Anomaly IoT Node Detection Based on Local Outlier Factor and Time Series

The heterogeneous nodes in the Internet of Things (IoT) are relatively weak in the computing power and storage capacity. Therefore, traditional algorithms of network security are not suitable for the IoT. Once these nodes alternate between normal behavior and anomaly behavior, it is difficult to identify and isolate them by the network system in a short time, thus the data transmission accuracy and the integrity of the network function will be affected negatively. Based on the characteristics of IoT, a lightweight local outlier factor detection method is used for node detection. In order to further determine whether the nodes are an anomaly or not, the varying behavior of those nodes in terms of time is considered in this research, and a time series method is used to make the system respond to the randomness and selectiveness of anomaly behavior nodes effectively in a short period of time. Simulation results show that the proposed method can improve the accuracy of the data transmitted by the network and achieve better performance.     

Unsupervised Anomaly Detection Approach Based on Adversarial Memory Autoencoders for Multivariate Time Series

The widespread usage of Cyber Physical Systems (CPSs) generates a vast volume of time series data, and precisely determining anomalies in the data is critical for practical production. Autoencoder is the mainstream method for time series anomaly detection, and the anomaly is judged by reconstruction error. However, due to the strong generalization ability of neural networks, some abnormal samples close to normal samples may be judged as normal, which fails to detect the abnormality. In addition, the dataset rarely provides sufficient anomaly labels. This research proposes an unsupervised anomaly detection approach based on adversarial memory autoencoders for multivariate time series to solve the above problem. Firstly, an encoder encodes the input data into low-dimensional space to acquire a feature vector. Then, a memory module is used to learn the feature vector’s prototype patterns and update the feature vectors. The updating process allows partial forgetting of information to prevent model overgeneralization. After that, two decoders reconstruct the input data. Finally, this research uses the Peak Over Threshold (POT) method to calculate the threshold to determine anomalous samples from normal samples. This research uses a two-stage adversarial training strategy during model training to enlarge the gap between the reconstruction error of normal and abnormal samples. The proposed method achieves significant anomaly detection results on synthetic and real datasets from power systems, water treatment plants, and computer clusters. The F1 score reached an average of 0.9196 on the five datasets, which is 0.0769 higher than the best baseline method.     

Large-Vector Autoregression for Multilayer Spatially Correlated Time Series

One of the most commonly used methods for modeling multivariate time series is the vector autoregressive model (VAR). VAR is generally used to identify lead, lag, and contemporaneous relationships describing Granger causality within and between time series. In this article, we investigate the VAR methodology for analyzing data consisting of multilayer time series that are spatially interdependent. When modeling VAR relationships for such data, the dependence between time series is both a curse and a blessing. The former because it requires modeling the between time-series correlation or the contemporaneous relationships which may be challenging when using likelihood-based methods. The latter because the spatial correlation structure can be used to specify the lead–lag relationships within and between time series, within and between layers. To address these challenges, we propose an L₁L₂ regularized likelihood estimation method. The lead, lag, and contemporaneous relationships are estimated using an efficient algorithm that exploits sparsity in the VAR structure, accounts for the spatial dependence, and models the error dependence. We consider a case study to illustrate the applicability of our method. In the supplementary materials available online, we assess the performance of the proposed VAR model and compare it with existing methods within a simulation study.     

小波基特征提取的复合材料损伤检测

借助小波函数良好的时频带通性，利用Ｂ样条小波级数展开提取信号特征，并使之输入到自适应Ｂ样条小波神经网络进行学习和识别。最后从损伤检测领域中特征信号模式识别的应用角度，给出了利用上述理论进行复合材料无损检测的实例     

