The Anomaly Detection service is a multi-tenant service that analyzes large volume of multivariate or univariate time series data.

The Anomaly Detection is, accessible over public ReST APIs by authenticated users by using the OCI CLI, SDK or Console. The service is powered by machine learning (ML) and statistical algorithms that understand the complex relationships between different signals in diverse system components. The Anomaly Detection service increases the reliability of businesses by monitoring their critical assets and detecting anomalies early with high precision.

What is Anomaly Detection?

Anomaly detection is the identification of rare items, events, or observations in data that differ significantly from the expectation.

The Anomaly Detection service is designed to help with analyzing large amounts of data and identifying the anomalies at the earliest possible time with maximum accuracy.

The use of the Anomaly Detection service spans across different sectors such as the following:

  • Utility

  • Oil and Gas

  • Transportation

  • Manufacturing

  • Telecommunications

  • Banking

  • Insurance

  • Web Businesses

  • E-commerce

In each of these sectors, you can use the Anomaly Detection service to identify undesirable business incidents and observations, and provide the magnitude of anomaly as the difference between expected and actual values. Anomaly Detection helps you define business-specific alerts and actions. It also helps you to identify anomalies in multivariate and univariate datasets by either taking advantage of interrelationships between signals or by identifying trend in individual signals.

The anomaly detection service uses an innovative statistical method that helps to identify anomalies at the earliest possible time. Also, it productizes univariate and multivariate state estimation methods with sequential probability ratio test techniques, see key terms.

Anomaly Detection Concepts

Learn how Anomaly Detection service to effortlessly organize resources within projects, maintain data assets, train anomaly detection models, and detect anomalies seamlessly.

The Anomaly Detection service provides the infrastructure for maintaining them without the need for in-house Data Science or machine learning specialists.

You create a project to be a container for the models that you train, and then detect results using the trained model as follows:

This image shows the anomaly detection process shown in four phases. The phases are defined and described in the following table. Data sources and signals from the sensors are shown on the left, and end users are shown on the right. The process flows through the diagram from left to right.

Projects are collaborative resources for organizing and documenting assets, such as models.

Data Assets

An abstracted data format to contain meta information of the actual data source for model training; it supports multiple types of data sources. The supported data sources are Oracle Object Storage, Oracle Autonomous Transaction Processing, and InfluxDB.


Models define a mathematical representation of a data and business process. They detect anomalies in univariate and multivariate time series data. Models are created as a result of training.

Private Endpoints

Allows you to set up private access to the Anomaly Detection service for data security.


Jobs enable creation of detection jobs for large datasets up to 10 million data points (signals * timestamps).


Use a dataset to create a machine learning model using a multivariate or univariate Anomaly Detection service algorithms.


Identify anomalies in a dataset by using a pretrained multivariate or univariate model.

Show the difference between detecting anomalies with small and large datasets.

Key Terms

Review these terms used by the core Machine Learning (ML) engine in the Anomaly Detection service:



Univariate analysis

A pattern recognition method that learns one signal in a dataset of time series data.

Multivariate State Estimation Technique (MSET)

An advanced pattern recognition method that learns the correlation between multiple signals over a large dataset of time series data. It provides accurate estimates for a specific timestamp.

Asynchronous inferencing

Inferencing performed asynchronously, where anomalies are detected and later the detection results are retrieved. It provides accurate results over very large datasets.

Sequential Probability Ratio Test (SPRT)

A method that takes the estimates generated by MSET and compares them against the original signal value at a particular timestamp to decide whether the signal value is an anomaly.

Intelligent Data Preprocessing (IDP) techniques

A combination of different data preprocessing techniques to resolve different data quality issues from the data before training the model. IDP includes the 3 methods defined in the 3 rows. For example, ARP, MVI, and UNQ.

Analytical Resampling Process (ARP)

Used for aligning the signal values in a time series dataset with multiple signals that emit data that are not synchronized. Commonly used when clock out of sync problems exist.

Missing Value Imputation (MVI)

Used for deriving the missing sensor data in a dataset. Commonly used when signals are not reported because of component failures.

UnQuantization (UnQ)

Used for improving the quality of low-resolution input signals to a higher resolution. Commonly used in IoT applications where sensors send low-resolution signals.

Asynchronous Inference

Perform inferencing asynchronously, and then retrieve inferencing results.

One Class Support Vector Machine (SVM)

SVM \is a one-class classifier is used for detecting anomalies. When SVM is used for anomaly detection, it has the classification machine learning technique but no target.

One Class Support Vector Machine (SVM)

Asynchronous Detection

Detection performed asynchronously, where anomalies are detected and later the detection results are retrieved. It provides accurate results over very large datasets.

Synchronous Detection

Detection performed synchronously, where anomalies are detected and the detection results are immediately retrieved.

Regions and Availability Domains

OCI services are hosted in regions and availability domains. A region  is a localized geographic area, and an availability domain  is one or more data centers located in that region.

Anomaly Detection is hosted in these regions:

  • Australia East (Sydney)

  • Australia Southeast (Melbourne)

  • Brazil East (Sao Paulo)

  • Brazil Southeast (Vinhedo)

  • Canada Southeast (Montreal)

  • Canada Southeast (Toronto)

  • Chile Central (Santiago)

  • France Central (Paris)

  • France South (Marseille)

  • Germany Central (Frankfurt)

  • India South (Hyderabad)

  • India West (Mumbai)

  • Israel Central (Jerusalem)

  • Italy Northwest (Milan)

  • Japan Central (Osaka)

  • Japan East (Tokyo)

  • Mexico Central (Queretaro)

  • Netherlands Northwest (Amsterdam)

  • Saudi Arabia West (Jeddah)

  • Singapore (Singapore)

  • South Africa Central (Johannesburg)

  • South Korea Central (Seoul)

  • South Korea North (Chuncheon)

  • Spain Central (Madrid)

  • Sweden Central (Stockholm)

  • Switzerland North (Zurich)

  • UAE Central (Abu Dhabi)

  • UAE East (Dubai)

  • UK South (London)

  • US East (Ashburn)

  • US Midwest (Chicago)

  • US West (Phoenix)

  • US West (San Jose)

Resource Identifiers

The Anomaly Detection service supports private endpoints, data assets, models, and asynchronous jobs as OCI resources. Most types of resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID). For information about the OCID format and other ways to identify your resources, see Resource Identifiers.

Ways to Access Oracle Cloud Infrastructure

You can access OCI using the Console (a browser-based interface), the command line interface (CLI), or the REST API. Instructions for the Console, CLI, and API are included in topics throughout this guide. For a list of available SDKs, see Software Development Kits and Command Line Interface.

To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You are prompted to enter your cloud tenant, your user name, and your password.

For general information about using the CLI, see Command Line Interface (CLI). For general information about using the API, see REST APIs.

Authentication and Authorization

Each service in OCI integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups , compartments , and policies  that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, start instances, create buckets, download objects, and so on, see Getting Started with Policies.

If you’re a regular user (not an administrator) who needs to use the OCI resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.