Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

The biggest problem with conventional anomaly signal detection using features was that it was difficult to use it in real time and it requires processing of network signals. Furthermore, analyzing network signals in real-time required vast amounts of processing for each signal, as each protocol contained various pieces of information. This paper suggests anomaly detection by analyzing the relationship among each feature to the anomaly detection model. The model analyzes the anomaly of network signals based on anomaly feature detection. The selected feature for anomaly detection does not require constant network signal updates and real-time processing of these signals. When the selected features are found in the received signal, the signal is registered as a potential anomaly signal and is then steadily monitored until it is determined as either an anomaly or normal signal. In terms of the results, it determined the anomaly with 99.7% (0.997) accuracy in f(4)(S0) and in case f(4)(REJ) received 11,233 signals with a normal or 171anomaly judgment accuracy of 98.7% (0.987).

Download Full-text

An Efficient Distributed Anomaly Detection Model for Wireless Sensor Networks

AASRI Procedia ◽

10.1016/j.aasri.2013.10.052 ◽

2013 ◽

Vol 5 ◽

pp. 9-14 ◽

Cited By ~ 7

Author(s):

Murad A. Rassam ◽

Anazida Zainal ◽

Mohd Aizaini Maarof

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Anomaly Detection ◽

Wireless Sensor ◽

Detection Model

Download Full-text

Network Anomaly Detection System with Optimized DS Evidence Theory

The Scientific World JOURNAL ◽

10.1155/2014/753659 ◽

2014 ◽

Vol 2014 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Yuan Liu ◽

Xiaofeng Wang ◽

Kaiyu Liu

Keyword(s):

Anomaly Detection ◽

Detection Rate ◽

Computer Network ◽

Detection System ◽

Evidence Theory ◽

Optimization Methods ◽

High Detection Rate ◽

Detection Model ◽

Network Anomaly Detection ◽

Anomaly Detection System

Network anomaly detection has been focused on by more people with the fast development of computer network. Some researchers utilized fusion method and DS evidence theory to do network anomaly detection but with low performance, and they did not consider features of network—complicated and varied. To achieve high detection rate, we present a novel network anomaly detection system with optimized Dempster-Shafer evidence theory (ODS) and regression basic probability assignment (RBPA) function. In this model, we add weights for each senor to optimize DS evidence theory according to its previous predict accuracy. And RBPA employs sensor’s regression ability to address complex network. By four kinds of experiments, we find that our novel network anomaly detection model has a better detection rate, and RBPA as well as ODS optimization methods can improve system performance significantly.

Download Full-text

Network anomaly detection using a fuzzy rule-based classifier

Computer, Communication and Electrical Technology ◽

10.1201/9781315400624-12 ◽

2017 ◽

pp. 61-65

Author(s):

Soumadip Ghosh ◽

Arindrajit Pal ◽

Amitava Nag ◽

Shayak Sadhu ◽

Ramsekher Pati

Keyword(s):

Anomaly Detection ◽

Fuzzy Rule ◽

Rule Based ◽

Rule Based Classifier ◽

Network Anomaly Detection

Download Full-text

ConAnomaly: Content-Based Anomaly Detection for System Logs

Sensors ◽

10.3390/s21186125 ◽

2021 ◽

Vol 21 (18) ◽

pp. 6125

Author(s):

Dan Lv ◽

Nurbol Luktarhan ◽

Yiyong Chen

Keyword(s):

