scholarly journals Detection of Anomalies in the Traffic of IoT Devices

2021 ◽  
Vol 7 (4) ◽  
pp. 128-137
Author(s):  
I. Murenin
Keyword(s):  
Time Series ◽  
Feature Extraction ◽  
Anomaly Detection ◽  
Statistical Methods ◽  
Abnormal Behavior ◽  
Event Logs ◽  
Normal Behavior ◽  
Key Characteristics ◽  
Iot Devices ◽  
Building Technique

The article proposes an approach to finding anomalies in the traffic of IoT devices based on time series analysis and assessing normal and abnormal behavior using statistical methods. The main goal of the proposed approach is to combine statistical methods for detecting anomalies using unlabeled data and plotting key characteristics of device profiles. Within this approach the following techniques for traffic analysis has been developed and implemented: a technique for a feature extraction, a normal behavior boundary building technique and an anomaly detection technique. To evaluate the proposed approach, we used a technique for generating event logs from devices with the generation of anomalous markup. The experiments shown that the GESD-test gives the best results for anomaly detection in IoT traffic.

scholarly journals Anomaly Based Unknown Intrusion Detection in Endpoint Environments

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 1022
Author(s):  
Sujeong Kim ◽  
Chanwoong Hwang ◽  
Taejin Lee
Keyword(s):  
Hybrid Analysis ◽  
Improve Performance ◽  
Security Issues ◽  
Event Logs ◽  
Detection Technology ◽  
Normal Behavior ◽  
Proposed Model ◽  
Operational Policies ◽  
Internal Networks ◽  
Iot Devices

According to a study by Cybersecurity Ventures, cybercrime is expected to cost $6 trillion annually by 2021. Most cybersecurity threats access internal networks through infected endpoints. Recently, various endpoint environments such as smartphones, tablets, and Internet of things (IoT) devices have been configured, and security issues caused by malware targeting them are intensifying. Event logs-based detection technology for endpoint security is detected using rules or patterns. Therefore, known attacks can respond, but unknown attacks can be difficult to respond to immediately. To solve this problem, in this paper, local outlier factor (LOF) and Autoencoder detect suspicious behavior that deviates from normal behavior. It also detects threats and shows the corresponding threats when suspicious events corresponding to the rules created through the attack profile are constantly occurring. Experimental results detected eight new suspicious processes that were not previously detected, and four malicious processes and one suspicious process were judged using Hybrid Analysis and VirusTotal. Based on the experiment results, it is expected that the use of operational policies such as allowlists in the proposed model will significantly improve performance by minimizing false positives.

scholarly journals Anomaly Detection in Smart Metering Infrastructure with the Use of Time Series Analysis

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Piotr Kiedrowski
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Statistical Models ◽  
Optimal Parameter ◽  
Forecast Error ◽  
Abnormal Behavior ◽  
Smart Metering ◽  
Use Of Time ◽  
Advanced Metering

The article presents solutions to anomaly detection in network traffic for critical smart metering infrastructure, realized with the use of radio sensory network. The structure of the examined smart meter network and the key security aspects which have influence on the correct performance of an advanced metering infrastructure (possibility of passive and active cyberattacks) are described. An effective and quick anomaly detection method is proposed. At its initial stage, Cook’s distance was used for detection and elimination of outlier observations. So prepared data was used to estimate standard statistical models based on exponential smoothing, that is, Brown’s, Holt’s, and Winters’ models. To estimate possible fluctuations in forecasts of the implemented models, properly parameterized Bollinger Bands was used. Next, statistical relations between the estimated traffic model and its real variability were examined to detect abnormal behavior, which could indicate a cyberattack attempt. An update procedure of standard models in case there were significant real network traffic fluctuations was also proposed. The choice of optimal parameter values of statistical models was realized as forecast error minimization. The results confirmed efficiency of the presented method and accuracy of choice of the proper statistical model for the analyzed time series.

scholarly journals Anomaly Detection and Classification of Physiological Signals in IoT- Based Healthcare Framework

2021 ◽  
Author(s):  
Menaa Nawaz ◽  
Jameel Ahmed
Keyword(s):  
Time Series ◽  
Feature Extraction ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Real Time ◽  
Signal Analysis ◽  
Physiological Signals ◽  
Series Data ◽  
Time Signal ◽  
Biomedical Sensors