Identification of Anomaly Scenes in Videos Using Graph Neural Networks

Generally, conventional methods for anomaly detection rely on clustering, proximity, or classification. With the massive growth in surveillance videos, outliers or anomalies find ingenious ways to obscure themselves in the network and make conventional techniques inefficient. This research explores the structure of Graph neural networks (GNNs) that generalize deep learning frameworks to graph-structured data. Every node in the graph structure is labeled and anomalies, represented by unlabeled nodes, are predicted by performing random walks on the node-based graph structures. Due to their strong learning abilities, GNNs gained popularity in various domains such as natural language processing, social network analytics and healthcare. Anomaly detection is a challenging task in computer vision but the proposed algorithm using GNNs efficiently performs the identification of anomalies. The Graph-based deep learning networks are designed to predict unknown objects and outliers. In our case, they detect unusual objects in the form of malicious nodes. The edges between nodes represent a relationship of nodes among each other. In case of anomaly, such as the bike rider in Pedestrians data, the rider node has a negative value for the edge and it is identified as an anomaly. The encoding and decoding layers are crucial for determining how statistical measurements affect anomaly identification and for correcting the graph path to the best possible outcome. Results show that the proposed framework is a step ahead of the traditional approaches in detecting unusual activities, which shows a huge potential in automatically monitoring surveillance videos. Performing autonomous monitoring of CCTV, crime control and damage or destruction by a group of people or crowd can be identified and alarms may be triggered in unusual activities in streets or public places. The suggested GNN model improves accuracy by 4% for the Pedestrian 2 dataset and 12% for the Pedestrian 1 dataset compared to a few state-of-the-art techniques.     

基于模糊概率赋值的新型贝叶斯异常检测模型

提出了一种结合模糊决策与贝叶斯方法的异常检测模型，该模型将系统中与安全相关的事件进行分类，并以模糊隶属度函数的形式给出各类事件发生异常的实时置信度。异常检测系统综合某时刻所有实时概率取值，做出贝叶斯决策。同简单使用阈值方法的贝叶斯入侵检测模型相比，采用了模糊概率赋值的贝叶斯异常检测模型，在提高对问题描述的精确性同时，由于它对多种类型安全相关事件提供支持而具有更好的适应性，可以更全面地对更复杂的系统行为进行建模。     

Variational Convolutional Autoencoders for Anomaly Detection in Scanning Transmission Electron Microscopy

Identifying point defects and other structural anomalies using scanning transmission electron microscopy (STEM) is important to understand a material's properties caused by the disruption of the regular pattern of crystal lattice. Due to improvements in instrumentation stability and electron optics, atomic-resolution images with a field of view of several hundred nanometers can now be routinely acquired at 1–10 Hz frame rates and such data, which often contain thousands of atomic columns, need to be analyzed. To date, image analysis is performed largely manually, but recent developments in computer vision (CV) and machine learning (ML) now enable automated analysis of atomic structures and associated defects. Here, the authors report on how a Convolutional Variational Autoencoder (CVAE) can be utilized to detect structural anomalies in atomic-resolution STEM images. Specifically, the training set is limited to perfect crystal images , and the performance of a CVAE in differentiating between single-crystal bulk data or point defects is demonstrated. It is found that the CVAE can reproduce the perfect crystal data but not the defect input data. The disagreesments between the CVAE-predicted data for defects allows for a clear and automatic distinction and differentiation of several point defect types.     

Performance Anomaly Detection in Web Services: An RNN- Based Approach Using Dynamic Quality of Service Features

Performance anomaly detection is the process of identifying occurrences that do not conform to expected behavior or correlate with other incidents or events in time series data. Anomaly detection has been applied to areas such as fraud detection, intrusion detection systems, and network systems. In this paper, we propose an anomaly detection framework that uses dynamic features of quality of service that are collected in a simulated setup. Three variants of recurrent neural networks-SimpleRNN, long short term memory, and gated recurrent unit are evaluated. The results reveal that the proposed method effectively detects anomalies in web services with high accuracy. The performance of the proposed anomaly detection framework is superior to that of existing approaches using maximum accuracy and detection rate metrics.     

Multivariate Spartan spatial random field models

This paper introduces a family of stationary multivariate spatial random fields with D scalar components that extend the scalar model of Gibbs random fields with local interactions (i.e., Spartan spatial random fields). We derive permissibility conditions for Spartan multivariate spatial random fields with a specific structure of local interactions. We also present explicit expressions for the respective matrix covariance functions obtained at the limit of infinite spectral cutoff in one, two and three spatial dimensions. Finally, we illustrate the proposed covariance models by means of simulated bivariate time series and two-dimensional random fields.     

