Struct AnomalyGridConfig 

pub struct AnomalyGridConfig {
    pub max_order: usize,
    pub smoothing_alpha: f64,
    pub memory_limit: Option<usize>,
    pub min_probability: f64,
    pub likelihood_weight: f64,
    pub information_weight: f64,
    pub normalization_factor: f64,
    pub min_sequence_length: usize,
}

Configuration parameters for Anomaly Grid components

Fields

max_order: usize

Maximum context order for Markov model

smoothing_alpha: f64

Laplace smoothing parameter (alpha)

memory_limit: Option<usize>

Maximum number of contexts to store (None = unlimited)

min_probability: f64

Minimum probability for numerical stability

likelihood_weight: f64

Weight for likelihood component in anomaly strength calculation

information_weight: f64

Weight for information component in anomaly strength calculation

normalization_factor: f64

Normalization factor for tanh scaling in anomaly strength

min_sequence_length: usize

Minimum sequence length for training

Implementations

impl AnomalyGridConfig

pub fn new() -> Self

Create a new configuration with default values

pub fn for_small_alphabet() -> Self

Create a configuration optimized for small alphabets (≤ 10 states)

pub fn for_large_alphabet() -> Self

Create a configuration optimized for large alphabets (> 20 states)

pub fn for_low_memory() -> Self

Create a configuration optimized for memory-constrained environments

pub fn for_high_accuracy() -> Self

Create a configuration optimized for high accuracy

pub fn validate(&self) -> AnomalyGridResult<()>

Validate the configuration parameters

pub fn with_max_order(self, max_order: usize) -> AnomalyGridResult<Self>

Set max_order with validation

Examples found in repository

examples/multi_modal_anomaly_detection.rs (line 71)

fn create_multi_modal_detectors(
) -> Result<HashMap<String, AnomalyDetector>, Box<dyn std::error::Error>> {
    let mut detectors = HashMap::new();

    // Sequential pattern detector (high order)
    let sequential_config = AnomalyGridConfig::default()
        .with_max_order(6)?
        .with_smoothing_alpha(0.1)?
        .with_weights(0.9, 0.1)?;
    let sequential_detector = AnomalyDetector::with_config(sequential_config)?;
    detectors.insert("sequential".to_string(), sequential_detector);

    // Behavioral pattern detector (medium order)
    let behavioral_config = AnomalyGridConfig::default()
        .with_max_order(4)?
        .with_smoothing_alpha(0.3)?
        .with_weights(0.7, 0.3)?;
    let behavioral_detector = AnomalyDetector::with_config(behavioral_config)?;
    detectors.insert("behavioral".to_string(), behavioral_detector);

    // Temporal pattern detector (high order)
    let temporal_config = AnomalyGridConfig::default()
        .with_max_order(8)?
        .with_smoothing_alpha(0.2)?
        .with_weights(0.8, 0.2)?;
    let temporal_detector = AnomalyDetector::with_config(temporal_config)?;
    detectors.insert("temporal".to_string(), temporal_detector);

    // Network pattern detector (medium order)
    let network_config = AnomalyGridConfig::default()
        .with_max_order(5)?
        .with_smoothing_alpha(0.4)?
        .with_weights(0.6, 0.4)?;
    let network_detector = AnomalyDetector::with_config(network_config)?;
    detectors.insert("network".to_string(), network_detector);

    println!("🔧 Sequential detector: order 6, α=0.1, weights=(0.9,0.1)");
    println!("🧠 Behavioral detector: order 4, α=0.3, weights=(0.7,0.3)");
    println!("⏰ Temporal detector: order 8, α=0.2, weights=(0.8,0.2)");
    println!("🌐 Network detector: order 5, α=0.4, weights=(0.6,0.4)");

    Ok(detectors)
}

examples/quick_start.rs (line 18)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🚀 Anomaly Grid - Quick Start Example");
    println!("Demonstrating accurate anomaly detection with real patterns\n");

    // Create detector with optimal configuration for this example
    let config = AnomalyGridConfig::default()
        .with_max_order(3)? // Good balance of context and performance
        .with_smoothing_alpha(1.0)? // Standard Laplace smoothing
        .with_weights(0.7, 0.3)?; // Emphasize likelihood over information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Created detector with order 3 and optimized configuration");

    // Generate realistic training data with clear patterns
    let normal_patterns = generate_realistic_training_data();
    println!(
        "📚 Generated {} training sequences with realistic patterns",
        normal_patterns.len()
    );

    // Train the detector
    let train_start = Instant::now();
    detector.train(&normal_patterns)?;
    let train_time = train_start.elapsed();

    // Get training metrics
    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Test different scenarios with proper threshold tuning
    println!("\n🔍 Testing Anomaly Detection Scenarios");

    let test_scenarios = vec![
        ("Normal Pattern", generate_normal_sequence(), 0.1),
        ("Slight Deviation", generate_slight_deviation(), 0.05),
        ("Clear Anomaly", generate_clear_anomaly(), 0.01),
        ("Severe Anomaly", generate_severe_anomaly(), 0.001),
    ];

    for (scenario_name, test_sequence, threshold) in test_scenarios {
        println!("\n--- {} (threshold: {}) ---", scenario_name, threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();

        println!("Sequence: {:?}", test_sequence);
        println!("Detection time: {:?}", detect_time);

        if anomalies.is_empty() {
            println!("✅ No anomalies detected (normal behavior)");
        } else {
            println!("⚠️  {} anomalies detected:", anomalies.len());

            for (i, anomaly) in anomalies.iter().enumerate() {
                println!("   Anomaly {}: {:?}", i + 1, anomaly.sequence);
                println!("     - Likelihood: {:.6}", anomaly.likelihood);
                println!("     - Anomaly Strength: {:.3}", anomaly.anomaly_strength);
                println!("     - Information Score: {:.3}", anomaly.information_score);

                // Classify anomaly severity
                let severity = if anomaly.anomaly_strength > 0.8 {
                    "🚨 CRITICAL"
                } else if anomaly.anomaly_strength > 0.6 {
                    "⚠️  HIGH"
                } else if anomaly.anomaly_strength > 0.4 {
                    "⚡ MEDIUM"
                } else {
                    "📝 LOW"
                };

                println!("     - Severity: {}", severity);
            }
        }
    }

    // Demonstrate threshold sensitivity analysis
    println!("\n📊 Threshold Sensitivity Analysis");
    demonstrate_threshold_sensitivity(&detector)?;

    // Show mathematical properties
    println!("\n🔬 Mathematical Properties Validation");
    validate_mathematical_properties(&detector)?;

    println!("\n🎉 Quick start example completed successfully!");
    println!("💡 Key takeaways:");
    println!("   - Higher thresholds detect fewer, stronger anomalies");
    println!("   - Lower thresholds detect more, including weaker anomalies");
    println!("   - Anomaly strength combines likelihood and information content");
    println!("   - Detection is fast and mathematically sound");

    Ok(())
}

examples/industrial_iot_monitoring.rs (line 122)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🏭 Industrial IoT Monitoring with Anomaly Grid");
    println!("Predictive maintenance and equipment failure detection\n");

    // Generate 1 month of normal sensor data (reduced for performance)
    let normal_readings = generate_industrial_data(30);
    println!(
        "Generated {} sensor readings (1 month)",
        normal_readings.len()
    );

    // Initialize anomaly detection for IoT sensor data
    let mut detector = AnomalyDetector::new(4)?; // Order 4 for sensor patterns

    // Train on normal operational data
    // Train on normal operational patterns
    detector.train(&normal_readings)?;

    // Equipment monitoring scenarios
    println!("\n🔧 Equipment Health Monitoring");

    let equipment_scenarios = vec![
        ("Bearing Wear", generate_bearing_wear_pattern()),
        ("Vibration Anomaly", generate_vibration_anomaly()),
        ("Temperature Drift", generate_temperature_drift()),
        ("Pressure Fluctuation", generate_pressure_fluctuation()),
        ("Lubrication Failure", generate_lubrication_failure()),
        ("Motor Imbalance", generate_motor_imbalance()),
        ("Seal Degradation", generate_seal_degradation()),
    ];

    let mut maintenance_alerts = 0;
    let mut critical_failures_prevented = 0;

    for (equipment_issue, sensor_sequence) in equipment_scenarios {
        println!("\nMonitoring: {equipment_issue}");

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&sensor_sequence, 0.005)?; // Sensitive for safety
        let detect_time = detect_start.elapsed();

        if !anomalies.is_empty() {
            maintenance_alerts += 1;

            let severity = calculate_severity(&anomalies);
            let time_to_failure = estimate_time_to_failure(&sensor_sequence);
            let maintenance_cost = estimate_maintenance_cost(equipment_issue);

            println!("  ⚠️ MAINTENANCE ALERT");
            println!("  📊 Anomalies detected: {}", anomalies.len());
            println!("  Severity: {severity}");
            println!("  Time to failure: {time_to_failure} hours");
            println!("  Estimated maintenance cost: ${maintenance_cost:.0}");
            println!("  Detection time: {detect_time:?}");

            if severity == "CRITICAL" {
                critical_failures_prevented += 1;
                println!("  🚨 IMMEDIATE SHUTDOWN RECOMMENDED");
            }

            generate_maintenance_recommendation(equipment_issue, &severity, time_to_failure);
        } else {
            println!("  ✅ Equipment operating normally");
        }
    }

    // Production line monitoring
    println!("\n🏭 Production Line Monitoring");
    let production_data = generate_production_line_data();

    let line_start = Instant::now();
    let line_anomalies = detector.detect_anomalies(&production_data, 0.01)?;
    let line_time = line_start.elapsed();

    if !line_anomalies.is_empty() {
        let efficiency_impact = calculate_efficiency_impact(&line_anomalies);
        println!("Production anomalies detected: {}", line_anomalies.len());
        println!("Efficiency impact: {efficiency_impact:.1}%");
        println!("Detection time: {line_time:?}");
    } else {
        println!("Production line operating normally");
    }

