Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as...Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.展开更多
Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration o...Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration of minerals.In this paper,we calculated the full-wave airborne transient electromagnetic data,according to the result of numerical research,the advantage of switch-off time response in electromagnetic detection was proofed via experiments.Firstly,based on the full-wave airborne transient electromagnetic system developed by Jilin University(JLU-ATEMI),we proposed a method to compute the full-waveform electromagnetic(EM)data of 3D model using the FDTD approach and convolution algorithm,and verify the calculation by the response of homogenous half-space.Then,through comparison of switch-off-time response and off-time response,we studied the effect of ramp time on anomaly detection.Finally,we arranged two experimental electromagnetic detection,the results indicated that the switch-off-time response can reveal the shallow target more effectively,and the full-waveform airborne electromagnetic system is an effective technique for shallow target detection.展开更多
Anomaly detection in smart homes provides support to enhance the health and safety of people who live alone.Compared to the previous studies done on this topic,less attention has been given to hybrid methods.This pape...Anomaly detection in smart homes provides support to enhance the health and safety of people who live alone.Compared to the previous studies done on this topic,less attention has been given to hybrid methods.This paper presents a two-steps hybrid probabilistic anomaly detection model in the smart home.First,it employs various algorithms with different characteristics to detect anomalies from sensory data.Then,it aggregates their results using a Bayesian network.In this Bayesian network,abnormal events are detected through calculating the probability of abnormality given anomaly detection results of base methods.Experimental evaluation of a real dataset indicates the effectiveness of the proposed method by reducing false positives and increasing true positives.展开更多
To achieve zero-defect production during computer numerical control(CNC)machining processes,it is imperative to develop effective diagnosis systems to detect anomalies efficiently.However,due to the dynamic conditions...To achieve zero-defect production during computer numerical control(CNC)machining processes,it is imperative to develop effective diagnosis systems to detect anomalies efficiently.However,due to the dynamic conditions of the machine and tooling during machining processes,the relevant diagnosis systems currently adopted in industries are incompetent.To address this issue,this paper presents a novel data-driven diagnosis system for anomalies.In this system,power data for condition monitoring are continuously collected during dynamic machining processes to support online diagnosis analysis.To facilitate the analysis,preprocessing mechanisms have been designed to de-noise,normalize,and align the monitored data.Important features are extracted from the monitored data and thresholds are defined to identify anomalies.Considering the dynamic conditions of the machine and tooling during machining processes,the thresholds used to identify anomalies can vary.Based on historical data,the values of thresholds are optimized using a fruit fly optimization(FFO)algorithm to achieve more accurate detection.Practical case studies were used to validate the system,thereby demonstrating the potential and effectiveness of the system for industrial applications.展开更多
Anomaly detection plays an important role in ensuring the data quality in wireless sensor networks(WSNs).The main objective of the paper is to design a light-weight and distributed algorithm to detect the data collect...Anomaly detection plays an important role in ensuring the data quality in wireless sensor networks(WSNs).The main objective of the paper is to design a light-weight and distributed algorithm to detect the data collected from WSNs effectively.This is achieved by proposing a distributed anomaly detection algorithm based on ensemble isolation principle.The new method offers distinctive advantages over the existing methods.Firstly,it does not require any distance or density measurement,which reduces computational burdens significantly.Secondly,considering the spatial correlation characteristic of node deployment in WSNs,local sub-detector is built in each sensor node,which is broadcasted simultaneously to neighbor sensor nodes.A global detector model is then constructed by using the local detector model and the neighbor detector model,which possesses a distributed nature and decreases communication burden.The experiment results on the labeled dataset confirm the effectiveness of the proposed method.展开更多
To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phr...To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phrase analysis(2PA)is designed to analyze the efficient relation dependency,and its description as well as advantages are discussed.During the phase of static analysis,a dependency graph was constructed according to the program's data dependency graph,which was used in the phase of dynamic learning to learn specified binary relations.The constructed dependency graph only stores the information of related arguments and events,thus improves the efficiency of the learning algorithm and reduces the size of learned relation dependencies.Performance evaluations show that the new method is more efficient than existing methods.展开更多
To aid the magnetic anomaly detection(MAD)of underground ferromagnetic pipelines,this paper proposes a geometric modeling method based on the magnetic dipole reconstruction method(MDRM).First,the numerical modeling of...To aid the magnetic anomaly detection(MAD)of underground ferromagnetic pipelines,this paper proposes a geometric modeling method based on the magnetic dipole reconstruction method(MDRM).First,the numerical modeling of basic pipe components such as straight sections,bends and elbows,and tee joints are discussed and the relevant mathematical formulations for these components are derived.Next,after analyzing the function of MDRM and various element division strategies,the sectional division and blocked division methods are introduced and applied to the appropriate pipeline components to determine the volume and center coordinates of each element,establishing the general models for the three typical pipeline components considered.The resulting volume and center coordinates of each component are the fundamental parameters for determining the MAD forwarding of underground ferromagnetic pipelines using the MDRM.Finally,based on the combination and transformation of the basic pipeline components considered,the visualized geometric models of typical pipeline layouts including parallel pipelines,pipelines with elbows,and a pipeline with a tee joint are constructed.The results demonstrate the feasibility of the proposed method of geometric modeling for the MDRM,which can be further applied to the finite element modeling of these and other components when analyzing MAD data.Furthermore,the models with output parameters proposed in this paper establish a foundation for the inversion of MAD.展开更多
