Anomaly Detection Market size was valued at USD 5.66 Billion in 2024 and is projected to reach USD 19.4 Billion by 2031, growing at a CAGR of 16.65% from 2024 to 2031.

The Anomaly Detection market is experiencing significant growth driven by several key factors. One primary driver is the escalating frequency and sophistication of cyber threats and security breaches across industries, compelling organizations to adopt advanced anomaly detection solutions to safeguard their digital assets and sensitive data. Additionally, the proliferation of big data and the Internet of Things (IoT) generates vast volumes of data that traditional security measures struggle to monitor effectively, creating a pressing need for anomaly detection capabilities. Moreover, the increasing adoption of artificial intelligence (AI) and machine learning (ML) technologies enhances anomaly detection algorithms' accuracy and efficacy, enabling organizations to detect and mitigate anomalies in real-time. Furthermore, stringent regulatory requirements and compliance standards, particularly in sectors such as finance, healthcare, and telecommunications, are driving the adoption of anomaly detection solutions to ensure regulatory compliance and mitigate risks. Additionally, the growing demand for anomaly detection in fraud detection, network security, and operational monitoring applications further fuels market growth, presenting lucrative opportunities for vendors in the Anomaly Detection market.

The anomaly detection technology market, valued at $4.91 billion in 2025, is projected to experience robust growth, driven by the increasing volume and complexity of data across various sectors. A Compound Annual Growth Rate (CAGR) of 4.9% from 2025 to 2033 indicates a significant market expansion, fueled by the rising adoption of big data analytics, machine learning, and artificial intelligence (AI) across industries. Key drivers include the growing need for enhanced cybersecurity, fraud detection, and predictive maintenance. The BFSI (Banking, Financial Services, and Insurance) sector, manufacturing, and healthcare are leading adopters, leveraging anomaly detection to improve operational efficiency, mitigate risks, and enhance customer experiences. The market segmentation reveals strong demand for solutions utilizing machine learning and AI, reflecting the industry's shift towards sophisticated and automated anomaly detection capabilities. While data privacy concerns and the complexity of implementing and maintaining these systems present some restraints, the overall market outlook remains positive due to continuous technological advancements and the increasing awareness of the benefits of proactive risk management. The continued integration of anomaly detection into cloud-based platforms like Microsoft Azure and Google Cloud Platform further accelerates market growth. This allows for scalable and cost-effective deployment, making the technology accessible to a broader range of businesses. Competition among established players like IBM, Dell Technologies, and Cisco, alongside specialized security companies such as Splunk and Rapid7, fosters innovation and drives down costs. The Asia-Pacific region, particularly India and China, is poised for significant growth due to increasing digitalization and the expanding adoption of advanced technologies. North America will likely maintain a dominant market share due to early adoption and the presence of major technology companies. However, Europe and the Middle East & Africa are also expected to witness substantial growth as organizations prioritize cybersecurity and operational resilience.

The Anomaly Detection Technology market is experiencing robust growth, projected to reach a market size of $6,650.9 million in 2025. While the CAGR isn't explicitly provided, considering the rapid advancements in AI, machine learning, and the increasing need for cybersecurity and predictive maintenance across diverse sectors, a conservative estimate of the CAGR for the forecast period (2025-2033) would be around 15-20%. This growth is fueled by several key drivers. The increasing volume and complexity of data generated by businesses necessitates advanced analytics for identifying unusual patterns indicative of fraud, security breaches, equipment malfunctions, or other critical events. Furthermore, the rising adoption of cloud computing and the expanding deployment of IoT devices are contributing significantly to market expansion. The BFSI, manufacturing, and healthcare sectors are leading adopters, leveraging anomaly detection to improve risk management, optimize operational efficiency, and enhance customer experience. However, challenges remain, including the complexity of implementing and integrating anomaly detection solutions, the need for specialized expertise, and concerns related to data privacy and security. The market is segmented by type (Big Data Analytics, Data Mining and Business Intelligence, Machine Learning and Artificial Intelligence, Others) and application (BFSI, Manufacturing, Retail, Healthcare, Government, IT & Telecom, Others), reflecting the diverse applications of this technology. The competitive landscape is characterized by a mix of established technology giants like IBM, Microsoft, and Cisco, alongside specialized anomaly detection vendors. The future of the Anomaly Detection Technology market is bright, with continued growth driven by technological innovation and increasing adoption across various industries. The development of more sophisticated algorithms, improved data visualization tools, and the integration of anomaly detection into existing business processes will further fuel market expansion. The focus on addressing challenges related to data privacy and security, coupled with the emergence of specialized solutions catering to specific industry needs, will shape the market's trajectory in the coming years. While economic fluctuations and competitive pressures might influence growth rates, the fundamental need for advanced anomaly detection capabilities across multiple sectors guarantees the market's long-term viability and potential for substantial growth.

