International Conference on Information & Knowledge Management. 2497–2507.
  54. Efficient kpi anomaly detection through transfer learning for large-scale web services. IEEE Journal on Selected Areas in Communications 40, 8 (2022), 2440–2455.
  55. Informer: Beyond efficient transformer for long sequence time-series forecasting. In Proceedings of the AAAI conference on artificial intelligence, Vol. 35. 11106–11115.
  56. One fits all: Power general time series analysis by pretrained lm. Advances in neural information processing systems 36 (2024).
  57. Multi-instance multi-label learning. Artificial Intelligence 176, 1 (2012), 2291–2320.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube