LATTE:
            L
            STM Self-
            Att
            ention based Anomaly Detection in
            E
            mbedded Automotive Platforms

Modern vehicles can be thought of as complex distributed embedded systems that run a variety of automotive applications with real-time constraints. Recent advances in the automotive industry towards greater autonomy are driving vehicles to be increasingly connected with various external systems (e.g., roadside beacons, other vehicles), which makes emerging vehicles highly vulnerable to cyber-attacks. Additionally, the increased complexity of automotive applications and the in-vehicle networks results in poor attack visibility, which makes detecting such attacks particularly challenging in automotive systems. In this work, we present a novel anomaly detection framework called LATTE to detect cyber-attacks in Controller Area Network (CAN) based networks within automotive platforms. Our proposed LATTE framework uses a stacked Long Short Term Memory (LSTM) predictor network with novel attention mechanisms to learn the normal operating behavior at design time. Subsequently, a novel detection scheme (also trained at design time) is used to detect various cyber-attacks (as anomalies) at runtime. We evaluate our proposed LATTE framework under different automotive attack scenarios and present a detailed comparison with the best-known prior works in this area, to demonstrate the potential of our approach.

Download Full-text

An Anomaly Detection Scheme based on LSTM Autoencoder for Energy Management

2020 International Conference on Information and Communication Technology Convergence (ICTC) ◽

10.1109/ictc49870.2020.9289226 ◽

2020 ◽

Author(s):

Hong-Soon Nam ◽

Youn-Kwae Jeong ◽

Jong Won Park

Keyword(s):

Anomaly Detection ◽

Energy Management ◽

Detection Scheme

Download Full-text

Unsupervised Online Anomaly Detection to Identify Cyber-Attacks on Internet Connected Photovoltaic System Inverters

2021 IEEE Power and Energy Conference at Illinois (PECI) ◽

10.1109/peci51586.2021.9435234 ◽

2021 ◽

Author(s):

C. Birk Jones ◽

Adrian Chavez ◽

Shamina Hossain-McKenzie ◽

Nicholas Jacobs ◽

Adam Summers ◽

...

Keyword(s):

Anomaly Detection ◽

Cyber Attacks ◽

Photovoltaic System ◽

Online Anomaly Detection

Download Full-text

GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

annals of telecommunications - annales des télécommunications ◽

10.1007/s12243-021-00874-8 ◽

2021 ◽

Author(s):

Taku Wakui ◽

Takao Kondo ◽

Fumio Teraoka

Keyword(s):

Anomaly Detection ◽

Short Term Memory ◽

Denial Of Service ◽

General Purpose ◽

Traffic Information ◽

Traffic Patterns ◽

Detection Mechanism ◽

Internet Service ◽

Internet Backbone ◽

Backbone Network

AbstractThis paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

Download Full-text

LogNADS: Network anomaly detection scheme based on semantic representation

Future Generation Computer Systems ◽

10.1016/j.future.2021.05.024 ◽

2021 ◽

Author(s):

Xu Liu ◽

Weiyou Liu ◽

Xiaoqiang Di ◽

Jinqing Li ◽

Binbin Cai ◽

...

Keyword(s):

Anomaly Detection ◽

Semantic Representation ◽

Detection Scheme ◽

Network Anomaly Detection

Download Full-text

Real-Time Anomaly Detection in Distribution Grids Using Long Short Term Memory Network

10.1109/epec52095.2021.9621640 ◽

2021 ◽

Author(s):

Ming Zhou ◽

Petr Musilek

Keyword(s):

Anomaly Detection ◽

Real Time ◽

Short Term Memory ◽

Short Term ◽

Term Memory ◽

Memory Network ◽

Long Short Term Memory ◽

Distribution Grids

Download Full-text

Merge Ahead: Integrating Heavy Duty Vehicle Networks with Wide Area Network Services

SAE International Journal of Commercial Vehicles ◽

10.4271/2010-01-2053 ◽

2010 ◽

Vol 3 (1) ◽

pp. 332-367 ◽

Cited By ~ 1

Author(s):

Mark P. Zachos

Keyword(s):

Network Services ◽

Wide Area ◽

Area Network ◽

Wide Area Network ◽

Heavy Duty ◽

Heavy Duty Vehicle ◽

Vehicle Networks

Download Full-text

ConAnomaly: Content-Based Anomaly Detection for System Logs

Sensors ◽

10.3390/s21186125 ◽

2021 ◽

Vol 21 (18) ◽

pp. 6125

Author(s):

Dan Lv ◽

Nurbol Luktarhan ◽

Yiyong Chen

Keyword(s):

Anomaly Detection ◽

Semantic Information ◽

Short Term Memory ◽

Weighted Average ◽

Detection Methods ◽

Detection Model ◽

Part Of Speech Tagging ◽

Part Of Speech ◽

System Logs ◽

System Maintenance

Enterprise systems typically produce a large number of logs to record runtime states and important events. Log anomaly detection is efficient for business management and system maintenance. Most existing log-based anomaly detection methods use log parser to get log event indexes or event templates and then utilize machine learning methods to detect anomalies. However, these methods cannot handle unknown log types and do not take advantage of the log semantic information. In this article, we propose ConAnomaly, a log-based anomaly detection model composed of a log sequence encoder (log2vec) and multi-layer Long Short Term Memory Network (LSTM). We designed log2vec based on the Word2vec model, which first vectorized the words in the log content, then deleted the invalid words through part of speech tagging, and finally obtained the sequence vector by the weighted average method. In this way, ConAnomaly not only captures semantic information in the log but also leverages log sequential relationships. We evaluate our proposed approach on two log datasets. Our experimental results show that ConAnomaly has good stability and can deal with unseen log types to a certain extent, and it provides better performance than most log-based anomaly detection methods.

