Showing total 2 results

1. Fuzzy CNN Autoencoder for Unsupervised Anomaly Detection in Log Data.

Author

Gorokhov, Oleg, Petrovskiy, Mikhail, Mashechkin, Igor, and Kazachuk, Maria

Subjects

*ANOMALY detection (Computer security), *DATA logging, *COMPUTER security, *COMPUTER systems, *DEEP learning, *FEATURE extraction, *FUZZY algorithms, *INTRUSION detection systems (Computer security)

Abstract

Currently, the task of maintaining cybersecurity and reliability in various computer systems is relevant. This problem can be solved by detecting anomalies in the log data, which are represented as a stream of textual descriptions of events taking place. For these purposes, reduction to a One-class classification problem is used. Standard One-class classification methods do not achieve good results. Deep learning approaches are more effective. However, they are not robust to outliers and require a lot of computational effort. In this paper, we propose a new robust approach based on a convolutional autoencoder using fuzzy clustering. The proposed approach uses a parallel convolution operation to feature extraction, which makes it more efficient than the currently popular Transformer architecture. In the course of the experiments, the proposed approach showed the best results for both the cybersecurity and the reliability problems compared to existing approaches. It was also shown that the proposed approach is robust to outliers in the training set. [ABSTRACT FROM AUTHOR]

Published

2023

2. Deep Learning-Based Cyber–Physical Feature Fusion for Anomaly Detection in Industrial Control Systems.

Author

Du, Yan, Huang, Yuanyuan, Wan, Guogen, and He, Peilin

Subjects

*INDUSTRIAL controls manufacturing, *ANOMALY detection (Computer security), *CYBER physical systems, *GENERATIVE adversarial networks, *FEATURE extraction

Abstract

In this paper, we propose an unsupervised anomaly detection method based on the Autoencoder with Long Short-Term Memory (LSTM-Autoencoder) network and Generative Adversarial Network (GAN) to detect anomalies in industrial control system (ICS) using cyber–physical fusion features. This method improves the recall of anomaly detection and overcomes the challenges of unbalanced datasets and insufficient labeled samples in ICS. As a first step, additional network features are extracted and fused with physical features to create a cyber–physical dataset. Following this, the model is trained using normal data to ensure that it can properly reconstruct the normal data. In the testing phase, samples with unknown labels are used as inputs to the model. The model will output an anomaly score for each sample, and whether a sample is anomalous depends on whether the anomaly score exceeds the threshold. Whether using supervised or unsupervised algorithms, experimentation has shown that (1) cyber–physical fusion features can significantly improve the performance of anomaly detection algorithms; (2) the proposed method outperforms several other unsupervised anomaly detection methods in terms of accuracy, recall, and F1 score; (3) the proposed method can detect the majority of anomalous events with a low false negative rate. [ABSTRACT FROM AUTHOR]

Published

2022