Anomaly Detection Service Market Outlook

The anomaly detection service market size is poised for substantial growth, with its valuation estimated at USD 4.5 billion in 2023 and projected to reach USD 12.8 billion by 2032, reflecting a robust CAGR of 12.4% during the forecast period. The exponential growth trajectory of this market is underpinned by several critical factors, including the increasing reliance on data-driven decision-making across industries, the rising sophistication of cyber threats, and the need for real-time monitoring and analysis. The growing integration of advanced technologies such as artificial intelligence and machine learning in anomaly detection solutions is further catalyzing market expansion by enhancing accuracy and reducing false positives.

One of the primary growth drivers of the anomaly detection service market is the escalating volume of data generated across diverse sectors. With the proliferation of IoT devices, mobile applications, and digital platforms, industries are inundated with massive datasets that require real-time analysis to derive actionable insights. Anomaly detection services provide the capability to sift through vast amounts of data to identify irregular patterns and potential threats, enabling organizations to act swiftly and mitigate risks. Additionally, the increasing focus on enhanced customer experiences and operational efficiency is propelling businesses to invest in robust anomaly detection solutions that ensure seamless operations and prevent disruptions.

The mounting frequency and complexity of cyberattacks have significantly contributed to the demand for advanced anomaly detection services. As cybercriminals employ more sophisticated methods to breach security systems, traditional security measures are often inadequate. Anomaly detection services, leveraging machine learning and artificial intelligence, can detect unusual patterns and deviations from normal behavior, thus providing an additional layer of security against cyber threats. Furthermore, regulatory requirements mandating data protection and privacy have compelled organizations to adopt anomaly detection solutions to comply with standards and safeguard sensitive information, driving further market growth.

Technological advancements and innovations in the field of artificial intelligence and big data analytics are playing a pivotal role in shaping the anomaly detection service market. These technologies enable the development of more refined and accurate detection models that can process and analyze data in real time. The integration of AI and ML algorithms not only increases the precision of anomaly detection but also helps in predicting future anomalies, thereby allowing organizations to take pre-emptive measures. The ability to customize and scale solutions according to specific organizational needs is another factor that is attracting enterprises towards investing in anomaly detection services.

The regional outlook for the anomaly detection service market is characterized by significant variations in growth rates and adoption patterns across different geographies. North America remains a dominant region due to the early adoption of cutting-edge technologies, a strong emphasis on cybersecurity, and substantial investments in IT infrastructure. Europe is also witnessing steady growth, driven by stringent regulatory norms and the increasing focus on safeguarding digital assets. Meanwhile, the Asia Pacific region is anticipated to exhibit the highest CAGR over the forecast period, fueled by rapid digital transformation, expanding IT and telecommunications sectors, and increasing awareness about the importance of cybersecurity in emerging economies.

Component Analysis

In the anomaly detection service market, the component segmentation into software and services encapsulates a dynamic aspect of market growth. The software segment is witnessing a significant surge in demand as organizations increasingly seek sophisticated tools capable of real-time anomaly detection. These software solutions, often powered by AI and ML algorithms, facilitate the seamless integration of data from various sources, enhancing overall system efficiency. The burgeoning need for customizable and scalable solutions that can be tailored to specific industry requirements positions the software segment as a pivotal growth driver in the anomaly detection landscape.

On the other hand, the services segment is equally pivotal,

There has been a tremendous increase in the volume of sensor data collected over the last decade for different monitoring tasks. For example, petabytes of earth science data are collected from modern satellites, in-situ sensors and different climate models. Similarly, huge amount of flight operational data is downloaded for different commercial airlines. These different types of datasets need to be analyzed for finding outliers. Information extraction from such rich data sources using advanced data mining methodologies is a challenging task not only due to the massive volume of data, but also because these datasets are physically stored at different geographical locations with only a subset of features available at any location. Moving these petabytes of data to a single location may waste a lot of bandwidth. To solve this problem, in this paper, we present a novel algorithm which can identify outliers in the entire data without moving all the data to a single location. The method we propose only centralizes a very small sample from the different data subsets at different locations. We analytically prove and experimentally verify that the algorithm offers high accuracy compared to complete centralization with only a fraction of the communication cost. We show that our algorithm is highly relevant to both earth sciences and aeronautics by describing applications in these domains. The performance of the algorithm is demonstrated on two large publicly available datasets: (1) the NASA MODIS satellite images and (2) a simulated aviation dataset generated by the ‘Commercial Modular Aero-Propulsion System Simulation’ (CMAPSS).

