Motivated by the need for real-time, interpretable anomaly detection in domains such as finance and cybersecurity, this paper introduces Synthetic Control Method (SCM)—a causal inference technique—into anomaly detection for the first time. Our approach constructs a dynamic normal-behavior baseline by treating multivariate features as control units and quantifies causal deviation from this baseline to produce unsupervised, real-time anomaly scores. Crucially, it requires no ground-truth anomaly labels while achieving both high detection accuracy and strong interpretability. Evaluated on five benchmark datasets—including Credit Card Fraud—our method achieves an average AUC improvement of 9.2% over state-of-the-art unsupervised baselines (Isolation Forest, LOF, k-NN, and One-Class SVM), demonstrating superior generalizability and streaming responsiveness.

Anomaly detection is essential for identifying rare and significant events across diverse domains such as finance, cybersecurity, and network monitoring. This paper presents Synthetic Anomaly Monitoring (SAM), an innovative approach that applies synthetic control methods from causal inference to improve both the accuracy and interpretability of anomaly detection processes. By modeling normal behavior through the treatment of each feature as a control unit, SAM identifies anomalies as deviations within this causal framework. We conducted extensive experiments comparing SAM with established benchmark models, including Isolation Forest, Local Outlier Factor (LOF), k-Nearest Neighbors (kNN), and One-Class Support Vector Machine (SVM), across five diverse datasets, including Credit Card Fraud, HTTP Dataset CSIC 2010, and KDD Cup 1999, among others. Our results demonstrate that SAM consistently delivers robust performance, highlighting its potential as a powerful tool for real-time anomaly detection in dynamic and complex environments.