Anomaly Detection ◽

Semantic Information ◽

Short Term Memory ◽

Weighted Average ◽

Detection Methods ◽

Detection Model ◽

Part Of Speech Tagging ◽

Part Of Speech ◽

System Logs ◽

System Maintenance

Enterprise systems typically produce a large number of logs to record runtime states and important events. Log anomaly detection is efficient for business management and system maintenance. Most existing log-based anomaly detection methods use log parser to get log event indexes or event templates and then utilize machine learning methods to detect anomalies. However, these methods cannot handle unknown log types and do not take advantage of the log semantic information. In this article, we propose ConAnomaly, a log-based anomaly detection model composed of a log sequence encoder (log2vec) and multi-layer Long Short Term Memory Network (LSTM). We designed log2vec based on the Word2vec model, which first vectorized the words in the log content, then deleted the invalid words through part of speech tagging, and finally obtained the sequence vector by the weighted average method. In this way, ConAnomaly not only captures semantic information in the log but also leverages log sequential relationships. We evaluate our proposed approach on two log datasets. Our experimental results show that ConAnomaly has good stability and can deal with unseen log types to a certain extent, and it provides better performance than most log-based anomaly detection methods.

Download Full-text

MACHINE LEARNING METHODS IN MONITORING OPERATING BEHAVIOUR OF MARINE TWO-STROKE DIESEL ENGINE

Transport ◽

10.3846/transport.2020.14038 ◽

2020 ◽

Vol 35 (5) ◽

pp. 462-473

Author(s):

Aleksandar Vorkapić ◽

Radoslav Radonja ◽

Karlo Babić ◽

Sanda Martinčić-Ipšić

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Fuel Consumption ◽

Performance Monitoring ◽

Absolute Error ◽

Machine Learning Algorithms ◽

Support Vector ◽

Operating Parameters ◽

Detection Model ◽

Modelling Framework

The aim of this article is to enhance performance monitoring of a two-stroke electronically controlled ship propulsion engine on the operating envelope. This is achieved by setting up a machine learning model capable of monitoring influential operating parameters and predicting the fuel consumption. Model is tested with different machine learning algorithms, namely linear regression, multilayer perceptron, Support Vector Machines (SVM) and Random Forests (RF). Upon verification of modelling framework and analysing the results in order to improve the prediction accuracy, the best algorithm is selected based on standard evaluation metrics, i.e. Root Mean Square Error (RMSE) and Relative Absolute Error (RAE). Experimental results show that, by taking an adequate combination and processing of relevant sensory data, SVM exhibit the lowest RMSE 7.1032 and RAE 0.5313%. RF achieve the lowest RMSE 22.6137 and RAE 3.8545% in a setting when minimal number of input variables is considered, i.e. cylinder indicated pressures and propulsion engine revolutions. Further, article deals with the detection of anomalies of operating parameters, which enables the evaluation of the propulsion engine condition and the early identification of failures and deterioration. Such a time-dependent, self-adopting anomaly detection model can be used for comparison with the initial condition recorded during the test and sea run or after survey and docking. Finally, we propose a unified model structure, incorporating fuel consumption prediction and anomaly detection model with on-board decision-making process regarding navigation and maintenance.

Download Full-text

Anomaly detection in multi-class time series

Journal of Physics Conference Series ◽

10.1088/1742-6596/2113/1/012062 ◽

2021 ◽

Vol 2113 (1) ◽

pp. 012062

Author(s):

Weihong Wang ◽

Zhuolin Wu ◽

Xuan Liu ◽

Lei Jia ◽

Xiaoguang Wang

Keyword(s):

Image Processing ◽

Time Series ◽

Anomaly Detection ◽

Performance Indicators ◽

Clustering Algorithm ◽

Limited Resources ◽

Detection Model ◽

Class Time ◽

Operation And Maintenance ◽

Maintenance Systems

Abstract For modern operation and maintenance systems, they are usually required to monitor multiple types and large quantities of machine’s key performance indicators (KPIs) at the same time with limited resources. In this paper, to tackle these problems, we propose a highly compatible time series anomaly detection model based on K-means clustering algorithm with a new Wavelet Feature Distance (WFD). Our work is inspired by some ideas from image processing and signal processing domain. Our model detects abnormalities in the time series datasets which are first clustered by K-means to boost the accuracy. Our experiments show significant accuracy improvements compared with traditional algorithms, and excellent compatibilities and operating efficiencies compared with algorithms based on deep learning.

Download Full-text