We present a set of novel algorithms which we call sequenceMiner, that detect and characterize anomalies in large sets of high-dimensional symbol sequences that arise from recordings of switch sensors in the cockpits of commercial airliners. While the algorithms we present are general and domain-independent, we focus on a specific problem that is critical to determining system-wide health of a fleet of aircraft. The approach taken uses unsupervised clustering of sequences using the normalized length of he longest common subsequence (nLCS) as a similarity measure, followed by a detailed analysis of outliers to detect anomalies. In this method, an outlier sequence is defined as a sequence that is far away from a cluster. We present new algorithms for outlier analysis that provide comprehensible indicators as to why a particular sequence is deemed to be an outlier. The algorithm provides a coherent description to an analyst of the anomalies in the sequence when compared to more normal sequences. The final section of the paper demonstrates the effectiveness of sequenceMiner for anomaly detection on a real set of discrete sequence data from a fleet of commercial airliners. We show that sequenceMiner discovers actionable and operationally significant safety events. We also compare our innovations with standard HiddenMarkov Models, and show that our methods are superior

The anomaly detection market is experiencing robust growth, fueled by the increasing volume and complexity of data generated across various industries. A compound annual growth rate (CAGR) of 16.22% from 2019 to 2024 suggests a significant market expansion, driven by the imperative for businesses to enhance cybersecurity, improve operational efficiency, and gain valuable insights from their data. Key drivers include the rising adoption of cloud computing, the proliferation of IoT devices generating massive datasets, and the growing need for real-time fraud detection and prevention, particularly within the BFSI (Banking, Financial Services, and Insurance) sector. The market is segmented by solution type (software, services), end-user industry (BFSI, manufacturing, healthcare, IT and telecommunications, others), and deployment (on-premise, cloud). The cloud deployment segment is anticipated to witness faster growth due to its scalability, cost-effectiveness, and ease of implementation. The increasing sophistication of cyberattacks and the need for proactive security measures are further bolstering demand for advanced anomaly detection solutions. While data privacy concerns and the complexity of integrating these solutions into existing IT infrastructure represent potential restraints, the overall market trajectory indicates a sustained period of expansion. Companies like SAS Institute, IBM, and Microsoft are actively shaping this market with their comprehensive offerings. The significant growth trajectory is expected to continue through 2033. The substantial investments in research and development by major players and the growing adoption across diverse sectors, including healthcare for predictive maintenance and anomaly detection in medical imaging, will continue to fuel the expansion. The competitive landscape is characterized by both established players offering comprehensive solutions and emerging niche players focusing on specific industry needs. This competitive dynamism fosters innovation and drives the development of more efficient and sophisticated anomaly detection technologies. While regional variations exist, North America and Europe currently hold a significant market share, with Asia-Pacific poised for rapid expansion due to increasing digitalization and investment in advanced technologies. This report provides a detailed analysis of the global anomaly detection market, projecting robust growth from $XXX million in 2025 to $YYY million by 2033. The study covers the historical period (2019-2024), base year (2025), and forecast period (2025-2033), offering invaluable insights for businesses navigating this rapidly evolving landscape. Keywords: Anomaly detection, machine learning, AI, cybersecurity, fraud detection, predictive analytics, data mining, big data analytics, real-time analytics. Recent developments include: June 2023: Wipro has launched a new suite of banking financial services built on Microsoft Cloud; the partnership will combine Microsoft Cloud capabilities with Wipro FullStride Cloud and leverage Wipro's and Capco's deep domain expertise in financial services. And develop new solutions to help financial services clients accelerate growth and deepen client relationships., June 2023: Cisco has announced delivering on its promise of the AI-driven Cisco Security Cloud to simplify cybersecurity and empower people to do their best work from anywhere, regardless of the increasingly sophisticated threat landscape. Cisco invests in cutting-edge artificial intelligence and machine learning innovations that will empower security teams by simplifying operations and increasing efficacy.. Key drivers for this market are: Increasing Number of Cyber Crimes, Increasing Adoption of Anomaly Detection Solutions in Software Testing. Potential restraints include: Open Source Alternatives Pose as a Threat. Notable trends are: BFSI is Expected to Hold a Significant Part of the Market Share.

Here we present a dataset, MNIST4OD, of large size (number of dimensions and number of instances) suitable for Outliers Detection task.The dataset is based on the famous MNIST dataset (http://yann.lecun.com/exdb/mnist/).We build MNIST4OD in the following way:To distinguish between outliers and inliers, we choose the images belonging to a digit as inliers (e.g. digit 1) and we sample with uniform probability on the remaining images as outliers such as their number is equal to 10% of that of inliers. We repeat this dataset generation process for all digits. For implementation simplicity we then flatten the images (28 X 28) into vectors.Each file MNIST_x.csv.gz contains the corresponding dataset where the inlier class is equal to x.The data contains one instance (vector) in each line where the last column represents the outlier label (yes/no) of the data point. The data contains also a column which indicates the original image class (0-9).See the following numbers for a complete list of the statistics of each datasets ( Name | Instances | Dimensions | Number of Outliers in % ):MNIST_0 | 7594 | 784 | 10MNIST_1 | 8665 | 784 | 10MNIST_2 | 7689 | 784 | 10MNIST_3 | 7856 | 784 | 10MNIST_4 | 7507 | 784 | 10MNIST_5 | 6945 | 784 | 10MNIST_6 | 7564 | 784 | 10MNIST_7 | 8023 | 784 | 10MNIST_8 | 7508 | 784 | 10MNIST_9 | 7654 | 784 | 10