Long Short Term Memory Networks Based Anomaly Detection for KPIs

In real-world many internet-based service companies need to closely monitor large amounts of data in order to ensure stable operation of their business. However, anomaly detection for these data with various patterns and data quality has been a great challenge, especially without labels. In this paper, we adopt an anomaly detection algorithm based on Long Short-Term Memory (LSTM) Network in terms of reconstructing KPIs and predicting KPIs. They use the reconstruction error and prediction error respectively as the criteria for judging anomalies, and we test our method with real data from a company in the insurance industry and achieved good performance.     

基于时间序列单维卷积神经网络的水泥熟料游离钙软测量方法

水泥熟料游离钙(fCaO)含量对水泥质量和生产能耗有着重要影响,现阶段主要通过化学分析的方法离线测得水泥熟料fCaO含量,但是该方法对于烧成系统操作指导具有明显的滞后性。针对熟料fCaO无法在线实时监测的问题,提出基于多变量时间序列单维卷积神经网络(TS-CNN)熟料fCaO软测量建模方法。该方法利用影响熟料fCaO的多个过程变量历史时间段的时间序列作为输入,结合水泥数据特性,采用单维卷积池化的方式提取各过程变量特征,同时降低网络的复杂度,最后经全连接层整合提取的局部信息。通过实验对比,结果表明基于TS-CNN的软测量方法预测精度更高、泛化能力更强。     

广义随机模糊神经网络及在随机混沌时间序列预测中的应用

针对随机模糊神经网络缺乏自适应性，引入广义高斯函数和广义随机模糊神经网络，使系统中隶属函数具有自适应性；并对参数进行遗传退火算法优化，使系统具有最佳结构和参数。以随机混沌时间序列为例进行仿真预测分析，结果表明广义随机模糊神经网络能够更好地预测原随机混沌时间序列，精度良好，具有抗噪声干扰能力．     

Multivariate performance reliability prediction in real-time

This paper presents a technique for predicting system performance reliability in real-time considering multiple failure modes. The technique includes on-line multivariate monitoring and forecasting of selected performance measures and conditional performance reliability estimates. The performance measures across time are treated as a multivariate time series. A state–space approach is used to model the multivariate time series. Recursive forecasting is performed by adopting Kalman filtering. The predicted mean vectors and covariance matrix of performance measures are used for the assessment of system survival/reliability with respect to the conditional performance reliability. The technique and modeling protocol discussed in this paper provide a means to forecast and evaluate the performance of an individual system in a dynamic environment in real-time. The paper also presents an example to demonstrate the technique.     

Deep Semisupervised Learning-Based Network Anomaly Detection in Heterogeneous Information Systems

The extensive proliferation of modern information services and ubiquitous digitization of society have raised cybersecurity challenges to new levels. With the massive number of connected devices, opportunities for potential network attacks are nearly unlimited. An additional problem is that many low-cost devices are not equipped with effective security protection so that they are easily hacked and applied within a network of bots (botnet) to perform distributed denial of service (DDoS) attacks. In this paper, we propose a novel intrusion detection system (IDS) based on deep learning that aims to identify suspicious behavior in modern heterogeneous information systems. The proposed approach is based on a deep recurrent autoencoder that learns time series of normal network behavior and detects notable network anomalies. An additional feature of the proposed IDS is that it is trained with an optimized dataset, where the number of features is reduced by 94% without classification accuracy loss. Thus, the proposed IDS remains stable in response to slight system perturbations, which do not represent network anomalies. The proposed approach is evaluated under different simulation scenarios and provides a 99% detection accuracy over known datasets while reducing the training time by an order of magnitude.     

State-Based Control Feature Extraction for Effective Anomaly Detection in Process Industries

In process industries, the characteristics of industrial activities focus on the integrality and continuity of production process, which can contribute to excavating the appropriate features for industrial anomaly detection. From this perspective, this paper proposes a novel state-based control feature extraction approach, which regards the finite control operations as different states. Furthermore, the procedure of state transition can adequately express the change of successive control operations, and the statistical information between different states can be used to calculate the feature values. Additionally, OCSVM (One Class Support Vector Machine) and BPNN (BP Neural Network), which are optimized by PSO (Particle Swarm Optimization) and GA (Genetic Algorithm) respectively, are introduced as alternative detection engines to match with our feature extraction approach. All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms, and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSOOCSVM classifier.     

