Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link

Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber–Physical Power System (CPPS). The two-step principal component analysis (PCA) is used for classifying the system’s operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories’ samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.

Download Full-text

An Improved Anomalous Intrusion Detection Model

FUOYE Journal of Engineering and Technology ◽

10.46792/fuoyejet.v4i2.418 ◽

2019 ◽

Vol 4 (2) ◽

Author(s):

Bodunde O Akinyemi ◽

Johnson B Adekunle ◽

Temitope A Aladesanmi ◽

Adesola G Aderounmu ◽

Beman H Kamagate

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Clustering Algorithm ◽

Information Gain ◽

Attack Detection ◽

Detection Accuracy ◽

Cyber Attack ◽

Network Resources ◽

Detection Model ◽

Normal Network

The volume of cyber-attack targeting network resources within the cyberspace is steadily increasing and evolving. Network intrusions compromise the confidentiality, integrity or availability of network resources causing reputational damage and the consequential financial loss. One of the key cyber-defense tools against these attacks is the Intrusion Detection System. Existing anomalous intrusion detection models often misclassified normal network traffics as attacks while minority attacks go undetected due to an extreme imbalance in network traffic data. This leads to a high false positive and low detection rate. This study focused on improving the detection accuracy by addressing the class imbalanced problem which is often associated with network traffic dataset. Live network traffic packets were collected within the test case environment with Wireshark during normal network activities, Syncflood attack, slowhttppost attack and exploitation of known vulnerabilities on a targeted machine. Fifty-two features including forty-two features similar to Knowledge Discovery in Database (KDD ’99) intrusion detection dataset were extracted from the packet meta-data using Spleen tool. The features were normalized with min-max normalization algorithm and Information Gain algorithm was used to select the best discriminatory features from the feature space. An anomalous intrusion detection model was formulated by a cascade of k-means clustering algorithm and random-forest classifier. The proposed model was simulated and its performance was evaluated using detection accuracy, sensitivity, and specificity as metrics. The result of the evaluation showed 10% higher detection accuracy, 29% sensitivity, and 0.2% specificity than the existing model. Keywords— anomalous, cyber-attack, Detection, Intrusion

Download Full-text

Multiview deep learning based on tensor decomposition and its application in fault detection of overhead contact systems

The Visual Computer ◽

10.1007/s00371-021-02080-y ◽

2021 ◽

Author(s):

Xuewu Zhang ◽

Yansheng Gong ◽

Chen Qiao ◽

Wenfeng Jing

Keyword(s):

High Speed ◽

Tensor Decomposition ◽

Detection Methods ◽

Detection Accuracy ◽

Feature Maps ◽

Training Time ◽

Detection Model ◽

Railway Line ◽

Result Show ◽

Deep Layers

AbstractThis article mainly focuses on the most common types of high-speed railways malfunctions in overhead contact systems, namely, unstressed droppers, foreign-body invasions, and pole number-plate malfunctions, to establish a deep-network detection model. By fusing the feature maps of the shallow and deep layers in the pretraining network, global and local features of the malfunction area are combined to enhance the network's ability of identifying small objects. Further, in order to share the fully connected layers of the pretraining network and reduce the complexity of the model, Tucker tensor decomposition is used to extract features from the fused-feature map. The operation greatly reduces training time. Through the detection of images collected on the Lanxin railway line, experiments result show that the proposed multiview Faster R-CNN based on tensor decomposition had lower miss probability and higher detection accuracy for the three types faults. Compared with object-detection methods YOLOv3, SSD, and the original Faster R-CNN, the average miss probability of the improved Faster R-CNN model in this paper is decreased by 37.83%, 51.27%, and 43.79%, respectively, and average detection accuracy is increased by 3.6%, 9.75%, and 5.9%, respectively.

