Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which ...Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.展开更多
The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charg...The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.展开更多
As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and...As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.展开更多
The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced met...The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.展开更多
Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,p...Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,poor temporal dependency handling,and suboptimal real-time performance,sometimes even neglecting the temporal relationships between data.To address these issues and improve anomaly detection performance by better capturing temporal dependencies,we propose an unsupervised time series anomaly detection method,VLT-Anomaly.First,we enhance the Variational Autoencoder(VAE)module by redesigning its network structure to better suit anomaly detection through data reconstruction.We introduce hyperparameters to control the weight of the Kullback-Leibler(KL)divergence term in the Evidence Lower Bound(ELBO),thereby improving the encoder module’s decoupling and expressive power in the latent space,which yields more effective latent representations of the data.Next,we incorporate transformer and Long Short-Term Memory(LSTM)modules to estimate the long-term dependencies of the latent representations,capturing both forward and backward temporal relationships and performing time series forecasting.Finally,we compute the reconstruction error by averaging the predicted results and decoder reconstruction and detect anomalies through grid search for optimal threshold values.Experimental results demonstrate that the proposed method performs superior anomaly detection on multiple public time series datasets,effectively extracting complex time-related features and enabling efficient computation and real-time anomaly detection.It improves detection accuracy and robustness while reducing false positives and false negatives.展开更多
Cloud computing(CC) provides infrastructure,storage services,and applications to the users that should be secured by some procedures or policies.Security in the cloud environment becomes essential to safeguard infrast...Cloud computing(CC) provides infrastructure,storage services,and applications to the users that should be secured by some procedures or policies.Security in the cloud environment becomes essential to safeguard infrastructure and user information from unauthorized access by implementing timely intrusion detection systems(IDS).Ensemble learning harnesses the collective power of multiple machine learning(ML) methods with feature selection(FS)process aids to progress the sturdiness and overall precision of intrusion detection.Therefore,this article presents a meta-heuristic feature selection by ensemble learning-based anomaly detection(MFS-ELAD)algorithm for the CC platforms.To realize this objective,the proposed approach utilizes a min-max standardization technique.Then,higher dimensionality features are decreased by Prairie Dogs Optimizer(PDO) algorithm.For the recognition procedure,the MFS-ELAD method emulates a group of 3 DL techniques such as sparse auto-encoder(SAE),stacked long short-term memory(SLSTM),and Elman neural network(ENN) algorithms.Eventually,the parameter fine-tuning of the DL algorithms occurs utilizing the sand cat swarm optimizer(SCSO) approach that helps in improving the recognition outcomes.The simulation examination of MFS-ELAD system on the CSE-CIC-IDS2018 dataset exhibits its promising performance across another method using a maximal precision of 99.71%.展开更多
The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,t...The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,this paper proposes a method based on Fuzzy Fusion of variablesand Discriminant mapping of features for Clustering(FFD-Clustering)to detect anomalies in originalmonitoring data from Aircraft Communication Addressing and Reporting System(ACARS).Firstly,associated variables are fuzzily grouped to extract the underlying distribution characteristics and trendsfrom the data.Secondly,a multi-layer contrastive denoising-based feature Fusion Encoding Network(FEN)is designed for each variable group,which can construct representative features for each variablegroup through eliminating strong noise and complex interrelations between variables.Thirdly,a featureDiscriminative Mapping Network(DMN)based on reconstruction difference re-clustering is designed,which can distinguish dissimilar feature vectors when mapping representative features to a unified fea-ture space.Finally,the K-means clustering is used to detect the abnormal feature vectors in the unifiedfeature space.Additionally,the algorithm is capable of reconstructing identified abnormal vectors,thereby locating the abnormal variable groups.The performance of this algorithm was tested ontwo public datasets and real original monitoring data from four aero-engines'ACARS,demonstratingits superiority and application potential in aero-engine anomaly detection.展开更多
The exponential expansion of the Internet of Things(IoT),Industrial Internet of Things(IIoT),and Transportation Management of Things(TMoT)produces vast amounts of real-time streaming data.Ensuring system dependability...The exponential expansion of the Internet of Things(IoT),Industrial Internet of Things(IIoT),and Transportation Management of Things(TMoT)produces vast amounts of real-time streaming data.Ensuring system dependability,operational efficiency,and security depends on the identification of anomalies in these dynamic and resource-constrained systems.Due to their high computational requirements and inability to efficiently process continuous data streams,traditional anomaly detection techniques often fail in IoT systems.This work presents a resource-efficient adaptive anomaly detection model for real-time streaming data in IoT systems.Extensive experiments were carried out on multiple real-world datasets,achieving an average accuracy score of 96.06%with an execution time close to 7.5 milliseconds for each individual streaming data point,demonstrating its potential for real-time,resourceconstrained applications.The model uses Principal Component Analysis(PCA)for dimensionality reduction and a Z-score technique for anomaly detection.It maintains a low computational footprint with a sliding window mechanism,enabling incremental data processing and identification of both transient and sustained anomalies without storing historical data.The system uses a Multivariate Linear Regression(MLR)based imputation technique that estimates missing or corrupted sensor values,preserving data integrity prior to anomaly detection.The suggested solution is appropriate for many uses in smart cities,industrial automation,environmental monitoring,IoT security,and intelligent transportation systems,and is particularly well-suited for resource-constrained edge devices.展开更多