Paragraph 1: The market for Anomaly Detection Technology is projected to reach a valuation of 7290 million by 2033, expanding at a steady 4.8% CAGR over the forecast period. This growth is primarily driven by the increasing adoption of advanced technologies such as Big Data Analytics, Machine Learning, and Artificial Intelligence in various industries. Anomaly Detection Technology enables organizations to identify and analyze deviations from normal patterns within their data, providing valuable insights for fraud detection, security threat monitoring, and operational efficiency. Paragraph 2: The market is segmented based on Type, Application, and Region. In terms of Type, Machine Learning and Artificial Intelligence account for the largest share, followed by Big Data Analytics. By Application, BFSI (Banking, Financial Services, and Insurance) holds the dominant position due to the critical importance of fraud detection and security. However, the Healthcare and IT & Telecom sectors are expected to experience significant growth in the coming years. Geographically, North America is the largest market, followed by Asia Pacific. The increasing adoption of cloud-based Anomaly Detection solutions and the growing awareness of cybersecurity threats are contributing to the overall market growth. This report offers a comprehensive analysis of the global anomaly detection technology market, providing insights into its current state and future prospects. The report covers market segmentation by type, application, and region, along with detailed analysis of industry trends, drivers, challenges, and growth catalysts. Key market players are profiled, and significant developments in the sector are highlighted.

Snapshot img

Anomaly Detection Market Size 2025-2029

The anomaly detection market size is forecast to increase by USD 4.44 billion at a CAGR of 14.4% between 2024 and 2029.

The market is experiencing significant growth, particularly in the BFSI sector, as organizations increasingly prioritize identifying and addressing unusual patterns or deviations from normal business operations. The rising incidence of internal threats and cyber frauds necessitates the implementation of advanced anomaly detection tools to mitigate potential risks and maintain security. However, implementing these solutions comes with challenges, primarily infrastructural requirements. Ensuring compatibility with existing systems, integrating new technologies, and training staff to effectively utilize these tools pose significant hurdles for organizations.
Despite these challenges, the potential benefits of anomaly detection, such as improved risk management, enhanced operational efficiency, and increased security, make it an essential investment for businesses seeking to stay competitive and agile in today's complex and evolving threat landscape. Companies looking to capitalize on this market opportunity must carefully consider these challenges and develop strategies to address them effectively. Cloud computing is a key trend in the market, as cloud-based solutions offer quick deployment, flexibility, and scalability.

What will be the Size of the Anomaly Detection Market during the forecast period?

Explore in-depth regional segment analysis with market size data - historical 2019-2023 and forecasts 2025-2029 - in the full report.
Request Free Sample

In the dynamic and evolving market, advanced technologies such as resource allocation, linear regression, pattern recognition, and support vector machines are increasingly being adopted for automated decision making. Businesses are leveraging these techniques to enhance customer experience through behavioral analytics, object detection, and sentiment analysis. Machine learning algorithms, including random forests, naive Bayes, decision trees, clustering algorithms, and k-nearest neighbors, are essential tools for risk management and compliance monitoring. AI-powered analytics, time series forecasting, and predictive modeling are revolutionizing business intelligence, while process optimization is achieved through the application of decision support systems, natural language processing, and predictive analytics.
Computer vision, image recognition, logistic regression, and operational efficiency are key areas where principal component analysis and artificial technoogyneural networks contribute significantly. Speech recognition and operational efficiency are also benefiting from these advanced technologies, enabling businesses to streamline processes and improve overall performance.

How is this Anomaly Detection Industry segmented?

The anomaly detection industry research report provides comprehensive data (region-wise segment analysis), with forecasts and estimates in 'USD million' for the period 2025-2029, as well as historical data from 2019-2023 for the following segments.

Deployment

  Cloud
  On-premises


Component

  Solution
  Services


End-user

  BFSI
  IT and telecom
  Retail and e-commerce
  Manufacturing
  Others


Technology

  Big data analytics
  AI and ML
  Data mining and business intelligence


Geography

  North America

    US
    Canada
    Mexico


  Europe

    France
    Germany
    Spain
    UK


  APAC

    China
    India
    Japan


  Rest of World (ROW)

By Deployment Insights

The cloud segment is estimated to witness significant growth during the forecast period. The market is witnessing significant growth due to the increasing adoption of advanced technologies such as machine learning models, statistical methods, and real-time monitoring. These technologies enable the identification of anomalous behavior in real-time, thereby enhancing network security and data privacy. Anomaly detection algorithms, including unsupervised learning, reinforcement learning, and deep learning networks, are used to identify outliers and intrusions in large datasets. Data security is a major concern, leading to the adoption of data masking, data pseudonymization, data de-identification, and differential privacy.