Download Full-text

A Cyber-Attack Detection Model Based on Multivariate Analyses

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e92.a.1585 ◽

2009 ◽

Vol E92-A (7) ◽

pp. 1585-1592

Author(s):

Yuto SAKAI ◽

Koichiro RINSAKA ◽

Tadashi DOHI

Keyword(s):

Multivariate Analyses ◽

Attack Detection ◽

Cyber Attack ◽

Detection Model ◽

Model Based

Download Full-text

OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2016.928 ◽

2016 ◽

Vol 8 (3) ◽

pp. 327-333 ◽

Cited By ~ 3

Author(s):

Rimas Ciplinskas ◽

Nerijus Paulauskas

Keyword(s):

Anomaly Detection ◽

Network Flow ◽

Detection Method ◽

Attack Detection ◽

Detection Methods ◽

Cyber Attack ◽

Normal Network ◽

New Type ◽

Flow Detection ◽

F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Download Full-text

Bacterial colonies detecting and counting based on enhanced CNN detection method

E3S Web of Conferences ◽

10.1051/e3sconf/202123302012 ◽

2021 ◽

Vol 233 ◽

pp. 02012

Author(s):

Shousheng Liu ◽

Zhigang Gai ◽

Xu Chai ◽

Fengxiang Guo ◽

Mei Zhang ◽

...

Keyword(s):

Target Detection ◽

Error Detection ◽

Detection Rate ◽

Detection Method ◽

Difficult Problem ◽

Detection Methods ◽

Detection Accuracy ◽

Detection Model ◽

Confidence Threshold ◽

Small Targets

Bacterial colonies detecting and counting is tedious and time-consuming work. Fortunately CNN (convolutional neural network) detection methods are effective for target detection. The bacterial colonies are a kind of small targets, which have been a difficult problem in the field of target detection technology. This paper proposes a small target enhancement detection method based on double CNNs, which can not only improve the detection accuracy, but also maintain the detection speed similar to the general detection model. The detection method uses double CNNs. The first CNN uses SSD_MOBILENET_V1 network with both target positioning and target recognition functions. The candidate targets are screened out with a low confidence threshold, which can ensure no missing detection of small targets. The second CNN obtains candidate target regions according to the first round of detection, intercepts image sub-blocks one by one, uses the MOBILENET_V1 network to filter out targets with a higher confidence threshold, which can ensure good detection of small targets. Through the two-round enhancement detection method has been transplanted to the embedded platform NVIDIA Jetson AGX Xavier, the detection accuracy of small targets is significantly improved, and the target error detection rate and missed detection rate are reduced to less than 1%.

Download Full-text

Deep Learning Enabled Data Offloading With Cyber Attack Detection Model in Mobile Edge Computing Systems

IEEE Access ◽

10.1109/access.2020.3030726 ◽

2020 ◽

Vol 8 ◽

pp. 185938-185949

Author(s):

T. Gopalakrishnan ◽

D. Ruby ◽

Fadi Al-Turjman ◽

Deepak Gupta ◽

Irina V. Pustokhina ◽

...

Keyword(s):

Deep Learning ◽

Attack Detection ◽

Edge Computing ◽

Mobile Edge Computing ◽

Cyber Attack ◽

Computing Systems ◽

Data Offloading ◽

Detection Model

Download Full-text

A Machine-Learning-Based Cyber Attack Detection Model for Wireless Sensor Networks in Microgrids

IEEE Transactions on Industrial Informatics ◽

10.1109/tii.2020.2964704 ◽

2021 ◽

Vol 17 (1) ◽

pp. 650-658 ◽

Cited By ~ 2

Author(s):

Abdollah Kavousi-Fard ◽

Wencong Su ◽

Tao Jin

Keyword(s):

Machine Learning ◽

Wireless Sensor Networks ◽

Sensor Networks ◽

Attack Detection ◽

Wireless Sensor ◽

Cyber Attack ◽

Detection Model

Download Full-text

Evaluation of Unsupervised Change Detection Methods Applied to Landslide Inventory Mapping Using ASTER Imagery

Remote Sensing ◽

10.3390/rs10121987 ◽

2018 ◽

Vol 10 (12) ◽

pp. 1987 ◽

Cited By ~ 5

Author(s):

Rocío Ramos-Bernal ◽

René Vázquez-Jiménez ◽

Raúl Romero-Calcerrada ◽

Patricia Arrogante-Funes ◽

Carlos Novillo

Keyword(s):

