scholarly journals EADetection: An efficient and accurate sequential behavior anomaly detection approach over data streams

2018 ◽  
Vol 14 (10) ◽  
pp. 155014771880330 ◽  
Author(s):  
Li Cheng ◽  
Yijie Wang ◽  
Yong Zhou ◽  
Xingkong Ma

Due to the increasing arriving rate and complex relationship of behavior data streams, how to detect sequential behavior anomaly in an efficient and accurate manner has become an emerging challenge. However, most of the existing literature simply calculates the anomaly score for segmented sequence, and there is limited work going deep to investigate data stream segment and structural relationship. Moreover, existing studies cannot meet efficiency requirements because of large number of projected subsequences. In this article, we propose EADetection, an efficient and accurate sequential behavior anomaly detection approach over data streams. EADetection adopts time interval and fuzzy logic–based correlation to segment event stream adaptively based on rolling window. Through dynamic projection space–based fast pruning, large number of repeated patterns are reduced to improve detection efficiency. Meanwhile, EADetection calculates the anomaly score by top-k pattern–based abnormal scoring based on directed loop graph–based storage strategy, which ensures the accuracy of detection. Specially, we design and implement a streaming anomaly detection system based on EADetection to perform real-time detection. Extensive experiments confirm that EADetection can achieve real time and improve accuracy, significantly reduces latency by 36.8% and reduces false positive rate by 6.4% compared with existing approach.

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
Nanda Kumar Thanigaivelan ◽  
Ethiopia Nigussie ◽  
Seppo Virtanen ◽  
Jouni Isoaho

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system.


2018 ◽  
Vol 232 ◽  
pp. 04053
Author(s):  
Cheng-xing Miao ◽  
Qing Li ◽  
Sheng-yao Jia

In order to get ridded of the non real-time detection methods of artificial site sampled and laboratory instrument analyzed in the field of methane detection in the offshore shallow gas, real-time in-situ detection system for methane in offshore shallow gas was designed by the film interface.The methane in the offshore shallow gas through the gas-liquid separation membrane of polymer permeation into the system internal detection probe, analog infrared micro gas sensor sensed the methane concentration and the corresponded output value, data acquisition and communication node fitted into standard gas concentration.Based on the experimental data compared with the traditional detection method, and further analyzed the causes of error produced by the case experiment. The application results show that the system can achieve a single borehole layout, long-term on-line in-situ on-line detection, and improve the detection efficiency and the timeliness of the detection data.


2019 ◽  
Vol 15 (6) ◽  
pp. 814-823
Author(s):  
Jakup Fondaj ◽  
Zirije Hasani

Sign in / Sign up

Export Citation Format

Share Document