Download Full-text

Data-Driven Anomaly Detection in High-Voltage Transformer Bushings with LSTM Auto-Encoder

Sensors ◽

10.3390/s21217426 ◽

2021 ◽

Vol 21 (21) ◽

pp. 7426

Author(s):

Imene Mitiche ◽

Tony McGrail ◽

Philip Boreham ◽

Alan Nesbitt ◽

Gordon Morison

Keyword(s):

Anomaly Detection ◽

High Voltage ◽

Short Term Memory ◽

Absolute Error ◽

Real World Data ◽

Voltage Transformer ◽

Power Outage ◽

Phase Measurements ◽

High Voltage Transformer ◽

Supply Industry

The reliability and health of bushings in high-voltage (HV) power transformers is essential in the power supply industry, as any unexpected failure can cause power outage leading to heavy financial losses. The challenge is to identify the point at which insulation deterioration puts the bushing at an unacceptable risk of failure. By monitoring relevant measurements we can trace any change that occurs and may indicate an anomaly in the equipment’s condition. In this work we propose a machine-learning-based method for real-time anomaly detection in current magnitude and phase angle from three bushing taps. The proposed method is fast, self-supervised and flexible. It consists of a Long Short-Term Memory Auto-Encoder (LSTMAE) network which learns the normal current and phase measurements of the bushing and detects any point when these measurements change based on the Mean Absolute Error (MAE) metric evaluation. This approach was successfully evaluated using real-world data measured from HV transformer bushings where anomalous events have been identified.

Download Full-text

Deep-Learning-Based Approach to Anomaly Detection Techniques for Large Acoustic Data in Machine Operation

Sensors ◽

10.3390/s21165446 ◽

2021 ◽

Vol 21 (16) ◽

pp. 5446

Author(s):

Hyojung Ahn ◽

Inchoon Yeo

Keyword(s):

Deep Learning ◽

Anomaly Detection ◽

Short Term Memory ◽

Detection System ◽

Noisy Environments ◽

Acoustic Data ◽

Detection Techniques ◽

Machine Operation ◽

Detection Technology ◽

Environment Noise

As the workforce shrinks, the demand for automatic, labor-saving, anomaly detection technology that can perform maintenance on advanced equipment such as vehicles has been increasing. In a vehicular environment, noise in the cabin, which directly affects users, is considered an important factor in lowering the emotional satisfaction of the driver and/or passengers in the vehicles. In this study, we provide an efficient method that can collect acoustic data, measured using a large number of microphones, in order to detect abnormal operations inside the machine via deep learning in a quick and highly accurate manner. Unlike most current approaches based on Long Short-Term Memory (LSTM) or autoencoders, we propose an anomaly detection (AD) algorithm that can overcome the limitations of noisy measurement and detection system anomalies via noise signals measured inside the mechanical system. These features are utilized to train a variety of anomaly detection models for demonstration in noisy environments with five different errors in machine operation, achieving an accuracy of approximately 90% or more.

Download Full-text

Deep learning-based anomaly-onset aware remaining useful life estimation of bearings

PeerJ Computer Science ◽

10.7717/peerj-cs.795 ◽

2021 ◽

Vol 7 ◽

pp. e795

Author(s):

Pooja Vinayak Kamat ◽

Rekha Sugandhi ◽

Satish Kumar

Keyword(s):

Deep Learning ◽

Anomaly Detection ◽

Short Term Memory ◽

Rotating Machinery ◽

Remaining Useful Life ◽

Operating Conditions ◽

Learning Models ◽

Vibration Data ◽

Degradation Data ◽

Useful Life

Remaining Useful Life (RUL) estimation of rotating machinery based on their degradation data is vital for machine supervisors. Deep learning models are effective and popular methods for forecasting when rotating machinery such as bearings may malfunction and ultimately break down. During healthy functioning of the machinery, however, RUL is ill-defined. To address this issue, this study recommends using anomaly monitoring during both RUL estimator training and operation. Essential time-domain data is extracted from the raw bearing vibration data, and deep learning models are used to detect the onset of the anomaly. This further acts as a trigger for data-driven RUL estimation. The study employs an unsupervised clustering approach for anomaly trend analysis and a semi-supervised method for anomaly detection and RUL estimation. The novel combined deep learning-based anomaly-onset aware RUL estimation framework showed enhanced results on the benchmarked PRONOSTIA bearings dataset under non-varying operating conditions. The framework consisting of Autoencoder and Long Short Term Memory variants achieved an accuracy of over 90% in anomaly detection and RUL prediction. In the future, the framework can be deployed under varying operational situations using the transfer learning approach.

Download Full-text