The digital transformation process of power systems towards smart grids is resulting in improved reliability, efficiency and situational awareness at the expense of increased cybersecurity vulnerabilities. Given the a...The digital transformation process of power systems towards smart grids is resulting in improved reliability, efficiency and situational awareness at the expense of increased cybersecurity vulnerabilities. Given the availability of large volumes of smart grid data, machine learning-based methods are considered an effective way to improve cybersecurity posture. Despite the unquestionable merits of machine learning approaches for cybersecurity enhancement, they represent a component of the cyberattack surface that is vulnerable, in particular, to adversarial attacks. In this paper, we examine the robustness of autoencoder-based cyberattack detection systems in smart grids to adversarial attacks. A novel iterative-based method is first proposed to craft adversarial attack samples. Then, it is demonstrated that an attacker with white-box access to the autoencoder-based cyberattack detection systems can successfully craft evasive samples using the proposed method. The results indicate that naive initial adversarial seeds cannot be employed to craft successful adversarial attacks shedding insight on the complexity of designing adversarial attacks against autoencoder-based cyberattack detection systems in smart grids.展开更多
At nomaly detectors are used to distinguish differences between normal and abnormal data,which are usually implemented by evaluating and ranking the anomaly scores of each instance.A static unsupervised streaming anom...At nomaly detectors are used to distinguish differences between normal and abnormal data,which are usually implemented by evaluating and ranking the anomaly scores of each instance.A static unsupervised streaming anomaly detector is difficult to dynamically adjust anomaly score calculation.In real scenarios,anomaly detection often needs to be regulated by human feedback,which benefits adjusting anomaly detectors.In this paper,we propose a human-machine interactive streaming anomaly detection method,named ISPForest,which can be adaptively updated online under the guidance of human feedback.In particular,the feedback will be used to adjust the anomaly score calculation and structure of the detector,ideally attaining more accurate anomaly scores in the future.Our main contribution is to improve the tree-based streaming anomaly detection model that can be updated online from perspectives of anomaly score calculation and model structure.Our approach is instantiated for the powerful class of tree-based streaming anomaly detectors,and we conduct experiments on a range of benchmark datasets.The results demonstrate that the utility of incorporating feedback can improve the performance of anomaly detectors with a few human efforts.展开更多
基金This work was funded by the High-tech Research and Development Program of China (863 Program) under Grant 2006II01Z451.
文摘Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.
基金Project(41674109) supported by the National Natural Science Foundation of China
文摘Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration of minerals.In this paper,we calculated the full-wave airborne transient electromagnetic data,according to the result of numerical research,the advantage of switch-off time response in electromagnetic detection was proofed via experiments.Firstly,based on the full-wave airborne transient electromagnetic system developed by Jilin University(JLU-ATEMI),we proposed a method to compute the full-waveform electromagnetic(EM)data of 3D model using the FDTD approach and convolution algorithm,and verify the calculation by the response of homogenous half-space.Then,through comparison of switch-off-time response and off-time response,we studied the effect of ramp time on anomaly detection.Finally,we arranged two experimental electromagnetic detection,the results indicated that the switch-off-time response can reveal the shallow target more effectively,and the full-waveform airborne electromagnetic system is an effective technique for shallow target detection.
文摘Anomaly detection in smart homes provides support to enhance the health and safety of people who live alone.Compared to the previous studies done on this topic,less attention has been given to hybrid methods.This paper presents a two-steps hybrid probabilistic anomaly detection model in the smart home.First,it employs various algorithms with different characteristics to detect anomalies from sensory data.Then,it aggregates their results using a Bayesian network.In this Bayesian network,abnormal events are detected through calculating the probability of abnormality given anomaly detection results of base methods.Experimental evaluation of a real dataset indicates the effectiveness of the proposed method by reducing false positives and increasing true positives.
基金funding from the EU Smarter project(PEOPLE-2013-IAPP-610675)
文摘To achieve zero-defect production during computer numerical control(CNC)machining processes,it is imperative to develop effective diagnosis systems to detect anomalies efficiently.However,due to the dynamic conditions of the machine and tooling during machining processes,the relevant diagnosis systems currently adopted in industries are incompetent.To address this issue,this paper presents a novel data-driven diagnosis system for anomalies.In this system,power data for condition monitoring are continuously collected during dynamic machining processes to support online diagnosis analysis.To facilitate the analysis,preprocessing mechanisms have been designed to de-noise,normalize,and align the monitored data.Important features are extracted from the monitored data and thresholds are defined to identify anomalies.Considering the dynamic conditions of the machine and tooling during machining processes,the thresholds used to identify anomalies can vary.Based on historical data,the values of thresholds are optimized using a fruit fly optimization(FFO)algorithm to achieve more accurate detection.Practical case studies were used to validate the system,thereby demonstrating the potential and effectiveness of the system for industrial applications.
