Conditional anomaly detection in event streams

2017 ◽  
Vol 65 (4) ◽  
Author(s):  
Marco F. Huber
Keyword(s):  
Anomaly Detection ◽  
Large Scale ◽  
Cost Savings ◽  
Anomalous Behavior ◽  
The Novel ◽  
Normal Model ◽  
Log Files ◽  
Real World Application ◽  
Normal Behavior ◽  
Printing Machine

AbstractDetecting early enough the anomalous behavior of technical systems facilitates cost savings thanks to avoiding system downtimes, guiding maintenance, or improving performance. The novel framework proposed in this paper processes event streams originating from system monitoring for anomaly detection purposes. Therefore, statistical models characterizing the normal behavior of the monitored system are learned from the events. Instead of having one coarse normal model for all operational states, the proposed framework contains a mechanism for automatically detecting different conditions of the system allowing for fine-tuned models for every condition. The performance of the framework is demonstrated by means of a real-world application, where the log files of a large-scale printing machine are analyzed for anomalies.

scholarly journals A LSTM-Based Anomaly Detection Model for Log Analysis

2021 ◽  
Author(s):  
Zhijun Zhao ◽  
Chen Xu ◽  
Bo Li
Keyword(s):  
Anomaly Detection ◽  
Large Scale ◽  
Anomalous Behavior ◽  
Human Beings ◽  
Detection Model ◽  
Detection Algorithms ◽  
Feature Extracting ◽  
Detection Approach ◽  
Unsupervised Approach ◽  
Malicious Behaviors

AbstractSecurity devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.

scholarly journals Improved Mitigation of Cyber Threats in IIoT for Smart Cities: A New-Era Approach and Scheme

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 1976
Author(s):  
Semi Park ◽  
Kyungho Lee
Keyword(s):  
Random Forest ◽  
Anomaly Detection ◽  
Large Scale ◽  
High Efficiency ◽  
Smart Cities ◽  
Role Playing ◽  
Anomalous Behavior ◽  
Detection Methods ◽  
Game Industry ◽  
Bot Detection

Cybersecurity in Industrial Internet of Things (IIoT) has become critical as smart cities are becoming increasingly linked to industrial control systems (ICSs) used in critical infrastructure. Consequently, data-driven security systems for analyzing massive amounts of data generated by smart cities have become essential. A representative method for analyzing large-scale data is the game bot detection approach used in massively multiplayer online role-playing games. We reviewed the literature on bot detection methods to extend the anomaly detection approaches used in bot detection schemes to IIoT fields. Finally, we proposed a process wherein the data envelopment analysis (DEA) model was applied to identify features for efficiently detecting anomalous behavior in smart cities. Experimental results using random forest show that our extracted features based on a game bot can achieve an average F1-score of 0.99903 using 10-fold validation. We confirmed the applicability of the analyzed game-industry methodology to other fields and trained a random forest on the high-efficiency features identified by applying a DEA, obtaining an F1-score of 0.997 using the validation set approach. In this study, an anomaly detection method for analyzing massive smart city data based on a game industry methodology was presented and applied to the ICS dataset.

ON THE LEARNING OF SYSTEM CALL ATTRIBUTES FOR HOST-BASED ANOMALY DETECTION

2006 ◽  
Vol 15 (06) ◽  
pp. 875-892 ◽  
Author(s):  
GAURAV TANDON ◽  
PHILIP K. CHAN
Keyword(s):  
Anomaly Detection ◽  
Anomalous Behavior ◽  
System Call ◽  
Detection Systems ◽  
Systems Model ◽  
Computational Overhead ◽  
Normal Behavior ◽  
Current Sequence ◽  
System Call Sequences

Traditional host-based anomaly detection systems model normal behavior of applications by analyzing system call sequences. The current sequence is then examined (using the model) for anomalous behavior, which could correspond to attacks. Though these techniques have been shown to be quite effective, a key element is missing – the inclusion and utilization of the system call arguments. Recent research shows that sequence-based systems are prone to evasion. We propose an idea of learning different representations for system call arguments. Results indicate that this information can be effectively used for detecting more attacks than traditional sequence-based techniques, with reasonable storage and computational overhead.

Covalent Atomic Bridges Enable Unidirectional Enhancement of Electronic Transport in Aligned Carbon Nanotubes

2019 ◽  
Author(s):  
Mingguang Chen ◽  
Wangxiang Li ◽  
Anshuman Kumar ◽  
Guanghui Li ◽  
Mikhail Itkis ◽  
...  
Keyword(s):  
Carbon Nanotubes ◽  
Electrical Transport ◽  
Large Scale ◽  
The Novel ◽  
Electrical Measurements ◽  
Metal Atoms ◽  
Aligned Carbon Nanotubes ◽  
Transport Channels ◽  
Walled Carbon Nanotubes ◽  
Bulk Structures

