BANBAD

Anomaly detection is an important aspect of any security mechanism. We present an efficient anomaly detection algorithm, named BANBAD. Using Belief Networks (BNs), the algorithm identifies abnormal behavior of a feature, like inappropriate energy consumption of a node in a network. By applying structure learning techniques to training dataset, BANBAD establishes a joint probability distribution among relevant features, such as average velocity, displacement, local computation and communication time, energy consumption, and response time of a node of the network. A directed acyclic graph (DAG) is used to represent the features and their dependencies. Using a training process, BANBAD maintains dynamic, updated profiles of network node behaviors and uses specific Bayesian inference algorithm to distinguish abnormal behavior during testing. BANBAD works especially well in ad hoc networks. Extensive simulation results demonstrate that a centralized BANBAD achieves low false alarm rates, below 5%, and high detection rates, greater than 95%. We also show that BANBAD detects anomaly efficiently and accurately in two real datasets. The key for achieving such high performance is bounding the false alarm rate at certain predefined threshold value. By fine-tuning at the threshold, we can achieve high detection rate as well.

Download Full-text

A Novel Anomaly Behavior Detection Scheme for Mobile Ad Hoc Networks

Electronics ◽

10.3390/electronics10141635 ◽

2021 ◽

Vol 10 (14) ◽

pp. 1635

Author(s):

Neeraj Chugh ◽

Geetam Singh Tomar ◽

Robin Singh Bhadoria ◽

Neetesh Saxena

Keyword(s):

Anomaly Detection ◽

Ad Hoc Networks ◽

Mobile Ad Hoc Networks ◽

Network Performance ◽

Ad Hoc ◽

Abnormal Behavior ◽

Energy Awareness ◽

Behavior Detection ◽

Mobile Ad Hoc ◽

Hoc Networks

To sustain the security services in a Mobile Ad Hoc Networks (MANET), applications in terms of confidentially, authentication, integrity, authorization, key management, and abnormal behavior detection/anomaly detection are significant. The implementation of a sophisticated security mechanism requires a large number of network resources that degrade network performance. In addition, routing protocols designed for MANETs should be energy efficient in order to maximize network performance. In line with this view, this work proposes a new hybrid method called the data-driven zone-based routing protocol (DD-ZRP) for resource-constrained MANETs that incorporate anomaly detection schemes for security and energy awareness using Network Simulator 3. Most of the existing schemes use constant threshold values, which leads to false positive issues in the network. DD-ZRP uses a dynamic threshold to detect anomalies in MANETs. The simulation results show an improved detection ratio and performance for DD-ZRP over existing schemes; the method is substantially better than the prevailing protocols with respect to anomaly detection for security enhancement, energy efficiency, and optimization of available resources.

Download Full-text

Adaptive and Lightweight Abnormal Node Detection via Biological Immune Game in Mobile Multimedia Networks

Algorithms ◽

10.3390/a14120368 ◽

2021 ◽

Vol 14 (12) ◽

pp. 368

Author(s):

Yajing Zhang ◽

Kai Wang ◽

Jinghui Zhang

Keyword(s):

False Positive Rate ◽

Detection Algorithm ◽

Abnormal Behavior ◽

Multimedia Networks ◽

Mobile Multimedia ◽

High Detection Rate ◽

Multimedia Networking ◽

High Detection ◽

Positive Rate ◽

Abnormal Node

Considering the contradiction between limited node resources and high detection costs in mobile multimedia networks, an adaptive and lightweight abnormal node detection algorithm based on artificial immunity and game theory is proposed in order to balance the trade-off between network security and detection overhead. The algorithm can adapt to the highly dynamic mobile multimedia networking environment with a large number of heterogeneous nodes and multi-source big data. Specifically, the heterogeneous problem of nodes is solved based on the non-specificity of an immune algorithm. A niche strategy is used to identify dangerous areas, and antibody division generates an antibody library that can be updated online, so as to realize the dynamic detection of the abnormal behavior of nodes. Moreover, the priority of node recovery for abnormal nodes is decided through a game between nodes without causing excessive resource consumption for security detection. The results of comparative experiments show that the proposed algorithm has a relatively high detection rate and a low false-positive rate, can effectively reduce consumption time, and has good level of adaptability under the condition of dynamic nodes.