Change Detection ◽

Vegetation Index ◽

Thermal Emission ◽

Principal Component ◽

Detection Methods ◽

Detection Accuracy ◽

Data Types ◽

Statistical Parameters ◽

Wide Range ◽

The World

Natural hazards include a wide range of high-impact phenomena that affect socioeconomic and natural systems. Landslides are a natural hazard whose destructive power has caused a significant number of victims and substantial damage around the world. Remote sensing provides many data types and techniques that can be applied to monitor their effects through landslides inventory maps. Three unsupervised change detection methods were applied to the Advanced Spaceborne Thermal Emission and Reflection Radiometer (Aster)-derived images from an area prone to landslides in the south of Mexico. Linear Regression (LR), Chi-Square Transformation, and Change Vector Analysis were applied to the principal component and the Normalized Difference Vegetation Index (NDVI) data to obtain the difference image of change. The thresholding was performed on the change histogram using two approaches: the statistical parameters and the secant method. According to previous works, a slope mask was used to classify the pixels as landslide/No-landslide; a cloud mask was used to eliminate false positives; and finally, those landslides less than 450 m2 (two Aster pixels) were discriminated. To assess the landslide detection accuracy, 617 polygons (35,017 pixels) were sampled, classified as real landslide/No-landslide, and defined as ground-truth according to the interpretation of color aerial photo slides to obtain omission/commission errors and Kappa coefficient of agreement. The results showed that the LR using NDVI data performs the best results in landslide detection. Change detection is a suitable technique that can be applied for the landslides mapping and we think that it can be replicated in other parts of the world with results similar to those obtained in the present work.

Download Full-text

Detecting Shilling Attacks with Automatic Features from Multiple Views

Security and Communication Networks ◽

10.1155/2019/6523183 ◽

2019 ◽

Vol 2019 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Yaojun Hao ◽

Fuzhi Zhang ◽

Jian Wang ◽

Qingshan Zhao ◽

Jianfang Cao

Keyword(s):

Principal Component Analysis ◽

Recommender Systems ◽

Detection Method ◽

Principal Component ◽

Component Analysis ◽

Experimental Results ◽

Detection Methods ◽

Detection Accuracy ◽

Multiple Views ◽

Fine Grained

Due to the openness of the recommender systems, the attackers are likely to inject a large number of fake profiles to bias the prediction of such systems. The traditional detection methods mainly rely on the artificial features, which are often extracted from one kind of user-generated information. In these methods, fine-grained interactions between users and items cannot be captured comprehensively, leading to the degradation of detection accuracy under various types of attacks. In this paper, we propose an ensemble detection method based on the automatic features extracted from multiple views. Firstly, to collaboratively discover the shilling profiles, the users’ behaviors are analyzed from multiple views including ratings, item popularity, and user-user graph. Secondly, based on the data preprocessed from multiple views, the stacked denoising autoencoders are used to automatically extract user features with different corruption rates. Moreover, the features extracted from multiple views are effectively combined based on principal component analysis. Finally, according to the features extracted with different corruption rates, the weak classifiers are generated and then integrated to detect attacks. The experimental results on the MovieLens, Netflix, and Amazon datasets indicate that the proposed method can effectively detect various attacks.

Download Full-text

Detection Model for Seepage Behavior of Earth Dams Based on Data Mining

Mathematical Problems in Engineering ◽

10.1155/2018/8191802 ◽

2018 ◽

Vol 2018 ◽

pp. 1-11

Author(s):

Zhenxiang Jiang ◽

Jinping He

Keyword(s):

Data Mining ◽

Principal Component Analysis ◽

Single Point ◽

Principal Component ◽

Monitoring Data ◽

Detection Methods ◽

Earth Dams ◽

Multiple Points ◽

Behavior Detection ◽

Detection Model

Seepage behavior detecting is an important tool for ensuring the safety of earth dams. However, traditional seepage behavior detection methods have used insufficient monitoring data and have mainly focused on single-point measures and local seepage behavior. The seepage behavior of dams is not quantitatively detected based on the monitoring data with multiple measuring points. Therefore, this study uses data mining techniques to analyze the monitoring data and overcome the above-mentioned shortcomings. The massive seepage monitoring data with multiple points are used as the research object. The key information on seepage behavior is extracted using principal component analysis. The correlation between seepage behavior and upstream water level is described as mutual information. A detection model for overall seepage behavior is established. Result shows that the model can completely extract the seepage monitoring data with multiple points and quantitatively detect the overall seepage behavior of earth dams. The proposed method can provide a new and reasonable means of quantitatively detecting the overall seepage behavior of earth dams.

Download Full-text