In this paper, we present a novel algorithm and efficient data structure for anomaly detection based on temporal data. Time-series data are represented by a sequence of symbolic time intervals, describing increasing and decreasing trends, in a compact way using gradient temporal abstraction technique. Then we identify unusual subsequences in the resulting sequence using dynamic data structure based on the geometric observations supporting polylogarithmic update and query times. Moreover, we introduce a new parameter to control the pairwise difference between the corresponding symbols in addition to a distance metric between the subsequences. THAAD is evaluated on a large dataset of public DNS attacks and compared with a number of baseline algorithms. We find that THAAD outperforms other approaches, achieving up to 11% improvement in True Positive Rate (TPR) and False Negative Rate (FNR).

在本文中，我们提出了一种新的算法和有效的数据结构，用于基于时间数据的异常检测。时间序列数据由一系列符号时间间隔表示，使用梯度时间抽象技术以紧凑的方式描述增加和减少的趋势。然后，我们使用基于支持多对数更新和查询时间的几何观察的动态数据结构来识别结果序列中的异常子序列。此外，除了子序列之间的距离度量之外，我们还引入了一个新参数来控制相应符号之间的成对差异。THAAD 在公共 DNS 攻击的大型数据集上进行了评估，并与许多基线算法进行了比较。我们发现 THAAD 优于其他方法，