Data leakage prevention and incident response are critical components of an effective anomaly detection system. False positive and false negative rates are essential metrics to evaluate the performance of these systems. Time series analysis and concept drift are important techniques used in anomaly detection. Data obfuscation, data suppression, and data aggregation are other strategies employed to maintain data privacy. Companies such as Anodot, Cisco Systems Inc, IBM Corp, and SAS Institute Inc offer both cloud-based and on-premises anomaly detection solutions. These soluti

The global anomaly detection technology market is experiencing robust growth, projected to reach $4825.8 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 4.7% from 2025 to 2033. This expansion is driven by the increasing volume and complexity of data generated across diverse sectors, coupled with rising cybersecurity threats and the imperative for proactive risk management. Key drivers include the escalating adoption of cloud computing, the proliferation of IoT devices, and the growing demand for real-time insights to enhance operational efficiency and prevent disruptions. The BFSI (Banking, Financial Services, and Insurance) sector, along with manufacturing and healthcare, represent significant market segments, fueled by their reliance on secure data handling and the need to identify fraudulent activities or system anomalies promptly. Technological advancements in machine learning (ML), artificial intelligence (AI), and big data analytics are further propelling market growth, enabling more sophisticated anomaly detection capabilities. The market's segmentation by application reveals a diverse landscape. BFSI's strong adoption stems from the critical need for fraud detection and risk mitigation. The manufacturing sector leverages anomaly detection for predictive maintenance and process optimization, while healthcare utilizes it for early disease detection and improved patient care. The government sector focuses on cybersecurity and threat intelligence. Competition is fierce, with established players like IBM, Dell Technologies, and Cisco alongside specialized security firms like Splunk, Rapid7, and Darktrace vying for market share. The geographical distribution showcases strong growth in North America and Europe, driven by high technological adoption and stringent data security regulations. However, Asia-Pacific is poised for significant expansion, driven by increasing digitalization and economic growth in countries like India and China. The continued development of AI-driven solutions and the expansion into emerging markets will shape the future trajectory of the anomaly detection technology market.

We present a large-scale anomaly detection dataset collected from IBM Cloud's Console over approximately 4.5 months. This high-dimensional dataset captures telemetry data from multiple data centers, specifically designed to aid researchers in developing and benchmarking anomaly detection methods in large-scale cloud environments. It contains 39,365 entries, each representing a 5-minute interval, with 117,448 features/attributes, as interval_start is used as the index. The dataset includes detailed information on request counts, HTTP response codes, and various aggregated statistics. The dataset also includes labeled anomaly events identified through IBM's internal monitoring tools, providing a comprehensive resource for real-world anomaly detection research and evaluation.

File Descriptions

• location_downtime.csv - Details planned and unplanned downtimes for IBM Cloud data centers, including start and end times in ISO 8601 format.
• unpivoted_data.parquet - Contains raw telemetry data with 413 million+ rows, covering details like location, HTTP status codes, request types, and aggregated statistics (min, max, median response times).
• anomaly_windows.csv - Ground truth for anomalies, listing start and end times of recorded anomalies, categorized by source (Issue Tracker, Instant Messenger, Test Log).
• pivoted_data_all.parquet - Pivoted version of the telemetry dataset with 39,365 rows and 117,449 columns, including aggregated statistics across multiple metrics and intervals.
• demo/demo.[ipynb|html]: This demo file provides examples of how to access data in the Parquet files, available in Jupyter Notebook (.ipynb) and HTML (.html) formats, respectively.

Further details of the dataset can be found in Appendix B: Dataset Characteristics of the paper titled "Anomaly Detection in Large-Scale Cloud Systems: An Industry Case and Dataset." Sample code for training anomaly detectors using this data is provided in this package.

When using the dataset, please cite it as follows:

@misc{islam2024anomaly,
   title={Anomaly Detection in Large-Scale Cloud Systems: An Industry Case and Dataset}, 
   author={Mohammad Saiful Islam and Mohamed Sami Rakha and William Pourmajidi and Janakan Sivaloganathan and John Steinbacher and Andriy Miranskyy},
   year={2024},
   eprint={2411.09047},
   archivePrefix={arXiv},
   url={https://arxiv.org/abs/2411.09047}
}

The global anomaly detection technology market size was valued at USD 4,910 million in 2025 and is projected to grow from USD 4730 million in 2023 to USD 7,960 million by 2033, exhibiting a CAGR of 4.9% during the forecast period. The increasing adoption of cloud computing and big data analytics, coupled with the rising demand for advanced security solutions to detect and prevent cyber threats, is driving the growth of the anomaly detection technology market. Additionally, the growing need for fraud detection and prevention in various industries, such as banking, healthcare, and retail, is further contributing to the market growth. Key market trends include the increasing adoption of artificial intelligence (AI) and machine learning (ML) in anomaly detection solutions, the growth of the managed security services market, and the emergence of new technologies such as blockchain and distributed ledger technology (DLT). The adoption of AI and ML enables anomaly detection solutions to learn from historical data and identify patterns and anomalies in real time, thereby improving the accuracy and efficiency of anomaly detection. The growth of the managed security services market is creating opportunities for anomaly detection technology providers to offer their solutions as a part of managed security services, providing customers with a comprehensive security solution. Additionally, the emergence of new technologies such as blockchain and DLT is creating new opportunities for anomaly detection technology providers to develop innovative solutions for data integrity and security.