    // Energy consumption monitoring
    println!("\n⚡ Energy Consumption Monitoring");
    let energy_data = generate_energy_consumption_data();

    let energy_start = Instant::now();
    let energy_anomalies = detector.detect_anomalies(&energy_data, 0.02)?;
    let energy_time = energy_start.elapsed();

    if !energy_anomalies.is_empty() {
        let energy_waste = calculate_energy_waste(&energy_anomalies);
        println!("Energy anomalies detected: {}", energy_anomalies.len());
        println!("Estimated energy waste: {energy_waste:.0} kWh");
        println!("Cost impact: ${:.2}", energy_waste * 0.12); // $0.12/kWh
        println!("Detection time: {energy_time:?}");
    } else {
        println!("Energy consumption within normal parameters");
    }

    // Batch processing for multiple machines
    println!("\n📦 Multi-Machine Batch Processing");
    let machine_data = vec![
        generate_machine_data("CNC_001"),
        generate_machine_data("PRESS_002"),
        generate_machine_data("ROBOT_003"),
        generate_machine_data("CONVEYOR_004"),
        generate_machine_data("WELDER_005"),
    ];

    let batch_start = Instant::now();
    let config = AnomalyGridConfig::default().with_max_order(6)?;
    let batch_results = batch_process_sequences(&machine_data, &config, 0.01)?;
    let batch_time = batch_start.elapsed();

    println!(
        "Processed {} machines in {:?}",
        machine_data.len(),
        batch_time
    );
    for (i, results) in batch_results.iter().enumerate() {
        let machine_names = [
            "CNC_001",
            "PRESS_002",
            "ROBOT_003",
            "CONVEYOR_004",
            "WELDER_005",
        ];
        println!(
            "  {}: {} anomalies detected",
            machine_names[i],
            results.len()
        );
    }

    // Summary and ROI calculation
    println!("\n📊 Predictive Maintenance Summary");
    println!("Maintenance alerts generated: {maintenance_alerts}");
    println!("Critical failures prevented: {critical_failures_prevented}");

    let downtime_prevented = critical_failures_prevented * 8; // 8 hours per failure
    let cost_savings = downtime_prevented as f64 * 5000.0; // $5000/hour downtime cost
    let maintenance_costs = maintenance_alerts as f64 * 2000.0; // $2000 per maintenance
    let net_savings = cost_savings - maintenance_costs;

    println!("Downtime prevented: {downtime_prevented} hours");
    println!("Cost savings: ${cost_savings:.0}");
    println!("Maintenance costs: ${maintenance_costs:.0}");
    println!("Net savings: ${net_savings:.0}");
    println!("ROI: {:.1}%", (net_savings / maintenance_costs) * 100.0);

    Ok(())
}

examples/behavioral_anomaly_detection.rs (line 22)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🧠 Behavioral Anomaly Detection with Mathematical Validation");
    println!("Learning user behavior patterns and detecting sophisticated anomalies\n");

    // Configure detector for behavioral pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(6)? // High order for complex behavioral sequences
        .with_smoothing_alpha(0.3)? // Low smoothing for precise pattern learning
        .with_weights(0.8, 0.2)?; // Emphasize likelihood for behavioral patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured behavioral detector with order 6 for complex patterns");

    // Phase 1: Generate and validate training data
    println!("\n📚 Phase 1: Training Data Generation and Validation");
    let (training_data, ground_truth) = generate_validated_behavioral_data();

    // Validate training data quality
    validate_training_data_quality(&training_data)?;

    println!("📊 Generated {} behavioral sequences", training_data.len());
    println!("🎯 Training data validation: PASSED");

    // Phase 2: Train and validate model convergence
    println!("\n🎯 Phase 2: Model Training and Convergence Validation");
    let train_start = Instant::now();
    detector.train(&training_data)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Behavioral patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate model convergence
    validate_model_convergence(&detector, &training_data)?;

    // Phase 3: Rigorous anomaly detection testing
    println!("\n🔬 Phase 3: Rigorous Anomaly Detection Testing");

    let test_scenarios = vec![
        (
            "Normal User Behavior",
            generate_normal_user_session(),
            false,
            0.1,
        ),
        (
            "Account Compromise",
            generate_account_compromise(),
            true,
            0.05,
        ),
        (
            "Insider Threat",
            generate_insider_threat_behavior(),
            true,
            0.02,
        ),
        ("Bot/Automation", generate_bot_behavior(), true, 0.01),
        (
            "Social Engineering",
            generate_social_engineering(),
            true,
            0.03,
        ),
        (
            "Privilege Escalation",
            generate_privilege_escalation_behavior(),
            true,
            0.02,
        ),
        (
            "Data Exfiltration",
            generate_data_exfiltration_behavior(),
            true,
            0.01,
        ),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, test_sequence, is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Comprehensive validation and metrics
    println!("\n📊 Phase 4: Comprehensive Validation and Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Advanced behavioral analysis
    println!("\n🧬 Phase 5: Advanced Behavioral Analysis");
    perform_behavioral_pattern_analysis(&detector)?;

    // Phase 6: Threshold optimization
    println!("\n⚙️ Phase 6: Threshold Optimization");
    let optimal_threshold = optimize_detection_threshold(&detector)?;
    println!("🎯 Optimal threshold: {:.4}", optimal_threshold);

    // Phase 7: Robustness testing
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_detection_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_detection_performance(&detector)?;

    // Final validation summary
    println!("\n✅ VALIDATION SUMMARY");
    println!("═══════════════════════════════════");
    println!("✅ Training data quality: VALIDATED");
    println!("✅ Model convergence: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    if accuracy >= 0.85 && f1_score >= 0.8 {
        println!("🎉 ALL VALIDATIONS PASSED - LIBRARY PERFORMANCE VERIFIED");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
    }

    Ok(())
}

examples/network_security_monitoring.rs (line 19)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🛡️ Network Security Monitoring with Anomaly Grid");
    println!("Detecting APTs, DDoS, and network intrusions with high accuracy\n");

    // Configure detector for network security patterns
    let config = AnomalyGridConfig::default()
        .with_max_order(4)? // Higher order for complex attack patterns
        .with_smoothing_alpha(0.5)? // Lower smoothing for better discrimination
        .with_weights(0.6, 0.4)?; // Balance likelihood and information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured security detector with order 4 for complex patterns");

    // Generate comprehensive normal network traffic
    let normal_events = generate_enterprise_traffic(5);
    println!(
        "📊 Generated {} normal network events (5 days)",
        normal_events.len()
    );

    // Train on normal network patterns
    let train_start = Instant::now();
    detector.train(&normal_events)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Security contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Real-time monitoring simulation with tuned thresholds
    println!("\n🔍 Real-time Network Security Monitoring");

    let attack_scenarios = vec![
        ("Advanced Persistent Threat", generate_apt_campaign(), 0.001),
        ("DDoS Attack", generate_ddos_attack(), 0.005),
        ("Port Scan", generate_port_scan(), 0.01),
        ("SQL Injection", generate_sql_injection(), 0.005),
        ("Lateral Movement", generate_lateral_movement(), 0.001),
        ("Data Exfiltration", generate_data_exfiltration(), 0.001),
        (
            "Malware C2 Communication",
            generate_malware_communication(),
            0.002,
        ),
    ];

    let mut total_threats_detected = 0;
    let mut critical_threats = 0;
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (attack_name, attack_sequence, threshold) in attack_scenarios {
        println!("\n--- Analyzing: {} ---", attack_name);
        println!("Sequence length: {} events", attack_sequence.len());
        println!("Detection threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&attack_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        if !anomalies.is_empty() {
            total_threats_detected += 1;

            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0, f64::max);

            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            let min_likelihood = anomalies
                .iter()
                .map(|a| a.likelihood)
                .fold(f64::INFINITY, f64::min);

            // Enhanced threat classification
            let (threat_level, confidence) =
                classify_threat(max_strength, avg_information, anomalies.len());

            if threat_level == "CRITICAL" {
                critical_threats += 1;
            }

            println!("  🚨 THREAT DETECTED");
            println!("  📊 Anomalies found: {}", anomalies.len());
            println!("  🎯 Max anomaly strength: {:.3}", max_strength);
            println!("  📈 Avg information score: {:.3}", avg_information);
            println!("  📉 Min likelihood: {:.2e}", min_likelihood);
            println!("  ⚡ Detection time: {:?}", detect_time);
            println!("  🔥 Threat Level: {}", threat_level);
            println!("  🎲 Confidence: {:.1}%", confidence);

            // Generate detailed security alert
            generate_security_alert(attack_name, &threat_level, confidence, &anomalies);

            // Show most suspicious patterns
            if anomalies.len() > 0 {
                let most_suspicious = anomalies
                    .iter()
                    .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
                    .unwrap();
                println!(
                    "  🔍 Most suspicious pattern: {:?}",
                    most_suspicious.sequence
                );
                println!(
                    "     Strength: {:.3}, Info: {:.3}",
                    most_suspicious.anomaly_strength, most_suspicious.information_score
                );
            }
        } else {
            println!("  ✅ No threats detected (normal traffic)");
        }
    }

    // Advanced analytics and ROC analysis
    println!("\n📈 Advanced Security Analytics");
    perform_roc_analysis(&detector)?;

    // Batch processing demonstration with performance metrics
    println!("\n📦 High-Volume Batch Processing");
    let batch_sequences = vec![
        generate_normal_session(),
        generate_malware_communication(),
        generate_data_exfiltration(),
        generate_insider_threat(),
        generate_zero_day_exploit(),
    ];

    let batch_start = Instant::now();
    let config = AnomalyGridConfig::default().with_max_order(5)?;
    let batch_results = batch_process_sequences(&batch_sequences, &config, 0.01)?;
    let batch_time = batch_start.elapsed();

    println!(
        "Processed {} sequences in {:?}",
        batch_sequences.len(),
        batch_time
    );
    let throughput = batch_sequences.len() as f64 / batch_time.as_secs_f64();
    println!("Throughput: {:.1} sequences/second", throughput);

    for (i, results) in batch_results.iter().enumerate() {
        let sequence_types = [
            "Normal Session",
            "Malware C2",
            "Data Exfiltration",
            "Insider Threat",
            "Zero-day Exploit",
        ];
        let risk_score = calculate_risk_score(results);
        println!(
            "  {}: {} anomalies, risk score: {:.2}",
            sequence_types[i],
            results.len(),
            risk_score
        );
    }