Download Full-text

Trust-based federated learning for network anomaly detection

Web Intelligence ◽

10.3233/web-210475 ◽

2021 ◽

pp. 1-11

Author(s):

Naiyue Chen ◽

Yi Jin ◽

Yinglong Li ◽

Luxin Cai

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Private Information ◽

Information Disclosure ◽

Rapid Development ◽

Detection Algorithm ◽

Abnormal Behavior ◽

Local Data ◽

Daily Work ◽

Network Anomaly Detection

With the rapid development of social networks and the massive popularity of intelligent mobile terminals, network anomaly detection is becoming increasingly important. In daily work and life, edge nodes store a large number of network local connection data and audit data, which can be used to analyze network abnormal behavior. With the increasingly close network communication, the amount of network connection and other related data collected by each network terminal is increasing. Machine learning has become a classification method to analyze the features of big data in the network. Face to the problems of excessive data and long response time for network anomaly detection, we propose a trust-based Federated learning anomaly detection algorithm. We use the edge nodes to train the local data model, and upload the machine learning parameters to the central node. Meanwhile, according to the performance of edge nodes training, we set different weights to match the processing capacity of each terminal which will obtain faster convergence speed and better attack classification accuracy. The user’s private information will only be processed locally and will not be uploaded to the central server, which can reduce the risk of information disclosure. Finally, we compare the basic federated learning model and TFCNN algorithm on KDD Cup 99 dataset and MNIST dataset. The experimental results show that the TFCNN algorithm can improve accuracy and communication efficiency.

Download Full-text

Deep Morphological Anomaly Detection Based on Angular Margin Loss

Applied Sciences ◽

10.3390/app11146545 ◽

2021 ◽

Vol 11 (14) ◽

pp. 6545

Author(s):

Taehyeon Kim ◽

Eungi Hong ◽

Yoonsik Choe

Keyword(s):

Anomaly Detection ◽

Loss Function ◽

Learning Strategy ◽

Main Idea ◽

Poor Performance ◽

Detection Algorithm ◽

Morphological Features ◽

Training Dataset ◽

Semantic Features ◽

Morphological Transformation

Deep anomaly detection aims to identify “abnormal” data by utilizing a deep neural network trained on a normal training dataset. In general, industrial visual anomaly detection systems distinguish between normal and “abnormal” data through small morphological differences such as cracks and stains. Nevertheless, most existing algorithms emphasize capturing the semantic features of normal data rather than the morphological features. Therefore, they yield poor performance on real-world visual inspection, although they show their superiority in simulations with representative image classification datasets. To address this limitation, we propose a novel deep anomaly detection algorithm based on the salient morphological features of normal data. The main idea behind the proposed algorithm is to train a multiclass model to classify hundreds of morphological transformation cases applied to all the given data. To this end, the proposed algorithm utilizes a self-supervised learning strategy, making unsupervised learning straightforward. Additionally, to enhance the performance of the proposed algorithm, we replaced the cross-entropy-based loss function with the angular margin loss function. It is experimentally demonstrated that the proposed algorithm outperforms several recent anomaly detection methodologies in various datasets.

Download Full-text

Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection

Security and Communication Networks ◽

10.1155/2021/6659022 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Mingshu He ◽

Xiaojuan Wang ◽

Junhua Zhou ◽

Yuanyuan Xi ◽

Lei Jin ◽

...

Keyword(s):

Anomaly Detection ◽

Training Data ◽

Supervised Machine Learning ◽

Abnormal Behavior ◽

Small Samples ◽

Training Dataset ◽

Data Reconstruction ◽

Clustering Methods ◽

Detection Model ◽

Shot Detection

With the increase of Internet visits and connections, it is becoming essential and arduous to protect the networks and different devices of the Internet of Things (IoT) from malicious attacks. The intrusion detection systems (IDSs) based on supervised machine learning (ML) methods require a large number of labeled samples. However, the number of abnormal behaviors is far less than that of normal behaviors, let alone that the shots of malicious behavior samples which can be intercepted as training dataset are actually limited. Consequently, it is a key research topic to conduct the anomaly detection for the small number of abnormal behavior samples. This paper proposes an anomaly detection model with a few abnormal samples to solve the problem in few-shot detection based on convolutional neural networks (CNN) and autoencoder (AE). This model mainly consists of the CNN-based supervised pretraining module and the AE-based data reconstruction module. Only a few abnormal samples are utilized to the pretrain module to build the structure of extracting deep features. The data reconstruction module simply chooses the deep features of normal samples as training data. There also exist some effective attention mechanisms in the pretraining module. Through the pretraining of small samples, the accuracy of abnormal detection is improved compared with merely training normal samples with AE. The simulation results prove that this solution can solve the above problems occurring in network behavior anomaly detection. In comparison to the original AE model and other clustering methods, the proposed model advances the detection results in a visible way.

Download Full-text

One-Class Conditional Anomaly Detection Algorithm (OCCADA) for Multiple Linear and Logistic Regression

International Journal of Advanced Trends in Computer Science and Engineering ◽

10.30534/ijatcse/2020/66912020 ◽

2020 ◽

Vol 9 (1) ◽

pp. 480-489

Author(s):

Ivy Kim D

Keyword(s):

Logistic Regression ◽

Anomaly Detection ◽

Detection Algorithm

Download Full-text

JOINT PROBABILITY DISTRIBUTION MODEL OF WIND AND WAVES FOR OFFSHORE WIND TURBINE IN JAPAN SEA AREA

Journal of Japan Society of Civil Engineers Ser B3 (Ocean Engineering) ◽

10.2208/jscejoe.75.i_31 ◽

2019 ◽

Vol 75 (2) ◽

pp. I_31-I_36

Author(s):