This repository contains the datasets used to train and validate a microservices anomaly detection model, which can detect anomalies in both services and applications.

The unsupervised learning market is experiencing robust growth, driven by the increasing need for businesses to extract meaningful insights from large, unstructured datasets. This market is projected to be valued at approximately $15 billion in 2025, exhibiting a Compound Annual Growth Rate (CAGR) of 25% from 2025 to 2033. This significant expansion is fueled by several key factors. The proliferation of big data and the need for efficient data analysis are primary drivers. Businesses across various sectors, including finance, healthcare, and retail, are increasingly adopting unsupervised learning techniques like clustering and anomaly detection to identify patterns, predict customer behavior, and optimize operational efficiency. Furthermore, advancements in machine learning algorithms, improved computational power, and the availability of cloud-based solutions are further accelerating market growth. The segment dominated by cloud-based solutions is growing faster than the on-premise segment, reflecting a broader industry shift toward cloud computing and its scalability advantages. Large enterprises represent a significant portion of the market, owing to their greater resources and willingness to invest in sophisticated analytics capabilities. However, challenges remain, including the complexity of implementing and interpreting unsupervised learning models, the need for specialized expertise, and concerns regarding data privacy and security. Despite these challenges, the long-term outlook for the unsupervised learning market remains positive. The continuous evolution of machine learning algorithms and the increasing availability of user-friendly tools are expected to lower the barrier to entry for businesses of all sizes. Furthermore, the growing adoption of artificial intelligence (AI) across various industries will further fuel demand for unsupervised learning solutions. The market is witnessing considerable geographic expansion, with North America currently holding a significant market share due to the presence of major technology companies and a well-established IT infrastructure. However, other regions, particularly Asia-Pacific, are also witnessing substantial growth, driven by rapid digitalization and increasing investment in data analytics. Competition in the market is intense, with established players like Microsoft, IBM, and Google vying for market share alongside specialized vendors like RapidMiner and H2o.ai. The continued innovation and development of advanced algorithms and platforms will shape the competitive landscape in the coming years.

For the purposes of this paper, the National Airspace System (NAS) encompasses the operations of all aircraft which are subject to air traffic control procedures. The NAS is a highly complex dynamic system that is sensitive to aeronautical decision-making and risk management skills. In order to ensure a healthy system with safe flights a systematic approach to anomaly detection is very important when evaluating a given set of circumstances and for determination of the best possible course of action. Given the fact that the NAS is a vast and loosely integrated network of systems, it requires improved safety assurance capabilities to maintain an extremely low accident rate under increasingly dense operating conditions. Data mining based tools and techniques are required to support and aid operators’ (such as pilots, management, or policy makers) overall decision-making capacity. Within the NAS, the ability to analyze fleetwide aircraft data autonomously is still considered a significantly challenging task. For our purposes a fleet is defined as a group of aircraft sharing generally compatible parameter lists. Here, in this effort, we aim at developing a system level analysis scheme. In this paper we address the capability for detection of fleetwide anomalies as they occur, which itself is an important initiative toward the safety of the real-world flight operations. The flight data recorders archive millions of data points with valuable information on flights everyday. The operational parameters consist of both continuous and discrete (binary & categorical) data from several critical subsystems and numerous complex procedures. In this paper, we discuss a system level anomaly detection approach based on the theory of kernel learning to detect potential safety anomalies in a very large data base of commercial aircraft. We also demonstrate that the proposed approach uncovers some operationally significant events due to environmental, mechanical, and human factors issues in high dimensional, multivariate Flight Operations Quality Assurance (FOQA) data. We present the results of our detection algorithms on real FOQA data from a regional carrier.

The anomaly detection market is experiencing robust growth, projected to reach $2325.4 million in 2025 and exhibiting a Compound Annual Growth Rate (CAGR) of 8.7% from 2019 to 2033. This expansion is fueled by several key factors. The increasing volume and complexity of data generated by organizations across various sectors necessitate advanced solutions for identifying security threats, operational inefficiencies, and fraudulent activities. Furthermore, the rising adoption of cloud computing and the proliferation of connected devices amplify the need for real-time anomaly detection capabilities. The market is driven by the need for proactive threat mitigation, improved operational efficiency, and enhanced fraud prevention. Companies are increasingly investing in sophisticated AI and machine learning-based solutions to improve accuracy and reduce false positives. The market's growth is also influenced by regulatory compliance mandates requiring robust security measures and data protection across various industries. Several segments contribute to the market's growth. While specific segment data is unavailable, we can infer that the market likely comprises solutions tailored for network security, cloud security, IT operations, and fraud detection. The competitive landscape is characterized by a mix of established players like IBM, SAS Institute, and Splunk, alongside emerging companies offering specialized solutions. The market's competitive intensity is moderate, with opportunities for both established and new players to innovate and capture market share. The continuing advancements in artificial intelligence, machine learning, and big data analytics will be key drivers in shaping the future of anomaly detection, leading to more sophisticated and accurate solutions capable of handling the ever-increasing volume and complexity of data. Geographical expansion, particularly in emerging markets with growing digital infrastructure, will further drive market expansion.