    // Performance and accuracy summary
    println!("\n📊 Security Monitoring Summary");
    println!("═══════════════════════════════════");
    println!(
        "Threats detected: {}/7 ({:.1}%)",
        total_threats_detected,
        (total_threats_detected as f64 / 7.0) * 100.0
    );
    println!("Critical threats: {}", critical_threats);
    println!(
        "Average detection time: {:?}",
        total_detection_time / total_threats_detected.max(1) as u32
    );

    let false_positive_rate = calculate_false_positive_rate(&detector)?;
    println!("Estimated false positive rate: {:.2}%", false_positive_rate);

    // Calculate estimated cost savings
    let cost_savings = calculate_security_cost_savings(critical_threats, total_threats_detected);
    println!("Estimated cost savings: ${:.0}", cost_savings);

    println!("\n💡 Security Insights:");
    println!("   - APT campaigns show complex multi-stage patterns");
    println!("   - DDoS attacks have high-volume repetitive signatures");
    println!("   - Lateral movement creates subtle context anomalies");
    println!("   - Data exfiltration shows unusual data flow patterns");
    println!("   - Real-time detection enables rapid incident response");

    Ok(())
}

examples/time_series_anomaly_detection.rs (line 20)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("📈 Time Series Anomaly Detection with Mathematical Validation");
    println!("Converting continuous data to categorical sequences for anomaly detection\n");

    // Configure detector for time series pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(8)? // High order for temporal dependencies
        .with_smoothing_alpha(0.2)? // Low smoothing for precise pattern learning
        .with_weights(0.9, 0.1)?; // Emphasize likelihood for temporal patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured time series detector with order 8 for temporal patterns");

    // Phase 1: Generate and validate time series training data
    println!("\n📊 Phase 1: Time Series Data Generation and Discretization");
    let (raw_time_series, discretized_series) = generate_time_series_data(1000)?;

    // Validate discretization quality
    validate_discretization_quality(&raw_time_series, &discretized_series)?;

    println!("📈 Generated {} time series points", raw_time_series.len());
    println!(
        "🔢 Discretized to {} categorical states",
        discretized_series.len()
    );
    println!("🎯 Discretization validation: PASSED");

    // Phase 2: Train and validate temporal model
    println!("\n🎯 Phase 2: Temporal Model Training and Validation");
    let train_start = Instant::now();
    detector.train(&discretized_series)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Temporal patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate temporal consistency
    validate_temporal_consistency(&detector, &discretized_series)?;

    // Phase 3: Comprehensive anomaly detection testing
    println!("\n🔬 Phase 3: Time Series Anomaly Detection Testing");

    let test_scenarios = vec![
        ("Normal Trend", generate_normal_trend(), false, 0.1),
        ("Sudden Spike", generate_sudden_spike(), true, 0.05),
        ("Gradual Drift", generate_gradual_drift(), true, 0.08),
        ("Periodic Anomaly", generate_periodic_anomaly(), true, 0.03),
        ("Noise Burst", generate_noise_burst(), true, 0.02),
        ("Level Shift", generate_level_shift(), true, 0.05),
        ("Trend Change", generate_trend_change(), true, 0.06),
        ("Seasonal Break", generate_seasonal_break(), true, 0.04),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, (raw_data, test_sequence), is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Raw data points: {}", raw_data.len());
        println!("Discretized sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;

            // Show temporal context of strongest anomaly
            if let Some(strongest) = anomalies
                .iter()
                .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
            {
                println!("🔍 Strongest anomaly pattern: {:?}", strongest.sequence);
            }
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Statistical validation and metrics
    println!("\n📊 Phase 4: Statistical Validation and Performance Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Temporal pattern analysis
    println!("\n⏰ Phase 5: Temporal Pattern Analysis");
    analyze_temporal_patterns(&detector)?;

    // Phase 6: Sensitivity analysis
    println!("\n🎚️ Phase 6: Sensitivity Analysis");
    perform_sensitivity_analysis(&detector)?;

    // Phase 7: Robustness testing with edge cases
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_temporal_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_temporal_performance(&detector)?;

    // Phase 9: Mathematical validation
    println!("\n🔬 Phase 9: Mathematical Property Validation");
    validate_mathematical_properties(&detector)?;

    // Final validation summary
    println!("\n✅ COMPREHENSIVE VALIDATION SUMMARY");
    println!("═══════════════════════════════════════");
    println!("✅ Time series discretization: VALIDATED");
    println!("✅ Temporal consistency: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    // Determine overall validation status
    let validation_passed = accuracy >= 0.8
        && f1_score >= 0.75
        && total_detection_time.as_millis() < 100 * detection_results.len() as u128;

    if validation_passed {
        println!("🎉 ALL VALIDATIONS PASSED - TIME SERIES DETECTION VERIFIED");
        println!("📈 Library successfully handles temporal anomaly detection");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
        if accuracy < 0.8 {
            println!("   - Accuracy below threshold");
        }
        if f1_score < 0.75 {
            println!("   - F1 score below threshold");
        }
    }

    Ok(())
}

Additional examples can be found in:

• examples/financial_fraud_detection.rs

pub fn with_smoothing_alpha(self, alpha: f64) -> AnomalyGridResult<Self>

Set smoothing_alpha with validation

Examples found in repository

examples/multi_modal_anomaly_detection.rs (line 72)

fn create_multi_modal_detectors(
) -> Result<HashMap<String, AnomalyDetector>, Box<dyn std::error::Error>> {
    let mut detectors = HashMap::new();

    // Sequential pattern detector (high order)
    let sequential_config = AnomalyGridConfig::default()
        .with_max_order(6)?
        .with_smoothing_alpha(0.1)?
        .with_weights(0.9, 0.1)?;
    let sequential_detector = AnomalyDetector::with_config(sequential_config)?;
    detectors.insert("sequential".to_string(), sequential_detector);

    // Behavioral pattern detector (medium order)
    let behavioral_config = AnomalyGridConfig::default()
        .with_max_order(4)?
        .with_smoothing_alpha(0.3)?
        .with_weights(0.7, 0.3)?;
    let behavioral_detector = AnomalyDetector::with_config(behavioral_config)?;
    detectors.insert("behavioral".to_string(), behavioral_detector);

    // Temporal pattern detector (high order)
    let temporal_config = AnomalyGridConfig::default()
        .with_max_order(8)?
        .with_smoothing_alpha(0.2)?
        .with_weights(0.8, 0.2)?;
    let temporal_detector = AnomalyDetector::with_config(temporal_config)?;
    detectors.insert("temporal".to_string(), temporal_detector);

    // Network pattern detector (medium order)
    let network_config = AnomalyGridConfig::default()
        .with_max_order(5)?
        .with_smoothing_alpha(0.4)?
        .with_weights(0.6, 0.4)?;
    let network_detector = AnomalyDetector::with_config(network_config)?;
    detectors.insert("network".to_string(), network_detector);

    println!("🔧 Sequential detector: order 6, α=0.1, weights=(0.9,0.1)");
    println!("🧠 Behavioral detector: order 4, α=0.3, weights=(0.7,0.3)");
    println!("⏰ Temporal detector: order 8, α=0.2, weights=(0.8,0.2)");
    println!("🌐 Network detector: order 5, α=0.4, weights=(0.6,0.4)");

    Ok(detectors)
}

examples/quick_start.rs (line 19)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🚀 Anomaly Grid - Quick Start Example");
    println!("Demonstrating accurate anomaly detection with real patterns\n");

    // Create detector with optimal configuration for this example
    let config = AnomalyGridConfig::default()
        .with_max_order(3)? // Good balance of context and performance
        .with_smoothing_alpha(1.0)? // Standard Laplace smoothing
        .with_weights(0.7, 0.3)?; // Emphasize likelihood over information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Created detector with order 3 and optimized configuration");

    // Generate realistic training data with clear patterns
    let normal_patterns = generate_realistic_training_data();
    println!(
        "📚 Generated {} training sequences with realistic patterns",
        normal_patterns.len()
    );

    // Train the detector
    let train_start = Instant::now();
    detector.train(&normal_patterns)?;
    let train_time = train_start.elapsed();

    // Get training metrics
    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Test different scenarios with proper threshold tuning
    println!("\n🔍 Testing Anomaly Detection Scenarios");

    let test_scenarios = vec![
        ("Normal Pattern", generate_normal_sequence(), 0.1),
        ("Slight Deviation", generate_slight_deviation(), 0.05),
        ("Clear Anomaly", generate_clear_anomaly(), 0.01),
        ("Severe Anomaly", generate_severe_anomaly(), 0.001),
    ];

    for (scenario_name, test_sequence, threshold) in test_scenarios {
        println!("\n--- {} (threshold: {}) ---", scenario_name, threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();

        println!("Sequence: {:?}", test_sequence);
        println!("Detection time: {:?}", detect_time);

        if anomalies.is_empty() {
            println!("✅ No anomalies detected (normal behavior)");
        } else {
            println!("⚠️  {} anomalies detected:", anomalies.len());

            for (i, anomaly) in anomalies.iter().enumerate() {
                println!("   Anomaly {}: {:?}", i + 1, anomaly.sequence);
                println!("     - Likelihood: {:.6}", anomaly.likelihood);
                println!("     - Anomaly Strength: {:.3}", anomaly.anomaly_strength);
                println!("     - Information Score: {:.3}", anomaly.information_score);