基金supported by the National High Technology Research and Development Program of China(No.2011AA040103-7)the National Key Scientific Instrument and Equipment Development Project(No.2012YQ15008703)+3 种基金the Zhejiang Provincial Natural Science Foundation of China(No.LY13F020015)National Science Foundation of China(No.61104089)Science and Technology Commission of Shanghai Municipality(No.11JC1404000)Shanghai Rising-Star Program(No.13QA1401600)
文摘Anomaly detection plays an important role in ensuring the data quality in wireless sensor networks(WSNs).The main objective of the paper is to design a light-weight and distributed algorithm to detect the data collected from WSNs effectively.This is achieved by proposing a distributed anomaly detection algorithm based on ensemble isolation principle.The new method offers distinctive advantages over the existing methods.Firstly,it does not require any distance or density measurement,which reduces computational burdens significantly.Secondly,considering the spatial correlation characteristic of node deployment in WSNs,local sub-detector is built in each sensor node,which is broadcasted simultaneously to neighbor sensor nodes.A global detector model is then constructed by using the local detector model and the neighbor detector model,which possesses a distributed nature and decreases communication burden.The experiment results on the labeled dataset confirm the effectiveness of the proposed method.
文摘To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phrase analysis(2PA)is designed to analyze the efficient relation dependency,and its description as well as advantages are discussed.During the phase of static analysis,a dependency graph was constructed according to the program's data dependency graph,which was used in the phase of dynamic learning to learn specified binary relations.The constructed dependency graph only stores the information of related arguments and events,thus improves the efficiency of the learning algorithm and reduces the size of learned relation dependencies.Performance evaluations show that the new method is more efficient than existing methods.
基金This work is supported by the National Natural Science Foundation of China[No.41374151]the Sichuan Province Applied Basic Research Project of China[No.2017JY0162]the Young Scholars Development Fund of SWPU[No.201599010079].
文摘To aid the magnetic anomaly detection(MAD)of underground ferromagnetic pipelines,this paper proposes a geometric modeling method based on the magnetic dipole reconstruction method(MDRM).First,the numerical modeling of basic pipe components such as straight sections,bends and elbows,and tee joints are discussed and the relevant mathematical formulations for these components are derived.Next,after analyzing the function of MDRM and various element division strategies,the sectional division and blocked division methods are introduced and applied to the appropriate pipeline components to determine the volume and center coordinates of each element,establishing the general models for the three typical pipeline components considered.The resulting volume and center coordinates of each component are the fundamental parameters for determining the MAD forwarding of underground ferromagnetic pipelines using the MDRM.Finally,based on the combination and transformation of the basic pipeline components considered,the visualized geometric models of typical pipeline layouts including parallel pipelines,pipelines with elbows,and a pipeline with a tee joint are constructed.The results demonstrate the feasibility of the proposed method of geometric modeling for the MDRM,which can be further applied to the finite element modeling of these and other components when analyzing MAD data.Furthermore,the models with output parameters proposed in this paper establish a foundation for the inversion of MAD.
文摘The digital transformation process of power systems towards smart grids is resulting in improved reliability, efficiency and situational awareness at the expense of increased cybersecurity vulnerabilities. Given the availability of large volumes of smart grid data, machine learning-based methods are considered an effective way to improve cybersecurity posture. Despite the unquestionable merits of machine learning approaches for cybersecurity enhancement, they represent a component of the cyberattack surface that is vulnerable, in particular, to adversarial attacks. In this paper, we examine the robustness of autoencoder-based cyberattack detection systems in smart grids to adversarial attacks. A novel iterative-based method is first proposed to craft adversarial attack samples. Then, it is demonstrated that an attacker with white-box access to the autoencoder-based cyberattack detection systems can successfully craft evasive samples using the proposed method. The results indicate that naive initial adversarial seeds cannot be employed to craft successful adversarial attacks shedding insight on the complexity of designing adversarial attacks against autoencoder-based cyberattack detection systems in smart grids.
基金supported in part by the National Science Fund for Distinguished Young Scholars(61725205)the National Natural Science Foundation of China(Grant Nos.61960206008,61772428,61972319,and61902320).
文摘At nomaly detectors are used to distinguish differences between normal and abnormal data,which are usually implemented by evaluating and ranking the anomaly scores of each instance.A static unsupervised streaming anomaly detector is difficult to dynamically adjust anomaly score calculation.In real scenarios,anomaly detection often needs to be regulated by human feedback,which benefits adjusting anomaly detectors.In this paper,we propose a human-machine interactive streaming anomaly detection method,named ISPForest,which can be adaptively updated online under the guidance of human feedback.In particular,the feedback will be used to adjust the anomaly score calculation and structure of the detector,ideally attaining more accurate anomaly scores in the future.Our main contribution is to improve the tree-based streaming anomaly detection model that can be updated online from perspectives of anomaly score calculation and model structure.Our approach is instantiated for the powerful class of tree-based streaming anomaly detectors,and we conduct experiments on a range of benchmark datasets.The results demonstrate that the utility of incorporating feedback can improve the performance of anomaly detectors with a few human efforts.