The world-wide aviation system is one of the most complex dynamical systems ever developed and is generating data at an extremely rapid rate. Most modern commercial aircraft record several hundred flight parameters including information from the guidance, navigation, and control systems, the avionics and propulsion systems, and the pilot inputs into the aircraft. These parameters may be continuous measurements or binary or categorical measurements recorded in one second intervals for the duration of the flight. Currently, most approaches to aviation safety are reactive, meaning that they are designed to react to an aviation safety incident or accident. Here, we discuss a novel approach based on the theory of multiple kernel learning to detect potential safety anomalies in very large data bases of discrete and continuous data from world-wide operations of commercial fleets. We pose a general anomaly detection problem which includes both discrete and continuous data streams, where we assume that the discrete streams have a causal influence on the continuous streams. We also assume that atypical sequence of events in the discrete streams can lead to off-nominal system performance. We discuss the application _domain, novel algorithms, and also briefly discuss results on synthetic and real-world data sets. Our algorithm uncovers operationally significant events in high dimensional data streams in the aviation industry which are not detectable using state of the art methods.

An Integrated Science Data Analytics Platform is an environment that enables the confluence of resources for scientific investigation. It harmonizes data, tools and computational resources to enable the research community to focus on the investigation rather than spending time on security, data preparation, management, etc. OceanWorks is a NASA technology integration project to establish a cloud-based Integrated Ocean Science Data Analytics Platform for big ocean science at NASA’s Physical Oceanography Distributed Active Archive Center (PO.DAAC) for big ocean science. It focuses on advancement and maturity by bringing together several NASA open-source, big data projects for parallel analytics, anomaly detection, in situ to satellite data matchup, quality-screened data subsetting, search relevancy, and data discovery. Our communities are relying on data available through distributed data centers to conduct their research. In typical investigations, scientists would (1) search for data, (2) evaluate the relevance of that data, (3) download it, and (4) then apply algorithms to identify trends, anomalies, or other attributes of the data. Such a workflow cannot scale if the research involves a massive amount of data or multi-variate measurements. With the upcoming NASA Surface Water and Ocean Topography (SWOT) mission expected to produce over 20PB of observational data during its 3-year nominal mission, the volume of data will challenge all existing Earth Science data archival, distribution and analysis paradigms. This paper discusses how OceanWorks enhances the analysis of physical ocean data where the computation is done on an elastic cloud platform next to the archive to deliver fast, web-accessible services for working with oceanographic measurements.

CESNET-TimeSeries24: The dataset for network traffic forecasting and anomaly detection

The dataset called CESNET-TimeSeries24 was collected by long-term monitoring of selected statistical metrics for 40 weeks for each IP address on the ISP network CESNET3 (Czech Education and Science Network). The dataset encompasses network traffic from more than 275,000 active IP addresses, assigned to a wide variety of devices, including office computers, NATs, servers, WiFi routers, honeypots, and video-game consoles found in dormitories. Moreover, the dataset is also rich in network anomaly types since it contains all types of anomalies, ensuring a comprehensive evaluation of anomaly detection methods.

Last but not least, the CESNET-TimeSeries24 dataset provides traffic time series on institutional and IP subnet levels to cover all possible anomaly detection or forecasting scopes. Overall, the time series dataset was created from the 66 billion IP flows that contain 4 trillion packets that carry approximately 3.7 petabytes of data. The CESNET-TimeSeries24 dataset is a complex real-world dataset that will finally bring insights into the evaluation of forecasting models in real-world environments.

Please cite the usage of our dataset as:

Koumar, J., Hynek, K., Čejka, T. et al. CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting. Sci Data 12, 338 (2025). https://doi.org/10.1038/s41597-025-04603-x

@Article{cesnettimeseries24,
author={Koumar, Josef and Hynek, Karel and {\v{C}}ejka, Tom{\'a}{\v{s}} and {\v{S}}i{\v{s}}ka, Pavel},
title={CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting},
journal={Scientific Data},
year={2025},
month={Feb},
day={26},
volume={12},
number={1},
pages={338},
issn={2052-4463},
doi={10.1038/s41597-025-04603-x},
url={https://doi.org/10.1038/s41597-025-04603-x}
}

Time series

We create evenly spaced time series for each IP address by aggregating IP flow records into time series datapoints. The created datapoints represent the behavior of IP addresses within a defined time window of 10 minutes. The vector of time-series metrics v_{ip, i} describes the IP address ip in the i-th time window. Thus, IP flows for vector v_{ip, i} are captured in time windows starting at t_i and ending at t_{i+1}. The time series are built from these datapoints.