                // Classify anomaly severity
                let severity = if anomaly.anomaly_strength > 0.8 {
                    "🚨 CRITICAL"
                } else if anomaly.anomaly_strength > 0.6 {
                    "⚠️  HIGH"
                } else if anomaly.anomaly_strength > 0.4 {
                    "⚡ MEDIUM"
                } else {
                    "📝 LOW"
                };

                println!("     - Severity: {}", severity);
            }
        }
    }

    // Demonstrate threshold sensitivity analysis
    println!("\n📊 Threshold Sensitivity Analysis");
    demonstrate_threshold_sensitivity(&detector)?;

    // Show mathematical properties
    println!("\n🔬 Mathematical Properties Validation");
    validate_mathematical_properties(&detector)?;

    println!("\n🎉 Quick start example completed successfully!");
    println!("💡 Key takeaways:");
    println!("   - Higher thresholds detect fewer, stronger anomalies");
    println!("   - Lower thresholds detect more, including weaker anomalies");
    println!("   - Anomaly strength combines likelihood and information content");
    println!("   - Detection is fast and mathematically sound");

    Ok(())
}

examples/behavioral_anomaly_detection.rs (line 23)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🧠 Behavioral Anomaly Detection with Mathematical Validation");
    println!("Learning user behavior patterns and detecting sophisticated anomalies\n");

    // Configure detector for behavioral pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(6)? // High order for complex behavioral sequences
        .with_smoothing_alpha(0.3)? // Low smoothing for precise pattern learning
        .with_weights(0.8, 0.2)?; // Emphasize likelihood for behavioral patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured behavioral detector with order 6 for complex patterns");

    // Phase 1: Generate and validate training data
    println!("\n📚 Phase 1: Training Data Generation and Validation");
    let (training_data, ground_truth) = generate_validated_behavioral_data();

    // Validate training data quality
    validate_training_data_quality(&training_data)?;

    println!("📊 Generated {} behavioral sequences", training_data.len());
    println!("🎯 Training data validation: PASSED");

    // Phase 2: Train and validate model convergence
    println!("\n🎯 Phase 2: Model Training and Convergence Validation");
    let train_start = Instant::now();
    detector.train(&training_data)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Behavioral patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate model convergence
    validate_model_convergence(&detector, &training_data)?;

    // Phase 3: Rigorous anomaly detection testing
    println!("\n🔬 Phase 3: Rigorous Anomaly Detection Testing");

    let test_scenarios = vec![
        (
            "Normal User Behavior",
            generate_normal_user_session(),
            false,
            0.1,
        ),
        (
            "Account Compromise",
            generate_account_compromise(),
            true,
            0.05,
        ),
        (
            "Insider Threat",
            generate_insider_threat_behavior(),
            true,
            0.02,
        ),
        ("Bot/Automation", generate_bot_behavior(), true, 0.01),
        (
            "Social Engineering",
            generate_social_engineering(),
            true,
            0.03,
        ),
        (
            "Privilege Escalation",
            generate_privilege_escalation_behavior(),
            true,
            0.02,
        ),
        (
            "Data Exfiltration",
            generate_data_exfiltration_behavior(),
            true,
            0.01,
        ),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, test_sequence, is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Comprehensive validation and metrics
    println!("\n📊 Phase 4: Comprehensive Validation and Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Advanced behavioral analysis
    println!("\n🧬 Phase 5: Advanced Behavioral Analysis");
    perform_behavioral_pattern_analysis(&detector)?;

    // Phase 6: Threshold optimization
    println!("\n⚙️ Phase 6: Threshold Optimization");
    let optimal_threshold = optimize_detection_threshold(&detector)?;
    println!("🎯 Optimal threshold: {:.4}", optimal_threshold);

    // Phase 7: Robustness testing
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_detection_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_detection_performance(&detector)?;

    // Final validation summary
    println!("\n✅ VALIDATION SUMMARY");
    println!("═══════════════════════════════════");
    println!("✅ Training data quality: VALIDATED");
    println!("✅ Model convergence: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    if accuracy >= 0.85 && f1_score >= 0.8 {
        println!("🎉 ALL VALIDATIONS PASSED - LIBRARY PERFORMANCE VERIFIED");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
    }

    Ok(())
}

examples/network_security_monitoring.rs (line 20)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🛡️ Network Security Monitoring with Anomaly Grid");
    println!("Detecting APTs, DDoS, and network intrusions with high accuracy\n");

    // Configure detector for network security patterns
    let config = AnomalyGridConfig::default()
        .with_max_order(4)? // Higher order for complex attack patterns
        .with_smoothing_alpha(0.5)? // Lower smoothing for better discrimination
        .with_weights(0.6, 0.4)?; // Balance likelihood and information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured security detector with order 4 for complex patterns");

    // Generate comprehensive normal network traffic
    let normal_events = generate_enterprise_traffic(5);
    println!(
        "📊 Generated {} normal network events (5 days)",
        normal_events.len()
    );

    // Train on normal network patterns
    let train_start = Instant::now();
    detector.train(&normal_events)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Security contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Real-time monitoring simulation with tuned thresholds
    println!("\n🔍 Real-time Network Security Monitoring");

    let attack_scenarios = vec![
        ("Advanced Persistent Threat", generate_apt_campaign(), 0.001),
        ("DDoS Attack", generate_ddos_attack(), 0.005),
        ("Port Scan", generate_port_scan(), 0.01),
        ("SQL Injection", generate_sql_injection(), 0.005),
        ("Lateral Movement", generate_lateral_movement(), 0.001),
        ("Data Exfiltration", generate_data_exfiltration(), 0.001),
        (
            "Malware C2 Communication",
            generate_malware_communication(),
            0.002,
        ),
    ];

    let mut total_threats_detected = 0;
    let mut critical_threats = 0;
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (attack_name, attack_sequence, threshold) in attack_scenarios {
        println!("\n--- Analyzing: {} ---", attack_name);
        println!("Sequence length: {} events", attack_sequence.len());
        println!("Detection threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&attack_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        if !anomalies.is_empty() {
            total_threats_detected += 1;

            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0, f64::max);

            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            let min_likelihood = anomalies
                .iter()
                .map(|a| a.likelihood)
                .fold(f64::INFINITY, f64::min);

            // Enhanced threat classification
            let (threat_level, confidence) =
                classify_threat(max_strength, avg_information, anomalies.len());

            if threat_level == "CRITICAL" {
                critical_threats += 1;
            }

            println!("  🚨 THREAT DETECTED");
            println!("  📊 Anomalies found: {}", anomalies.len());
            println!("  🎯 Max anomaly strength: {:.3}", max_strength);
            println!("  📈 Avg information score: {:.3}", avg_information);
            println!("  📉 Min likelihood: {:.2e}", min_likelihood);
            println!("  ⚡ Detection time: {:?}", detect_time);
            println!("  🔥 Threat Level: {}", threat_level);
            println!("  🎲 Confidence: {:.1}%", confidence);

            // Generate detailed security alert
            generate_security_alert(attack_name, &threat_level, confidence, &anomalies);

            // Show most suspicious patterns
            if anomalies.len() > 0 {
                let most_suspicious = anomalies
                    .iter()
                    .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
                    .unwrap();
                println!(
                    "  🔍 Most suspicious pattern: {:?}",
                    most_suspicious.sequence
                );
                println!(
                    "     Strength: {:.3}, Info: {:.3}",
                    most_suspicious.anomaly_strength, most_suspicious.information_score
                );
            }
        } else {
            println!("  ✅ No threats detected (normal traffic)");
        }
    }

    // Advanced analytics and ROC analysis
    println!("\n📈 Advanced Security Analytics");
    perform_roc_analysis(&detector)?;

    // Batch processing demonstration with performance metrics
    println!("\n📦 High-Volume Batch Processing");
    let batch_sequences = vec![
        generate_normal_session(),
        generate_malware_communication(),
        generate_data_exfiltration(),
        generate_insider_threat(),
        generate_zero_day_exploit(),
    ];

    let batch_start = Instant::now();
    let config = AnomalyGridConfig::default().with_max_order(5)?;
    let batch_results = batch_process_sequences(&batch_sequences, &config, 0.01)?;
    let batch_time = batch_start.elapsed();

    println!(
        "Processed {} sequences in {:?}",
        batch_sequences.len(),
        batch_time
    );
    let throughput = batch_sequences.len() as f64 / batch_time.as_secs_f64();
    println!("Throughput: {:.1} sequences/second", throughput);

    for (i, results) in batch_results.iter().enumerate() {
        let sequence_types = [
            "Normal Session",
            "Malware C2",
            "Data Exfiltration",
            "Insider Threat",
            "Zero-day Exploit",
        ];
        let risk_score = calculate_risk_score(results);
        println!(
            "  {}: {} anomalies, risk score: {:.2}",
            sequence_types[i],
            results.len(),
            risk_score
        );
    }

    // Performance and accuracy summary
    println!("\n📊 Security Monitoring Summary");
    println!("═══════════════════════════════════");
    println!(
        "Threats detected: {}/7 ({:.1}%)",
        total_threats_detected,
        (total_threats_detected as f64 / 7.0) * 100.0
    );
    println!("Critical threats: {}", critical_threats);
    println!(
        "Average detection time: {:?}",
        total_detection_time / total_threats_detected.max(1) as u32
    );

    let false_positive_rate = calculate_false_positive_rate(&detector)?;
    println!("Estimated false positive rate: {:.2}%", false_positive_rate);

    // Calculate estimated cost savings
    let cost_savings = calculate_security_cost_savings(critical_threats, total_threats_detected);
    println!("Estimated cost savings: ${:.0}", cost_savings);

    println!("\n💡 Security Insights:");
    println!("   - APT campaigns show complex multi-stage patterns");
    println!("   - DDoS attacks have high-volume repetitive signatures");
    println!("   - Lateral movement creates subtle context anomalies");
    println!("   - Data exfiltration shows unusual data flow patterns");
    println!("   - Real-time detection enables rapid incident response");

    Ok(())
}

examples/time_series_anomaly_detection.rs (line 21)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("📈 Time Series Anomaly Detection with Mathematical Validation");
    println!("Converting continuous data to categorical sequences for anomaly detection\n");