An Adaptive Classifier Based Approach for Crowd Anomaly Detection

Crowd Anomaly Detection has become a challenge in intelligent video surveillance system and security. Intelligent video surveillance systems make extensive use of data mining, machine learning and deep learning methods. In this paper a novel approach is proposed to identify abnormal occurrences in crowded situations using deep learning. In this approach, Adaptive GoogleNet Neural Network Classifier with Multi-Objective Whale Optimization Algorithm are applied to predict the abnormal video frames in the crowded scenes. We use multiple instance learning (MIL) to dynamically develop a deep anomalous ranking framework. This technique predicts higher anomalous values for abnormal video frames by treating regular and irregular video bags and video sections. We use the multi-objective whale optimization algorithm to optimize the entire process and get the best results. The performance parameters such as accuracy, precision, recall, and F-score are considered to evaluate the proposed technique using the Python simulation tool. Our simulation results show that the proposed method performs better than the conventional methods on the public live video dataset.     

Unsupervised Log Anomaly Detection Method Based on Multi-Feature

Log anomaly detection is an important paradigm for system troubleshooting. Existing log anomaly detection based on Long Short-Term Memory (LSTM) networks is time-consuming to handle long sequences. Transformer model is introduced to promote efficiency. However, most existing Transformer-based log anomaly detection methods convert unstructured log messages into structured templates by log parsing, which introduces parsing errors. They only extract simple semantic feature, which ignores other features, and are generally supervised, relying on the amount of labeled data. To overcome the limitations of existing methods, this paper proposes a novel unsupervised log anomaly detection method based on multi-feature (UMFLog). UMFLog includes two sub-models to consider two kinds of features: semantic feature and statistical feature, respectively. UMFLog applies the log original content with detailed parameters instead of templates or template IDs to avoid log parsing errors. In the first sub-model, UMFLog uses Bidirectional Encoder Representations from Transformers (BERT) instead of random initialization to extract effective semantic feature, and an unsupervised hypersphere-based Transformer model to learn compact log sequence representations and obtain anomaly candidates. In the second sub-model, UMFLog exploits a statistical feature-based Variational Autoencoder (VAE) about word occurrence times to identify the final anomaly from anomaly candidates. Extensive experiments and evaluations are conducted on three real public log datasets. The results show that UMFLog significantly improves F1-scores compared to the state-of-the-art (SOTA) methods because of the multi-feature.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

Event-Based Anomaly Detection for Non-Public Industrial Communication Protocols in SDN-Based Control Systems

As the main communication mediums in industrial control networks, industrial communication protocols are always vulnerable to extreme exploitations, and it is very difficult to take protective measures due to their serious privacy. Based on the SDN (Software Defined Network) technology, this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols, and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems. Furthermore, aiming at the unknown protocol specification and message format, this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets. After that, the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm. Based on the obtained event sequences, this approach finally trains an event-based HMM (Hidden Markov Model) to identify aberrant industrial communication behaviors. Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.     

基于光谱解混的选择性波段子集高光谱异常检测

由于高光谱图像具有高阶性和背景分布特性复杂的特点,这使得现有的算法在解决异常检测问题时存在一些不足。通过分析高光谱图像的光谱特性和空间特性,基于统计学习理论,利用光谱解混技术和子空间划分方法,提出了基于光谱解混的选择性波段子集高光谱图像异常检测算法。该算法首先利用光谱解混技术提取出对背景分布特性有严重影响的端元光谱,由此降低背景干扰突出异常目标信息;在此基础上,利用子空间划分方法将整个波段空间划分为大小不等的多个子空间,并在每个子空间内利用非高斯程度度量准则提取出富含异常目标信息的特征波段;最后,采用KRX算法作为异常检测算子完成异常目标检测。利用真实的高光谱图像对提出的算法进行实验验证,结果表明该算法是有效和合理的,具有良好的异常检测性能。