Yoji TANAKA ◽

Takeshi YOSHIOKA ◽

Keiji NAKAI ◽

Toshihiko NAGAI

Keyword(s):

Probability Distribution ◽

Wind Turbine ◽

Joint Probability ◽

Japan Sea ◽

Offshore Wind ◽

Distribution Model ◽

Offshore Wind Turbine ◽

Joint Probability Distribution ◽

Sea Area

Download Full-text

Anomaly Detection Algorithm Using Entropy-Based Band Selection and Morphological Operations for Hyperspectral Images

2020 27th International Conference on Telecommunications (ICT) ◽

10.1109/ict49546.2020.9239492 ◽

2020 ◽

Author(s):

Ferdi Andika ◽

Mia Rizkinia

Keyword(s):

Anomaly Detection ◽

Detection Algorithm ◽

Hyperspectral Images ◽

Band Selection ◽

Morphological Operations

Download Full-text

Probability elicitation using geostatistics in hydrocarbon exploration

Computational Geosciences ◽

10.1007/s10596-021-10084-9 ◽

2021 ◽

Cited By ~ 2

Author(s):

André Luís Morosov ◽

Reidar Brumer Bratvold

Keyword(s):

Value Creation ◽

Decision Process ◽

Conceptual Models ◽

Joint Probability ◽

Decision Makers ◽

Hydrocarbon Exploration ◽

Joint Probability Distribution ◽

Proof Of Concept ◽

Geological Information ◽

Decision Supporting

AbstractThe exploratory phase of a hydrocarbon field is a period when decision-supporting information is scarce while the drilling stakes are high. Each new prospect drilled brings more knowledge about the area and might reveal reserves, hence choosing such prospect is essential for value creation. Drilling decisions must be made under uncertainty as the available geological information is limited and probability elicitation from geoscience experts is key in this process. This work proposes a novel use of geostatistics to help experts elicit geological probabilities more objectively, especially useful during the exploratory phase. The approach is simpler, more consistent with geologic knowledge, more comfortable for geoscientists to use and, more comprehensive for decision-makers to follow when compared to traditional methods. It is also flexible by working with any amount and type of information available. The workflow takes as input conceptual models describing the geology and uses geostatistics to generate spatial variability of geological properties in the vicinity of potential drilling prospects. The output is stochastic realizations which are processed into a joint probability distribution (JPD) containing all conditional probabilities of the process. Input models are interactively changed until the JPD satisfactory represents the expert’s beliefs. A 2D, yet realistic, implementation of the workflow is used as a proof of concept, demonstrating that even simple modeling might suffice for decision-making support. Derivative versions of the JPD are created and their effect on the decision process of selecting the drilling sequence is assessed. The findings from the method application suggest ways to define the input parameters by observing how they affect the JPD and the decision process.

Download Full-text

Edge Computing for Data Anomaly Detection of Multi-Sensors in Underground Mining

Electronics ◽

10.3390/electronics10030302 ◽

2021 ◽

Vol 10 (3) ◽

pp. 302

Author(s):

Chunde Liu ◽

Xianli Su ◽

Chuanwen Li

Keyword(s):

Energy Consumption ◽

Anomaly Detection ◽

Underground Mining ◽

Heterogeneous Data ◽

Edge Computing ◽

Sensor Nodes ◽

Detection Methods ◽

Detection Accuracy ◽

Clustering Methods ◽

Safety Warning

There is a growing interest in safety warning of underground mining due to the huge threat being faced by those working in underground mining. Data acquisition of sensors based on Internet of Things (IoT) is currently the main method, but the data anomaly detection and analysis of multi-sensors is a challenging task: firstly, the data that are collected by different sensors of underground mining are heterogeneous; secondly, real-time is required for the data anomaly detection of safety warning. Currently, there are many anomaly detection methods, such as traditional clustering methods K-means and C-means. Meanwhile, Artificial Intelligence (AI) is widely used in data analysis and prediction. However, K-means and C-means cannot directly process heterogeneous data, and AI algorithms require equipment with high computing and storage capabilities. IoT equipment of underground mining cannot perform complex calculation due to the limitation of energy consumption. Therefore, many existing methods cannot be directly used for IoT applications in underground mining. In this paper, a multi-sensors data anomaly detection method based on edge computing is proposed. Firstly, an edge computing model is designed, and according to the computing capabilities of different types of devices, anomaly detection tasks are migrated to different edge devices, which solve the problem of insufficient computing capabilities of the devices. Secondly, according to the requirements of different anomaly detection tasks, edge anomaly detection algorithms for sensor nodes and sink nodes are designed respectively. Lastly, an experimental platform is built for performance comparison analysis, and the experimental results show that the proposed algorithm has better performance in anomaly detection accuracy, delay, and energy consumption.

Download Full-text