    // Configure detector for time series pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(8)? // High order for temporal dependencies
        .with_smoothing_alpha(0.2)? // Low smoothing for precise pattern learning
        .with_weights(0.9, 0.1)?; // Emphasize likelihood for temporal patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured time series detector with order 8 for temporal patterns");

    // Phase 1: Generate and validate time series training data
    println!("\n📊 Phase 1: Time Series Data Generation and Discretization");
    let (raw_time_series, discretized_series) = generate_time_series_data(1000)?;

    // Validate discretization quality
    validate_discretization_quality(&raw_time_series, &discretized_series)?;

    println!("📈 Generated {} time series points", raw_time_series.len());
    println!(
        "🔢 Discretized to {} categorical states",
        discretized_series.len()
    );
    println!("🎯 Discretization validation: PASSED");

    // Phase 2: Train and validate temporal model
    println!("\n🎯 Phase 2: Temporal Model Training and Validation");
    let train_start = Instant::now();
    detector.train(&discretized_series)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Temporal patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate temporal consistency
    validate_temporal_consistency(&detector, &discretized_series)?;

    // Phase 3: Comprehensive anomaly detection testing
    println!("\n🔬 Phase 3: Time Series Anomaly Detection Testing");

    let test_scenarios = vec![
        ("Normal Trend", generate_normal_trend(), false, 0.1),
        ("Sudden Spike", generate_sudden_spike(), true, 0.05),
        ("Gradual Drift", generate_gradual_drift(), true, 0.08),
        ("Periodic Anomaly", generate_periodic_anomaly(), true, 0.03),
        ("Noise Burst", generate_noise_burst(), true, 0.02),
        ("Level Shift", generate_level_shift(), true, 0.05),
        ("Trend Change", generate_trend_change(), true, 0.06),
        ("Seasonal Break", generate_seasonal_break(), true, 0.04),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, (raw_data, test_sequence), is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Raw data points: {}", raw_data.len());
        println!("Discretized sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;

            // Show temporal context of strongest anomaly
            if let Some(strongest) = anomalies
                .iter()
                .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
            {
                println!("🔍 Strongest anomaly pattern: {:?}", strongest.sequence);
            }
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Statistical validation and metrics
    println!("\n📊 Phase 4: Statistical Validation and Performance Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Temporal pattern analysis
    println!("\n⏰ Phase 5: Temporal Pattern Analysis");
    analyze_temporal_patterns(&detector)?;

    // Phase 6: Sensitivity analysis
    println!("\n🎚️ Phase 6: Sensitivity Analysis");
    perform_sensitivity_analysis(&detector)?;

    // Phase 7: Robustness testing with edge cases
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_temporal_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_temporal_performance(&detector)?;

    // Phase 9: Mathematical validation
    println!("\n🔬 Phase 9: Mathematical Property Validation");
    validate_mathematical_properties(&detector)?;

    // Final validation summary
    println!("\n✅ COMPREHENSIVE VALIDATION SUMMARY");
    println!("═══════════════════════════════════════");
    println!("✅ Time series discretization: VALIDATED");
    println!("✅ Temporal consistency: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    // Determine overall validation status
    let validation_passed = accuracy >= 0.8
        && f1_score >= 0.75
        && total_detection_time.as_millis() < 100 * detection_results.len() as u128;

    if validation_passed {
        println!("🎉 ALL VALIDATIONS PASSED - TIME SERIES DETECTION VERIFIED");
        println!("📈 Library successfully handles temporal anomaly detection");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
        if accuracy < 0.8 {
            println!("   - Accuracy below threshold");
        }
        if f1_score < 0.75 {
            println!("   - F1 score below threshold");
        }
    }

    Ok(())
}

examples/financial_fraud_detection.rs (line 19)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("💳 Financial Fraud Detection with Anomaly Grid");
    println!("Detecting credit card fraud, velocity attacks, and suspicious patterns\n");

    // Configure detector for financial transaction patterns
    let config = AnomalyGridConfig::default()
        .with_max_order(5)? // Higher order for complex fraud patterns
        .with_smoothing_alpha(0.8)? // Moderate smoothing for financial data
        .with_weights(0.5, 0.5)?; // Balance likelihood and information equally

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured fraud detector with order 5 for complex patterns");

    // Generate comprehensive normal transaction data
    let normal_transactions = generate_normal_transactions(30); // 1 month
    println!(
        "📊 Generated {} normal transactions (1 month)",
        normal_transactions.len()
    );

    // Train on normal transaction patterns
    let train_start = Instant::now();
    detector.train(&normal_transactions)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!(
        "   - Transaction patterns learned: {}",
        metrics.context_count
    );
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Real-time fraud detection simulation with optimized thresholds
    println!("\n🔍 Real-time Fraud Detection Simulation");

    let fraud_scenarios = vec![
        ("Card Testing", generate_card_testing(), 0.01),
        ("Velocity Attack", generate_velocity_attack(), 0.005),
        ("Geographic Anomaly", generate_geographic_anomaly(), 0.02),
        ("Amount Anomaly", generate_amount_anomaly(), 0.01),
        ("Account Takeover", generate_account_takeover(), 0.001),
        ("Synthetic Identity", generate_synthetic_identity(), 0.001),
        ("Merchant Fraud", generate_merchant_fraud(), 0.005),
        ("Money Laundering", generate_money_laundering(), 0.002),
    ];

    let mut total_fraud_detected = 0;
    let mut total_fraud_amount = 0.0;
    let mut critical_fraud_cases = 0;
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (fraud_type, fraud_sequence, threshold) in fraud_scenarios {
        println!("\n--- Analyzing: {} ---", fraud_type);
        println!("Transaction sequence length: {}", fraud_sequence.len());
        println!("Detection threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&fraud_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        if !anomalies.is_empty() {
            total_fraud_detected += 1;

            let fraud_score = calculate_fraud_score(&anomalies);
            let (risk_level, confidence) = classify_fraud_risk(fraud_score, anomalies.len());
            let estimated_amount = estimate_fraud_amount(&fraud_sequence);
            total_fraud_amount += estimated_amount;

            if risk_level == "CRITICAL" {
                critical_fraud_cases += 1;
            }

            println!("  🚨 FRAUD DETECTED");
            println!("  📊 Anomalies: {}", anomalies.len());
            println!("  🎯 Fraud Score: {:.2}", fraud_score);
            println!("  🔥 Risk Level: {}", risk_level);
            println!("  🎲 Confidence: {:.1}%", confidence);
            println!("  💰 Estimated Amount: ${:.2}", estimated_amount);
            println!("  ⚡ Detection Time: {:?}", detect_time);

            // Generate detailed fraud alert
            generate_fraud_alert(
                fraud_type,
                &risk_level,
                estimated_amount,
                fraud_score,
                confidence,
            );

            // Show most suspicious transaction pattern
            if let Some(most_suspicious) = anomalies
                .iter()
                .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
            {
                println!(
                    "  🔍 Most suspicious pattern: {:?}",
                    most_suspicious.sequence
                );
                println!(
                    "     Strength: {:.3}, Info: {:.3}",
                    most_suspicious.anomaly_strength, most_suspicious.information_score
                );
            }
        } else {
            println!("  ✅ No fraud detected (legitimate transactions)");
        }
    }

    // Advanced fraud analytics
    println!("\n📈 Advanced Fraud Analytics");
    perform_fraud_roc_analysis(&detector)?;

    // High-volume transaction processing simulation
    println!("\n📦 High-Volume Transaction Processing");
    let batch_transactions = generate_mixed_transaction_batch(1000);

    let batch_start = Instant::now();
    let mut fraud_count = 0;
    let mut legitimate_count = 0;
    let mut total_risk_score = 0.0;

    // Process in chunks for memory efficiency
    for chunk in batch_transactions.chunks(100) {
        let anomalies = detector.detect_anomalies(chunk, 0.05)?;
        if !anomalies.is_empty() {
            fraud_count += 1;
            total_risk_score += calculate_fraud_score(&anomalies);
        } else {
            legitimate_count += 1;
        }
    }

    let batch_time = batch_start.elapsed();
    let throughput = batch_transactions.len() as f64 / batch_time.as_secs_f64();

    println!(
        "Processed {} transactions in {:?}",
        batch_transactions.len(),
        batch_time
    );
    println!("Throughput: {:.0} transactions/second", throughput);
    println!(
        "Fraud detected: {} batches ({:.1}%)",
        fraud_count,
        (fraud_count as f64 / (fraud_count + legitimate_count) as f64) * 100.0
    );
    println!("Legitimate: {} batches", legitimate_count);
    println!(
        "Average risk score: {:.2}",
        total_risk_score / fraud_count.max(1) as f64
    );

    // Performance and accuracy summary
    println!("\n📊 Fraud Detection Summary");
    println!("═══════════════════════════════════");
    println!(
        "Fraud scenarios detected: {}/8 ({:.1}%)",
        total_fraud_detected,
        (total_fraud_detected as f64 / 8.0) * 100.0
    );
    println!("Critical fraud cases: {}", critical_fraud_cases);
    println!("Total fraud amount prevented: ${:.2}", total_fraud_amount);
    println!(
        "Average detection time: {:?}",
        total_detection_time / total_fraud_detected.max(1) as u32
    );

    // Calculate ROI and cost savings
    let investigation_cost = total_fraud_detected as f64 * 500.0; // $500 per investigation
    let net_savings = total_fraud_amount - investigation_cost;
    let roi = if investigation_cost > 0.0 {
        (net_savings / investigation_cost) * 100.0
    } else {
        0.0
    };

    println!("Investigation costs: ${:.2}", investigation_cost);
    println!("Net savings: ${:.2}", net_savings);
    println!("ROI: {:.1}%", roi);

