Anomaly detection looks for the unusual without a pre-written rule for it. Instead of "alert when someone crosses this line", it learns what normal looks like for a scene and flags departures from that pattern — a person where people are never seen, a sudden scattering of a crowd, motion at an odd hour. This is its appeal over rule-based analytics: it can surface events nobody thought to define in advance.
The approaches range from models that learn normal and measure reconstruction error, through weakly-supervised methods trained on labelled "event/no-event" video, to recent vision-language methods that describe a scene and reason about whether it is odd. Accuracy is the catch: controlled benchmarks reach roughly 96–98% AUC, but on realistic, messy datasets (such as UCF-Crime) performance falls to about 81–88% AUC. Combined with how rare true anomalies are, this creates a base-rate trap — at a 1% false-positive rate a busy camera can produce hundreds of false flags for every genuine one.
Two consequences follow. First, deploy anomaly detection as triage that directs human attention, not as an autonomous alarm — the false-positive volume makes unattended alerting unworkable. Second, the ONVIF catch: anomaly is not one of the normative ONVIF rule types (only line, field, loitering, and counting are), so it travels as vendor-defined Profile M metadata and is more SDK-locked than rule-based analytics. It is personal data and generally not Article 9 biometric, but is often EU AI Act high-risk. The model internals belong to the AI for Video Engineering section.