Datapoints created by the aggregation of IP flows contain the following time-series metrics:

• Simple volumetric metrics: the number of IP flows, the number of packets, and the transmitted data size (i.e. number of bytes)
• Unique volumetric metrics: the number of unique destination IP addresses, the number of unique destination Autonomous System Numbers (ASNs), and the number of unique destination transport layer ports. The aggregation of \textit{Unique volumetric metrics} is memory intensive since all unique values must be stored in an array. We used a server with 41 GB of RAM, which was enough for 10-minute aggregation on the ISP network.
• Ratios metrics: the ratio of UDP/TCP packets, the ratio of UDP/TCP transmitted data size, the direction ratio of packets, and the direction ratio of transmitted data size
• Average metrics: the average flow duration, and the average Time To Live (TTL)

Multiple time aggregation: The original datapoints in the dataset are aggregated by 10 minutes of network traffic. The size of the aggregation interval influences anomaly detection procedures, mainly the training speed of the detection model. However, the 10-minute intervals can be too short for longitudinal anomaly detection methods. Therefore, we added two more aggregation intervals to the datasets--1 hour and 1 day.

Time series of institutions: We identify 283 institutions inside the CESNET3 network. These time series aggregated per each institution ID provide a view of the institution's data.

Time series of institutional subnets: We identify 548 institution subnets inside the CESNET3 network. These time series aggregated per each institution ID provide a view of the institution subnet's data.

Data Records

The file hierarchy is described below:

cesnet-timeseries24/

|- institution_subnets/

| |- agg_10_minutes/

| |- agg_1_hour/

| |- agg_1_day/

| |- identifiers.csv

|- institutions/

| |- agg_10_minutes/

| |- agg_1_hour/

| |- agg_1_day/

| |- identifiers.csv

|- ip_addresses_full/

| |- agg_10_minutes/

| |- agg_1_hour/

| |- agg_1_day/

| |- identifiers.csv

|- ip_addresses_sample/

| |- agg_10_minutes/

| |- agg_1_hour/

| |- agg_1_day/

| |- identifiers.csv

|- times/

| |- times_10_minutes.csv

| |- times_1_hour.csv

| |- times_1_day.csv

|- ids_relationship.csv
|- weekends_and_holidays.csv

The following list describes time series data fields in CSV files:

• id_time: Unique identifier for each aggregation interval within the time series, used to segment the dataset into specific time periods for analysis.
• n_flows: Total number of flows observed in the aggregation interval, indicating the volume of distinct sessions or connections for the IP address.
• n_packets: Total number of packets transmitted during the aggregation interval, reflecting the packet-level traffic volume for the IP address.
• n_bytes: Total number of bytes transmitted during the aggregation interval, representing the data volume for the IP address.
• n_dest_ip: Number of unique destination IP addresses contacted by the IP address during the aggregation interval, showing the diversity of endpoints reached.
• n_dest_asn: Number of unique destination Autonomous System Numbers (ASNs) contacted by the IP address during the aggregation interval, indicating the diversity of networks reached.
• n_dest_port: Number of unique destination transport layer ports contacted by the IP address during the aggregation interval, representing the variety of services accessed.
• tcp_udp_ratio_packets: Ratio of packets sent using TCP versus UDP by the IP address during the aggregation interval, providing insight into the transport protocol usage pattern. This metric belongs to the interval <0, 1> where 1 is when all packets are sent over TCP, and 0 is when all packets are sent over UDP.
• tcp_udp_ratio_bytes: Ratio of bytes sent using TCP versus UDP by the IP address during the aggregation interval, highlighting the data volume distribution between protocols. This metric belongs to the interval <0, 1> with same rule as tcp_udp_ratio_packets.
• dir_ratio_packets: Ratio of packet directions (inbound versus outbound) for the IP address during the aggregation interval, indicating the balance of traffic flow directions. This metric belongs to the interval <0, 1>, where 1 is when all packets are sent in the outgoing direction from the monitored IP address, and 0 is when all packets are sent in the incoming direction to the monitored IP address.
• dir_ratio_bytes: Ratio of byte directions (inbound versus outbound) for the IP address during the aggregation interval, showing the data volume distribution in traffic flows. This metric belongs to the interval <0, 1> with the same rule as dir_ratio_packets.
• avg_duration: Average duration of IP flows for the IP address during the aggregation interval, measuring the typical session length.
• avg_ttl: Average Time To Live (TTL) of IP flows for the IP address during the aggregation interval, providing insight into the lifespan of packets.

Moreover, the time series created by re-aggregation contains following time series metrics instead of n_dest_ip, n_dest_asn, and n_dest_port:

• sum_n_dest_ip: Sum of numbers of unique destination IP addresses.
• avg_n_dest_ip: The average number of unique destination IP addresses.
• std_n_dest_ip: Standard deviation of numbers of unique destination IP addresses.
• sum_n_dest_asn: Sum of numbers of unique destination ASNs.
• avg_n_dest_asn: The average number of unique destination ASNs.
• std_n_dest_asn: Standard deviation of numbers of unique destination ASNs)
• sum_n_dest_port: Sum of numbers of unique destination transport layer ports.
• avg_n_dest_port: The average number of unique destination transport layer ports.
• std_n_dest_port: Standard deviation of numbers of unique destination transport layer