    // Calculate precision and recall estimates
    let precision = calculate_fraud_precision(&detector)?;
    let recall = calculate_fraud_recall(&detector)?;
    let f1_score = 2.0 * (precision * recall) / (precision + recall);

    println!("Estimated precision: {:.1}%", precision);
    println!("Estimated recall: {:.1}%", recall);
    println!("F1 score: {:.3}", f1_score);

    println!("\n💡 Fraud Detection Insights:");
    println!("   - Card testing shows rapid small-amount probing patterns");
    println!("   - Velocity attacks have high-frequency transaction bursts");
    println!("   - Geographic anomalies show impossible travel patterns");
    println!("   - Account takeovers exhibit sudden behavior changes");
    println!("   - Synthetic identities show artificial credit building");
    println!("   - Real-time detection enables immediate card blocking");

    Ok(())
}

pub fn with_memory_limit(self, limit: Option<usize>) -> AnomalyGridResult<Self>

Set memory_limit with validation

pub fn with_weights( self, likelihood_weight: f64, information_weight: f64, ) -> AnomalyGridResult<Self>

Set anomaly strength weights with validation

Examples found in repository

examples/multi_modal_anomaly_detection.rs (line 73)

fn create_multi_modal_detectors(
) -> Result<HashMap<String, AnomalyDetector>, Box<dyn std::error::Error>> {
    let mut detectors = HashMap::new();

    // Sequential pattern detector (high order)
    let sequential_config = AnomalyGridConfig::default()
        .with_max_order(6)?
        .with_smoothing_alpha(0.1)?
        .with_weights(0.9, 0.1)?;
    let sequential_detector = AnomalyDetector::with_config(sequential_config)?;
    detectors.insert("sequential".to_string(), sequential_detector);

    // Behavioral pattern detector (medium order)
    let behavioral_config = AnomalyGridConfig::default()
        .with_max_order(4)?
        .with_smoothing_alpha(0.3)?
        .with_weights(0.7, 0.3)?;
    let behavioral_detector = AnomalyDetector::with_config(behavioral_config)?;
    detectors.insert("behavioral".to_string(), behavioral_detector);

    // Temporal pattern detector (high order)
    let temporal_config = AnomalyGridConfig::default()
        .with_max_order(8)?
        .with_smoothing_alpha(0.2)?
        .with_weights(0.8, 0.2)?;
    let temporal_detector = AnomalyDetector::with_config(temporal_config)?;
    detectors.insert("temporal".to_string(), temporal_detector);

    // Network pattern detector (medium order)
    let network_config = AnomalyGridConfig::default()
        .with_max_order(5)?
        .with_smoothing_alpha(0.4)?
        .with_weights(0.6, 0.4)?;
    let network_detector = AnomalyDetector::with_config(network_config)?;
    detectors.insert("network".to_string(), network_detector);

    println!("🔧 Sequential detector: order 6, α=0.1, weights=(0.9,0.1)");
    println!("🧠 Behavioral detector: order 4, α=0.3, weights=(0.7,0.3)");
    println!("⏰ Temporal detector: order 8, α=0.2, weights=(0.8,0.2)");
    println!("🌐 Network detector: order 5, α=0.4, weights=(0.6,0.4)");

    Ok(detectors)
}

examples/quick_start.rs (line 20)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🚀 Anomaly Grid - Quick Start Example");
    println!("Demonstrating accurate anomaly detection with real patterns\n");

    // Create detector with optimal configuration for this example
    let config = AnomalyGridConfig::default()
        .with_max_order(3)? // Good balance of context and performance
        .with_smoothing_alpha(1.0)? // Standard Laplace smoothing
        .with_weights(0.7, 0.3)?; // Emphasize likelihood over information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Created detector with order 3 and optimized configuration");

    // Generate realistic training data with clear patterns
    let normal_patterns = generate_realistic_training_data();
    println!(
        "📚 Generated {} training sequences with realistic patterns",
        normal_patterns.len()
    );

    // Train the detector
    let train_start = Instant::now();
    detector.train(&normal_patterns)?;
    let train_time = train_start.elapsed();

    // Get training metrics
    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Test different scenarios with proper threshold tuning
    println!("\n🔍 Testing Anomaly Detection Scenarios");

    let test_scenarios = vec![
        ("Normal Pattern", generate_normal_sequence(), 0.1),
        ("Slight Deviation", generate_slight_deviation(), 0.05),
        ("Clear Anomaly", generate_clear_anomaly(), 0.01),
        ("Severe Anomaly", generate_severe_anomaly(), 0.001),
    ];

    for (scenario_name, test_sequence, threshold) in test_scenarios {
        println!("\n--- {} (threshold: {}) ---", scenario_name, threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();

        println!("Sequence: {:?}", test_sequence);
        println!("Detection time: {:?}", detect_time);

        if anomalies.is_empty() {
            println!("✅ No anomalies detected (normal behavior)");
        } else {
            println!("⚠️  {} anomalies detected:", anomalies.len());

            for (i, anomaly) in anomalies.iter().enumerate() {
                println!("   Anomaly {}: {:?}", i + 1, anomaly.sequence);
                println!("     - Likelihood: {:.6}", anomaly.likelihood);
                println!("     - Anomaly Strength: {:.3}", anomaly.anomaly_strength);
                println!("     - Information Score: {:.3}", anomaly.information_score);

                // Classify anomaly severity
                let severity = if anomaly.anomaly_strength > 0.8 {
                    "🚨 CRITICAL"
                } else if anomaly.anomaly_strength > 0.6 {
                    "⚠️  HIGH"
                } else if anomaly.anomaly_strength > 0.4 {
                    "⚡ MEDIUM"
                } else {
                    "📝 LOW"
                };

                println!("     - Severity: {}", severity);
            }
        }
    }

    // Demonstrate threshold sensitivity analysis
    println!("\n📊 Threshold Sensitivity Analysis");
    demonstrate_threshold_sensitivity(&detector)?;

    // Show mathematical properties
    println!("\n🔬 Mathematical Properties Validation");
    validate_mathematical_properties(&detector)?;

    println!("\n🎉 Quick start example completed successfully!");
    println!("💡 Key takeaways:");
    println!("   - Higher thresholds detect fewer, stronger anomalies");
    println!("   - Lower thresholds detect more, including weaker anomalies");
    println!("   - Anomaly strength combines likelihood and information content");
    println!("   - Detection is fast and mathematically sound");

    Ok(())
}

examples/behavioral_anomaly_detection.rs (line 24)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🧠 Behavioral Anomaly Detection with Mathematical Validation");
    println!("Learning user behavior patterns and detecting sophisticated anomalies\n");

    // Configure detector for behavioral pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(6)? // High order for complex behavioral sequences
        .with_smoothing_alpha(0.3)? // Low smoothing for precise pattern learning
        .with_weights(0.8, 0.2)?; // Emphasize likelihood for behavioral patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured behavioral detector with order 6 for complex patterns");

    // Phase 1: Generate and validate training data
    println!("\n📚 Phase 1: Training Data Generation and Validation");
    let (training_data, ground_truth) = generate_validated_behavioral_data();

    // Validate training data quality
    validate_training_data_quality(&training_data)?;

    println!("📊 Generated {} behavioral sequences", training_data.len());
    println!("🎯 Training data validation: PASSED");

    // Phase 2: Train and validate model convergence
    println!("\n🎯 Phase 2: Model Training and Convergence Validation");
    let train_start = Instant::now();
    detector.train(&training_data)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Behavioral patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate model convergence
    validate_model_convergence(&detector, &training_data)?;

    // Phase 3: Rigorous anomaly detection testing
    println!("\n🔬 Phase 3: Rigorous Anomaly Detection Testing");

    let test_scenarios = vec![
        (
            "Normal User Behavior",
            generate_normal_user_session(),
            false,
            0.1,
        ),
        (
            "Account Compromise",
            generate_account_compromise(),
            true,
            0.05,
        ),
        (
            "Insider Threat",
            generate_insider_threat_behavior(),
            true,
            0.02,
        ),
        ("Bot/Automation", generate_bot_behavior(), true, 0.01),
        (
            "Social Engineering",
            generate_social_engineering(),
            true,
            0.03,
        ),
        (
            "Privilege Escalation",
            generate_privilege_escalation_behavior(),
            true,
            0.02,
        ),
        (
            "Data Exfiltration",
            generate_data_exfiltration_behavior(),
            true,
            0.01,
        ),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, test_sequence, is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Comprehensive validation and metrics
    println!("\n📊 Phase 4: Comprehensive Validation and Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Advanced behavioral analysis
    println!("\n🧬 Phase 5: Advanced Behavioral Analysis");
    perform_behavioral_pattern_analysis(&detector)?;

    // Phase 6: Threshold optimization
    println!("\n⚙️ Phase 6: Threshold Optimization");
    let optimal_threshold = optimize_detection_threshold(&detector)?;
    println!("🎯 Optimal threshold: {:.4}", optimal_threshold);

    // Phase 7: Robustness testing
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_detection_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_detection_performance(&detector)?;

    // Final validation summary
    println!("\n✅ VALIDATION SUMMARY");
    println!("═══════════════════════════════════");
    println!("✅ Training data quality: VALIDATED");
    println!("✅ Model convergence: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    if accuracy >= 0.85 && f1_score >= 0.8 {
        println!("🎉 ALL VALIDATIONS PASSED - LIBRARY PERFORMANCE VERIFIED");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
    }

    Ok(())
}

examples/network_security_monitoring.rs (line 21)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("🛡️ Network Security Monitoring with Anomaly Grid");
    println!("Detecting APTs, DDoS, and network intrusions with high accuracy\n");

    // Configure detector for network security patterns
    let config = AnomalyGridConfig::default()
        .with_max_order(4)? // Higher order for complex attack patterns
        .with_smoothing_alpha(0.5)? // Lower smoothing for better discrimination
        .with_weights(0.6, 0.4)?; // Balance likelihood and information

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured security detector with order 4 for complex patterns");

    // Generate comprehensive normal network traffic
    let normal_events = generate_enterprise_traffic(5);
    println!(
        "📊 Generated {} normal network events (5 days)",
        normal_events.len()
    );