<p>Interconnecting the surfaces of nanomaterials without compromising their outstanding mechanical, thermal, and electronic properties is critical in the design of advanced bulk structures that still preserve the novel properties of their nanoscale constituents. As such, bridging the p-conjugated carbon surfaces of single-walled carbon nanotubes (SWNTs) has special implications in next-generation electronics. This study presents a rational path towards improvement of the electrical transport in aligned semiconducting SWNT films by deposition of metal atoms. The formation of conducting Cr-mediated pathways between the parallel SWNTs increases the transverse (intertube) conductance, while having negligible effect on the parallel (intratube) transport. In contrast, doping with Li has a predominant effect on the intratube electrical transport of aligned SWNT films. Large-scale first-principles calculations of electrical transport on aligned SWNTs show good agreement with the experimental electrical measurements and provide insight into the changes that different metal atoms exert on the density of states near the Fermi level of the SWNTs and the formation of transport channels. </p>

scholarly journals IoT Traffic: Modeling and Measurement Experiments

IoT ◽  
2021 ◽  
Vol 2 (1) ◽  
pp. 140-162
Author(s):  
Hung Nguyen-An ◽  
Thomas Silverston ◽  
Taku Yamazaki ◽  
Takumi Miyoshi
Keyword(s):  
Smart Home ◽  
Large Scale ◽  
Traffic Modeling ◽  
The Novel ◽  
Network Behavior ◽  
Performance Accuracy ◽  
Traffic Generator ◽  
Multiple Devices ◽  
Iot Devices ◽  
The Internet Of Things

We now use the Internet of things (IoT) in our everyday lives. The novel IoT devices collect cyber–physical data and provide information on the environment. Hence, IoT traffic will count for a major part of Internet traffic; however, its impact on the network is still widely unknown. IoT devices are prone to cyberattacks because of constrained resources or misconfigurations. It is essential to characterize IoT traffic and identify each device to monitor the IoT network and discriminate among legitimate and anomalous IoT traffic. In this study, we deployed a smart-home testbed comprising several IoT devices to study IoT traffic. We performed extensive measurement experiments using a novel IoT traffic generator tool called IoTTGen. This tool can generate traffic from multiple devices, emulating large-scale scenarios with different devices under different network conditions. We analyzed the IoT traffic properties by computing the entropy value of traffic parameters and visually observing the traffic on behavior shape graphs. We propose a new method for identifying traffic entropy-based devices, computing the entropy values of traffic features. The method relies on machine learning to classify the traffic. The proposed method succeeded in identifying devices with a performance accuracy up to 94% and is robust with unpredictable network behavior with traffic anomalies spreading in the network.

scholarly journals Multi-Objective Optimization of Integrated Civilian-Military Scheduling of Medical Supplies for Epidemic Prevention and Control

Healthcare ◽  
2021 ◽  
Vol 9 (2) ◽  
pp. 126
Author(s):  
Hai-Feng Ling ◽  
Zheng-Lian Su ◽  
Xun-Lin Jiang ◽  
Yu-Jun Zheng
Keyword(s):  
Prevention And Control ◽  
Large Scale ◽  
Medical Services ◽  
The Novel ◽  
Multi Objective ◽  
Medical Supplies ◽  
Problem Instances ◽  
Novel Coronavirus ◽  
And Control ◽  
Minimum Ratio

In a large-scale epidemic, such as the novel coronavirus pneumonia (COVID-19), there is huge demand for a variety of medical supplies, such as medical masks, ventilators, and sickbeds. Resources from civilian medical services are often not sufficient for fully satisfying all of these demands. Resources from military medical services, which are normally reserved for military use, can be an effective supplement to these demands. In this paper, we formulate a problem of integrated civilian-military scheduling of medical supplies for epidemic prevention and control, the aim of which is to simultaneously maximize the overall satisfaction rate of the medical supplies and minimize the total scheduling cost, while keeping a minimum ratio of medical supplies reservation for military use. We propose a multi-objective water wave optimization (WWO) algorithm in order to efficiently solve this problem. Computational results on a set of problem instances constructed based on real COVID-19 data demonstrate the effectiveness of the proposed method.

scholarly journals Comparative genomics suggests a taxonomic revision of the Staphylococcus cohnii species complex

2021 ◽  
Author(s):  
Anna Lavecchia ◽  
Matteo Chiara ◽  
Caterina De Virgilio ◽  
Caterina Manzari ◽  
Carlo Pazzani ◽  
...  
Keyword(s):  
Comparative Genomics ◽  
Species Complex ◽  
Large Scale ◽  
Genomic Sequence ◽  
Bacterial Species ◽  
Taxonomic Revision ◽  
Distinct Species ◽  
The Novel ◽  
Staphylococcus Cohnii ◽  
Taxonomic Assignments

Abstract Staphylococcus cohnii (SC), a coagulase-negative bacterium, was first isolated in 1975 from human skin. Early phenotypic analyses led to the delineation of two subspecies (subsp.), Staphylococcus cohnii subsp. cohnii (SCC) and Staphylococcus cohnii subsp. urealyticus (SCU). SCC was considered to be specific to humans whereas SCU apparently demonstrated a wider host range, from lower primates to humans. The type strains ATCC 29974 and ATCC 49330 have been designated for SCC and SCU, respectively. Comparative analysis of 66 complete genome sequences—including a novel SC isolate—revealed unexpected patterns within the SC complex, both in terms of genomic sequence identity and gene content, highlighting the presence of 3 phylogenetically distinct groups. Based on our observations, and on the current guidelines for taxonomic classification for bacterial species, we propose a revision of the SC species complex. We suggest that SCC and SCU should be regarded as two distinct species: SC and SU (Staphylococcus urealyticus), and that two distinct subspecies, SCC and SCB (SC subsp. barensis, represented by the novel strain isolated in Bari) should be recognized within SC. Furthermore, since large scale comparative genomics studies recurrently suggest inconsistencies or conflicts in taxonomic assignments of bacterial species, we believe that the approach proposed here might be considered for more general application.

Sign in / Sign up

Export Citation Format

Share Document