ITML’s Deep Anomaly Detection Module is a powerful AI engine designed for detecting rare or unexpected behaviors in complex, sequential datasets — particularly suited to cybersecurity, IoT, and resource monitoring scenarios. Developed within the TEACHING project, the module operates as an unsupervised intrusion detection system, leveraging autoencoders combined with LSTM networks to learn the normal behavior of time-series data and flag deviations as potential anomalies.

At its core, the module adopts the “learning feature representations of normality” paradigm, using a deep LSTM-Autoencoder (LSTM-AE) architecture. This setup is optimized for multivariate sensor data and can track long-term dependencies in time-series streams — critical for accurate detection of subtle or delayed anomalies. By compressing input data into low-dimensional embeddings and reconstructing it, the model evaluates reconstruction error to infer how well new data conforms to the learned patterns of normal behavior.

Once trained on “normal” data, the system uses the Mahalanobis distance to transform reconstruction errors into anomaly scores, offering a more nuanced detection mechanism than binary classification. This statistical approach models normal error distributions and flags data points based on probabilistic thresholds, enhancing precision and recall. The architecture avoids the need for large labelled datasets, making it practical for real-world deployments where anomalies are rare and hard to annotate.

Originally deployed for monitoring network traffic and detecting intrusions as part of an AI-as-a-Service cybersecurity toolkit, the module’s design is general enough for broader use cases. These include biometric anomaly detection, runtime deviation monitoring, resource consumption tracking, or any scenario involving high-dimensional, unlabelled sequential data. The combination of deep learning, statistical modeling, and unsupervised training makes this module a highly effective and flexible solution for modern anomaly detection needs.