    // Train on normal network patterns
    let train_start = Instant::now();
    detector.train(&normal_events)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!("   - Security contexts learned: {}", metrics.context_count);
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Real-time monitoring simulation with tuned thresholds
    println!("\n🔍 Real-time Network Security Monitoring");

    let attack_scenarios = vec![
        ("Advanced Persistent Threat", generate_apt_campaign(), 0.001),
        ("DDoS Attack", generate_ddos_attack(), 0.005),
        ("Port Scan", generate_port_scan(), 0.01),
        ("SQL Injection", generate_sql_injection(), 0.005),
        ("Lateral Movement", generate_lateral_movement(), 0.001),
        ("Data Exfiltration", generate_data_exfiltration(), 0.001),
        (
            "Malware C2 Communication",
            generate_malware_communication(),
            0.002,
        ),
    ];

    let mut total_threats_detected = 0;
    let mut critical_threats = 0;
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (attack_name, attack_sequence, threshold) in attack_scenarios {
        println!("\n--- Analyzing: {} ---", attack_name);
        println!("Sequence length: {} events", attack_sequence.len());
        println!("Detection threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&attack_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        if !anomalies.is_empty() {
            total_threats_detected += 1;

            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0, f64::max);

            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            let min_likelihood = anomalies
                .iter()
                .map(|a| a.likelihood)
                .fold(f64::INFINITY, f64::min);

            // Enhanced threat classification
            let (threat_level, confidence) =
                classify_threat(max_strength, avg_information, anomalies.len());

            if threat_level == "CRITICAL" {
                critical_threats += 1;
            }

            println!("  🚨 THREAT DETECTED");
            println!("  📊 Anomalies found: {}", anomalies.len());
            println!("  🎯 Max anomaly strength: {:.3}", max_strength);
            println!("  📈 Avg information score: {:.3}", avg_information);
            println!("  📉 Min likelihood: {:.2e}", min_likelihood);
            println!("  ⚡ Detection time: {:?}", detect_time);
            println!("  🔥 Threat Level: {}", threat_level);
            println!("  🎲 Confidence: {:.1}%", confidence);

            // Generate detailed security alert
            generate_security_alert(attack_name, &threat_level, confidence, &anomalies);

            // Show most suspicious patterns
            if anomalies.len() > 0 {
                let most_suspicious = anomalies
                    .iter()
                    .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
                    .unwrap();
                println!(
                    "  🔍 Most suspicious pattern: {:?}",
                    most_suspicious.sequence
                );
                println!(
                    "     Strength: {:.3}, Info: {:.3}",
                    most_suspicious.anomaly_strength, most_suspicious.information_score
                );
            }
        } else {
            println!("  ✅ No threats detected (normal traffic)");
        }
    }

    // Advanced analytics and ROC analysis
    println!("\n📈 Advanced Security Analytics");
    perform_roc_analysis(&detector)?;

    // Batch processing demonstration with performance metrics
    println!("\n📦 High-Volume Batch Processing");
    let batch_sequences = vec![
        generate_normal_session(),
        generate_malware_communication(),
        generate_data_exfiltration(),
        generate_insider_threat(),
        generate_zero_day_exploit(),
    ];

    let batch_start = Instant::now();
    let config = AnomalyGridConfig::default().with_max_order(5)?;
    let batch_results = batch_process_sequences(&batch_sequences, &config, 0.01)?;
    let batch_time = batch_start.elapsed();

    println!(
        "Processed {} sequences in {:?}",
        batch_sequences.len(),
        batch_time
    );
    let throughput = batch_sequences.len() as f64 / batch_time.as_secs_f64();
    println!("Throughput: {:.1} sequences/second", throughput);

    for (i, results) in batch_results.iter().enumerate() {
        let sequence_types = [
            "Normal Session",
            "Malware C2",
            "Data Exfiltration",
            "Insider Threat",
            "Zero-day Exploit",
        ];
        let risk_score = calculate_risk_score(results);
        println!(
            "  {}: {} anomalies, risk score: {:.2}",
            sequence_types[i],
            results.len(),
            risk_score
        );
    }

    // Performance and accuracy summary
    println!("\n📊 Security Monitoring Summary");
    println!("═══════════════════════════════════");
    println!(
        "Threats detected: {}/7 ({:.1}%)",
        total_threats_detected,
        (total_threats_detected as f64 / 7.0) * 100.0
    );
    println!("Critical threats: {}", critical_threats);
    println!(
        "Average detection time: {:?}",
        total_detection_time / total_threats_detected.max(1) as u32
    );

    let false_positive_rate = calculate_false_positive_rate(&detector)?;
    println!("Estimated false positive rate: {:.2}%", false_positive_rate);

    // Calculate estimated cost savings
    let cost_savings = calculate_security_cost_savings(critical_threats, total_threats_detected);
    println!("Estimated cost savings: ${:.0}", cost_savings);

    println!("\n💡 Security Insights:");
    println!("   - APT campaigns show complex multi-stage patterns");
    println!("   - DDoS attacks have high-volume repetitive signatures");
    println!("   - Lateral movement creates subtle context anomalies");
    println!("   - Data exfiltration shows unusual data flow patterns");
    println!("   - Real-time detection enables rapid incident response");

    Ok(())
}

examples/time_series_anomaly_detection.rs (line 22)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("📈 Time Series Anomaly Detection with Mathematical Validation");
    println!("Converting continuous data to categorical sequences for anomaly detection\n");

    // Configure detector for time series pattern analysis
    let config = AnomalyGridConfig::default()
        .with_max_order(8)? // High order for temporal dependencies
        .with_smoothing_alpha(0.2)? // Low smoothing for precise pattern learning
        .with_weights(0.9, 0.1)?; // Emphasize likelihood for temporal patterns

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured time series detector with order 8 for temporal patterns");

    // Phase 1: Generate and validate time series training data
    println!("\n📊 Phase 1: Time Series Data Generation and Discretization");
    let (raw_time_series, discretized_series) = generate_time_series_data(1000)?;

    // Validate discretization quality
    validate_discretization_quality(&raw_time_series, &discretized_series)?;

    println!("📈 Generated {} time series points", raw_time_series.len());
    println!(
        "🔢 Discretized to {} categorical states",
        discretized_series.len()
    );
    println!("🎯 Discretization validation: PASSED");

    // Phase 2: Train and validate temporal model
    println!("\n🎯 Phase 2: Temporal Model Training and Validation");
    let train_start = Instant::now();
    detector.train(&discretized_series)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("⏱️ Training completed in {:?}", train_time);
    println!("🧮 Temporal patterns learned: {}", metrics.context_count);
    println!(
        "💾 Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Validate temporal consistency
    validate_temporal_consistency(&detector, &discretized_series)?;

    // Phase 3: Comprehensive anomaly detection testing
    println!("\n🔬 Phase 3: Time Series Anomaly Detection Testing");

    let test_scenarios = vec![
        ("Normal Trend", generate_normal_trend(), false, 0.1),
        ("Sudden Spike", generate_sudden_spike(), true, 0.05),
        ("Gradual Drift", generate_gradual_drift(), true, 0.08),
        ("Periodic Anomaly", generate_periodic_anomaly(), true, 0.03),
        ("Noise Burst", generate_noise_burst(), true, 0.02),
        ("Level Shift", generate_level_shift(), true, 0.05),
        ("Trend Change", generate_trend_change(), true, 0.06),
        ("Seasonal Break", generate_seasonal_break(), true, 0.04),
    ];

    let mut detection_results = Vec::new();
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (scenario_name, (raw_data, test_sequence), is_anomalous, threshold) in test_scenarios {
        println!("\n--- Testing: {} ---", scenario_name);
        println!(
            "Expected: {}",
            if is_anomalous { "ANOMALOUS" } else { "NORMAL" }
        );
        println!("Raw data points: {}", raw_data.len());
        println!("Discretized sequence length: {}", test_sequence.len());
        println!("Threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&test_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        let detected = !anomalies.is_empty();
        let is_correct = detected == is_anomalous;

        println!(
            "🔍 Detection result: {}",
            if detected { "ANOMALOUS" } else { "NORMAL" }
        );
        println!(
            "✅ Correctness: {}",
            if is_correct { "CORRECT" } else { "INCORRECT" }
        );
        println!("⏱️ Detection time: {:?}", detect_time);

        if detected {
            let max_strength = anomalies
                .iter()
                .map(|a| a.anomaly_strength)
                .fold(0.0f64, f64::max);
            let avg_information =
                anomalies.iter().map(|a| a.information_score).sum::<f64>() / anomalies.len() as f64;

            println!("📊 Anomalies detected: {}", anomalies.len());
            println!("🎯 Max anomaly strength: {:.4}", max_strength);
            println!("📈 Avg information score: {:.4}", avg_information);

            // Validate mathematical properties
            validate_anomaly_mathematical_properties(&anomalies)?;

            // Show temporal context of strongest anomaly
            if let Some(strongest) = anomalies
                .iter()
                .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
            {
                println!("🔍 Strongest anomaly pattern: {:?}", strongest.sequence);
            }
        }

        detection_results.push((
            scenario_name.to_string(),
            is_anomalous,
            detected,
            is_correct,
        ));
    }

    // Phase 4: Statistical validation and metrics
    println!("\n📊 Phase 4: Statistical Validation and Performance Metrics");

    let accuracy = calculate_accuracy(&detection_results);
    let (precision, recall, f1_score) = calculate_precision_recall_f1(&detection_results);

    println!("🎯 Detection Accuracy: {:.1}%", accuracy * 100.0);
    println!("🎯 Precision: {:.3}", precision);
    println!("🎯 Recall: {:.3}", recall);
    println!("🎯 F1 Score: {:.3}", f1_score);
    println!(
        "⏱️ Average detection time: {:?}",
        total_detection_time / detection_results.len() as u32
    );

    // Phase 5: Temporal pattern analysis
    println!("\n⏰ Phase 5: Temporal Pattern Analysis");
    analyze_temporal_patterns(&detector)?;

    // Phase 6: Sensitivity analysis
    println!("\n🎚️ Phase 6: Sensitivity Analysis");
    perform_sensitivity_analysis(&detector)?;