Abstract Physiological signals retrieve information from sensors implanted or attached to the human body. These signals are vital data sources that can assist in predicting the disease well before time; thus, proper treatment can be made possible. With the addition of the Internet of Things in healthcare, real-time data collection and preprocessing for signal analysis has reduced the burden of in-person appointments and decision making on healthcare. Recently, deep learning-based algorithms have been implemented by researchers for the recognition, realization and prediction of diseases by extracting and analyzing important features. In this research, real-time 1-D time series data of on-body noninvasive biomedical sensors were acquired, preprocessed and analysed for anomaly detection. Feature engineered parameters of large and diverse datasets have been used to train the data to make the anomaly detection system more reliable. For comprehensive real-time monitoring, the implemented system uses wavelet time scattering features for classification and a deep learning-based autoencoder for anomaly detection of time series signals to assist the clinical diagnosis of cardiovascular and muscular activity. In this research, an implementation of an IoT-based AI-edge healthcare framework using biomedical sensors was presented. This paper also aims to analyse cloud data acquired through biomedical sensors using signal analysis techniques for anomaly detection, and time series classification has been performed for disease prognosis in real time by implementing 24 AI-based techniques to find the most accurate technique for real-time raw signals. The deep learning-based LSTM method based on wavelet time scattering feature extraction has shown a classification test accuracy of 100%. Using wavelet time scattering feature extraction achieved 95% signal reduction to increase the real-time processing speed. In real-time signal anomaly detection, 98% accuracy is achieved using LSTM autoencoders. The average mean absolute error loss of 0.0072 for normal signals and 0.078 is achieved for anomalous signals.

scholarly journals Anomaly Detection Using Signal Segmentation and One-Class Classification in Diffusion Process of Semiconductor Manufacturing

Sensors ◽  
2021 ◽  
Vol 21 (11) ◽  
pp. 3880
Author(s):  
Kyuchang Chang ◽  
Youngji Yoo ◽  
Jun-Geol Baek
Keyword(s):  
Time Series ◽  
Feature Extraction ◽  
Anomaly Detection ◽  
Semiconductor Manufacturing ◽  
Time Series Data ◽  
Series Data ◽  
Signal Segmentation ◽  
Sensor Signals ◽  
Two Phases ◽  
One Class Classification

This paper proposes a new diagnostic method for sensor signals collected during semiconductor manufacturing. These signals provide important information for predicting the quality and yield of the finished product. Much of the data gathered during this process is time series data for fault detection and classification (FDC) in real time. This means that time series classification (TSC) must be performed during fabrication. With advances in semiconductor manufacturing, the distinction between normal and abnormal data has become increasingly significant as new challenges arise in their identification. One challenge is that an extremely high FDC performance is required, which directly impacts productivity and yield. However, general classification algorithms can have difficulty separating normal and abnormal data because of subtle differences. Another challenge is that the frequency of abnormal data is remarkably low. Hence, engineers can use only normal data to develop their models. This study presents a method that overcomes these problems and improves the FDC performance; it consists of two phases. Phase I has three steps: signal segmentation, feature extraction based on local outlier factors (LOF), and one-class classification (OCC) modeling using the isolation forest (iF) algorithm. Phase II, the test stage, consists of three steps: signal segmentation, feature extraction, and anomaly detection. The performance of the proposed method is superior to that of other baseline methods.

scholarly journals Anomaly Detection for Smart Lighting Infrastructure with the Use of Time Series Analysis

2020 ◽  
Vol 26 (4) ◽  
pp. 508-527
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski
Keyword(s):  
Neural Networks ◽  
Time Series ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Short Term Memory ◽  
Abnormal Behavior ◽  
Short Term ◽  
Term Memory ◽  
Smart Lighting ◽  
Informative Content

One of the basic elements of every Smart City is currently a system of managing urban infrastructure, in particular, smart systems controlling street lighting. Ensuring proper level of security, continuity and failure-free operation of such systems, in practice, seems not yet a solved problem. In this article we present proposals of a system allowing to detect different types of anomalies in network traffic for Smart Lighting critical infrastructure realized with the use of Power Line Communication technology. Furthermore, there is proposed and described the structure of the examined Smart Lighting Communications Network along with its particular elements. We discuss key security aspects which affect proper operation of advance communication infrastructure, i.e. possibility of occurrence of abuse connected both to activity of external factors which could disturb transmission of steering signals, as well as active forms of attack aiming at influencing the informative content of the transmitted data. In the article, there is also presented an effective and quick anomaly detection method in the tested network traffic represented by suitable time series. At the initial stage of the method, the process of detection and elimination of potential outlying observations was realized by one-dimensional quartile criterion. Data prepared in this manner was used for learning recurrent neural networks, i.e. Long and Short-Term Memory types, in order to predict values of the analyzed time series. Further, tests were performed on relations between the forecasted network traffic and its real variability in order to detect abnormal behavior which could mean an attempt of an attack or abuse. Due to a possibility of occurrence of significant fluctuations in real network traffic of the tested Smart Lighting infrastructure, we propose a procedure of recurrent learning with the use of neural networks to obtain more accurate forecasting. The results achieved by means of the performed experiments confirmed effectiveness of the presented method and proper choice of the Long Short-Term Memory neural network for forecasting the analyzed time series.

An Anomaly Detection Method with Exemplar Subsequence for Time Series Data

2016 ◽  
Vol 136 (3) ◽  
pp. 363-372
Author(s):  
Takaaki Nakamura ◽  
Makoto Imamura ◽  
Masashi Tatedoko ◽  
Norio Hirai
Keyword(s):  
Time Series ◽  
Anomaly Detection ◽  
Time Series Data ◽  
Detection Method ◽  
Series Data
Sign in / Sign up

Export Citation Format

Share Document