    // Phase 7: Robustness testing with edge cases
    println!("\n🛡️ Phase 7: Robustness Testing");
    test_temporal_robustness(&detector)?;

    // Phase 8: Performance benchmarking
    println!("\n⚡ Phase 8: Performance Benchmarking");
    benchmark_temporal_performance(&detector)?;

    // Phase 9: Mathematical validation
    println!("\n🔬 Phase 9: Mathematical Property Validation");
    validate_mathematical_properties(&detector)?;

    // Final validation summary
    println!("\n✅ COMPREHENSIVE VALIDATION SUMMARY");
    println!("═══════════════════════════════════════");
    println!("✅ Time series discretization: VALIDATED");
    println!("✅ Temporal consistency: VALIDATED");
    println!("✅ Mathematical properties: VALIDATED");
    println!("✅ Detection accuracy: {:.1}%", accuracy * 100.0);
    println!("✅ F1 Score: {:.3}", f1_score);
    println!(
        "✅ Performance: {} detections/sec",
        (1000.0 / total_detection_time.as_millis() as f64 * detection_results.len() as f64) as u32
    );

    // Determine overall validation status
    let validation_passed = accuracy >= 0.8
        && f1_score >= 0.75
        && total_detection_time.as_millis() < 100 * detection_results.len() as u128;

    if validation_passed {
        println!("🎉 ALL VALIDATIONS PASSED - TIME SERIES DETECTION VERIFIED");
        println!("📈 Library successfully handles temporal anomaly detection");
    } else {
        println!("⚠️ VALIDATION CONCERNS - REVIEW REQUIRED");
        if accuracy < 0.8 {
            println!("   - Accuracy below threshold");
        }
        if f1_score < 0.75 {
            println!("   - F1 score below threshold");
        }
    }

    Ok(())
}

examples/financial_fraud_detection.rs (line 20)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("💳 Financial Fraud Detection with Anomaly Grid");
    println!("Detecting credit card fraud, velocity attacks, and suspicious patterns\n");

    // Configure detector for financial transaction patterns
    let config = AnomalyGridConfig::default()
        .with_max_order(5)? // Higher order for complex fraud patterns
        .with_smoothing_alpha(0.8)? // Moderate smoothing for financial data
        .with_weights(0.5, 0.5)?; // Balance likelihood and information equally

    let mut detector = AnomalyDetector::with_config(config)?;
    println!("✅ Configured fraud detector with order 5 for complex patterns");

    // Generate comprehensive normal transaction data
    let normal_transactions = generate_normal_transactions(30); // 1 month
    println!(
        "📊 Generated {} normal transactions (1 month)",
        normal_transactions.len()
    );

    // Train on normal transaction patterns
    let train_start = Instant::now();
    detector.train(&normal_transactions)?;
    let train_time = train_start.elapsed();

    let metrics = detector.performance_metrics();
    println!("🎯 Training completed in {:?}", train_time);
    println!(
        "   - Transaction patterns learned: {}",
        metrics.context_count
    );
    println!(
        "   - Memory usage: {:.1} KB",
        metrics.estimated_memory_bytes as f64 / 1024.0
    );

    // Real-time fraud detection simulation with optimized thresholds
    println!("\n🔍 Real-time Fraud Detection Simulation");

    let fraud_scenarios = vec![
        ("Card Testing", generate_card_testing(), 0.01),
        ("Velocity Attack", generate_velocity_attack(), 0.005),
        ("Geographic Anomaly", generate_geographic_anomaly(), 0.02),
        ("Amount Anomaly", generate_amount_anomaly(), 0.01),
        ("Account Takeover", generate_account_takeover(), 0.001),
        ("Synthetic Identity", generate_synthetic_identity(), 0.001),
        ("Merchant Fraud", generate_merchant_fraud(), 0.005),
        ("Money Laundering", generate_money_laundering(), 0.002),
    ];

    let mut total_fraud_detected = 0;
    let mut total_fraud_amount = 0.0;
    let mut critical_fraud_cases = 0;
    let mut total_detection_time = std::time::Duration::new(0, 0);

    for (fraud_type, fraud_sequence, threshold) in fraud_scenarios {
        println!("\n--- Analyzing: {} ---", fraud_type);
        println!("Transaction sequence length: {}", fraud_sequence.len());
        println!("Detection threshold: {}", threshold);

        let detect_start = Instant::now();
        let anomalies = detector.detect_anomalies(&fraud_sequence, threshold)?;
        let detect_time = detect_start.elapsed();
        total_detection_time += detect_time;

        if !anomalies.is_empty() {
            total_fraud_detected += 1;

            let fraud_score = calculate_fraud_score(&anomalies);
            let (risk_level, confidence) = classify_fraud_risk(fraud_score, anomalies.len());
            let estimated_amount = estimate_fraud_amount(&fraud_sequence);
            total_fraud_amount += estimated_amount;

            if risk_level == "CRITICAL" {
                critical_fraud_cases += 1;
            }

            println!("  🚨 FRAUD DETECTED");
            println!("  📊 Anomalies: {}", anomalies.len());
            println!("  🎯 Fraud Score: {:.2}", fraud_score);
            println!("  🔥 Risk Level: {}", risk_level);
            println!("  🎲 Confidence: {:.1}%", confidence);
            println!("  💰 Estimated Amount: ${:.2}", estimated_amount);
            println!("  ⚡ Detection Time: {:?}", detect_time);

            // Generate detailed fraud alert
            generate_fraud_alert(
                fraud_type,
                &risk_level,
                estimated_amount,
                fraud_score,
                confidence,
            );

            // Show most suspicious transaction pattern
            if let Some(most_suspicious) = anomalies
                .iter()
                .max_by(|a, b| a.anomaly_strength.partial_cmp(&b.anomaly_strength).unwrap())
            {
                println!(
                    "  🔍 Most suspicious pattern: {:?}",
                    most_suspicious.sequence
                );
                println!(
                    "     Strength: {:.3}, Info: {:.3}",
                    most_suspicious.anomaly_strength, most_suspicious.information_score
                );
            }
        } else {
            println!("  ✅ No fraud detected (legitimate transactions)");
        }
    }

    // Advanced fraud analytics
    println!("\n📈 Advanced Fraud Analytics");
    perform_fraud_roc_analysis(&detector)?;

    // High-volume transaction processing simulation
    println!("\n📦 High-Volume Transaction Processing");
    let batch_transactions = generate_mixed_transaction_batch(1000);

    let batch_start = Instant::now();
    let mut fraud_count = 0;
    let mut legitimate_count = 0;
    let mut total_risk_score = 0.0;

    // Process in chunks for memory efficiency
    for chunk in batch_transactions.chunks(100) {
        let anomalies = detector.detect_anomalies(chunk, 0.05)?;
        if !anomalies.is_empty() {
            fraud_count += 1;
            total_risk_score += calculate_fraud_score(&anomalies);
        } else {
            legitimate_count += 1;
        }
    }

    let batch_time = batch_start.elapsed();
    let throughput = batch_transactions.len() as f64 / batch_time.as_secs_f64();

    println!(
        "Processed {} transactions in {:?}",
        batch_transactions.len(),
        batch_time
    );
    println!("Throughput: {:.0} transactions/second", throughput);
    println!(
        "Fraud detected: {} batches ({:.1}%)",
        fraud_count,
        (fraud_count as f64 / (fraud_count + legitimate_count) as f64) * 100.0
    );
    println!("Legitimate: {} batches", legitimate_count);
    println!(
        "Average risk score: {:.2}",
        total_risk_score / fraud_count.max(1) as f64
    );

    // Performance and accuracy summary
    println!("\n📊 Fraud Detection Summary");
    println!("═══════════════════════════════════");
    println!(
        "Fraud scenarios detected: {}/8 ({:.1}%)",
        total_fraud_detected,
        (total_fraud_detected as f64 / 8.0) * 100.0
    );
    println!("Critical fraud cases: {}", critical_fraud_cases);
    println!("Total fraud amount prevented: ${:.2}", total_fraud_amount);
    println!(
        "Average detection time: {:?}",
        total_detection_time / total_fraud_detected.max(1) as u32
    );

    // Calculate ROI and cost savings
    let investigation_cost = total_fraud_detected as f64 * 500.0; // $500 per investigation
    let net_savings = total_fraud_amount - investigation_cost;
    let roi = if investigation_cost > 0.0 {
        (net_savings / investigation_cost) * 100.0
    } else {
        0.0
    };

    println!("Investigation costs: ${:.2}", investigation_cost);
    println!("Net savings: ${:.2}", net_savings);
    println!("ROI: {:.1}%", roi);

    // Calculate precision and recall estimates
    let precision = calculate_fraud_precision(&detector)?;
    let recall = calculate_fraud_recall(&detector)?;
    let f1_score = 2.0 * (precision * recall) / (precision + recall);

    println!("Estimated precision: {:.1}%", precision);
    println!("Estimated recall: {:.1}%", recall);
    println!("F1 score: {:.3}", f1_score);

    println!("\n💡 Fraud Detection Insights:");
    println!("   - Card testing shows rapid small-amount probing patterns");
    println!("   - Velocity attacks have high-frequency transaction bursts");
    println!("   - Geographic anomalies show impossible travel patterns");
    println!("   - Account takeovers exhibit sudden behavior changes");
    println!("   - Synthetic identities show artificial credit building");
    println!("   - Real-time detection enables immediate card blocking");

    Ok(())
}

pub fn estimate_memory_usage(&self, alphabet_size: usize) -> usize

Get estimated memory usage for given alphabet size

pub fn is_suitable_for_alphabet(&self, alphabet_size: usize) -> bool

Check if configuration is suitable for given alphabet size

Trait Implementations

impl Clone for AnomalyGridConfig

fn clone(&self) -> AnomalyGridConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AnomalyGridConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AnomalyGridConfig

fn default() -> Self

Returns the “default value” for a type.

impl PartialEq for AnomalyGridConfig

fn eq(&self, other: &AnomalyGridConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for AnomalyGridConfig