We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framewo...We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framework innovatively combines Graph Neural Networks(GNN)and advanced data fusion techniques to enhance IoDT capabilities.Through spatial crowdsourcing,drones collectively gather diverse,real-time data across multiple locations,creating a rich dataset for analysis.This method integrates spatial,temporal,and various data modalities,facilitating early bushfire detection by identifying subtle environmental and operational changes.Utilizing a complex GNN architecture,our model effectively processes the intricacies of spatially crowdsourced data,significantly increasing anomaly detection accuracy.It incorporates modules for temporal pattern recognition and spatial analysis of environmental impacts,leveraging multimodal data to detect a wide range of anomalies,from temperature shifts to humidity variations.Our approach has been empirically validated,achieving an F1 score of 0.885,highlighting its superior anomaly detection performance.This integration of spatial crowdsourcing with IoDT not only establishes a new standard for environmental monitoring but also contributes significantly to disaster management and urban sustainability.展开更多
As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic...As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.展开更多
As computer data grows exponentially,detecting anomalies within system logs has become increasingly important.Current research on log anomaly detection largely depends on log templates derived from log parsing.Word em...As computer data grows exponentially,detecting anomalies within system logs has become increasingly important.Current research on log anomaly detection largely depends on log templates derived from log parsing.Word embedding is utilized to extract information from these templates.However,this method neglects a portion of the content within the logs and confronts the challenge of data imbalance among various log template types after parsing.Currently,specialized research on data imbalance across log template categories remains scarce.A dual-attention-based log anomaly detection model(LogDA),which leveraged data imbalance,was proposed to address these issues in the work.The LogDA model initially utilized a pre-trained model to extract semantic embedding from log templates.Besides,the similarity between embedding was calculated to discern the relationships among the various templates.Then,a Transformer model with a dual-attention mechanism was constructed to capture positional information and global dependencies.Compared to multiple baseline experiments across three public datasets,the proposed approach could improve precision,recall,and F1 scores.展开更多
In recent years,there has been a concerted effort to improve anomaly detection tech-niques,particularly in the context of high-dimensional,distributed clinical data.Analysing patient data within clinical settings reve...In recent years,there has been a concerted effort to improve anomaly detection tech-niques,particularly in the context of high-dimensional,distributed clinical data.Analysing patient data within clinical settings reveals a pronounced focus on refining diagnostic accuracy,personalising treatment plans,and optimising resource allocation to enhance clinical outcomes.Nonetheless,this domain faces unique challenges,such as irregular data collection,inconsistent data quality,and patient-specific structural variations.This paper proposed a novel hybrid approach that integrates heuristic and stochastic methods for anomaly detection in patient clinical data to address these challenges.The strategy combines HPO-based optimal Density-Based Spatial Clustering of Applications with Noise for clustering patient exercise data,facilitating efficient anomaly identification.Subsequently,a stochastic method based on the Interquartile Range filters unreliable data points,ensuring that medical tools and professionals receive only the most pertinent and accurate information.The primary objective of this study is to equip healthcare pro-fessionals and researchers with a robust tool for managing extensive,high-dimensional clinical datasets,enabling effective isolation and removal of aberrant data points.Furthermore,a sophisticated regression model has been developed using Automated Machine Learning(AutoML)to assess the impact of the ensemble abnormal pattern detection approach.Various statistical error estimation techniques validate the efficacy of the hybrid approach alongside AutoML.Experimental results show that implementing this innovative hybrid model on patient rehabilitation data leads to a notable enhance-ment in AutoML performance,with an average improvement of 0.041 in the R2 score,surpassing the effectiveness of traditional regression models.展开更多
Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are...Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are highly secure closed systems with interfaces defined through the 3rd Generation Partnership Project(3GPP)specifications to fulfill communication requirements.However,the 5GC boundary,especially the access domain,faces diverse security threats due to the availability of open-source cellular software suites and SoftwareDefined Radio(SDR)devices.Therefore,we systematically summarize security threats targeting the N2 interfaces at the 5GC boundary,which are categorized as Illegal Registration,Protocol attack,and Signaling Storm.We further construct datasets of attack and normal communication patterns based on a 5G simulated platform.In addition,we propose an anomaly detection method based on Next Generation Application Protocol(NGAP)message sequences,which extracts session temporal features at the granularity of User Equipment(UE).The method combines the Long Short-Term Memory Network(LSTM)and the attention mechanism can effectively mine the dynamic patterns and key anomaly time-steps in the temporal sequence.We conducted anomaly detection baseline algorithm comparison experiments,ablation experiments,and real-world simulation experiments.Experimental evaluations demonstrated that our model can accurately learn the dependencies of uplink and downlink messages for our self-constructed datasets,achieving 99.80%Accuracy and 99.85%F1 Score,which can effectively detect UE anomaly behavior.展开更多
Supervised learning-based rail fastener anomaly detection models are limited by the scarcity of anomaly samples and perform poorly under data imbalance conditions.However,unsupervised anomaly detection methods based o...Supervised learning-based rail fastener anomaly detection models are limited by the scarcity of anomaly samples and perform poorly under data imbalance conditions.However,unsupervised anomaly detection methods based on diffusion models reduce the dependence on the number of anomalous samples but suffer from too many iterations and excessive smoothing of reconstructed images.In this work,we have established a rail fastener anomaly detection framework called Diff-Fastener,the diffusion model is introduced into the fastener detection task,half of the normal samples are converted into anomaly samples online in the model training stage,and One-Step denoising and canonical guided denoising paradigms are used instead of iterative denoising to improve the reconstruction efficiency of the model while solving the problem of excessive smoothing.DACM(Dilated Attention Convolution Module)is proposed in the middle layer of the reconstruction network to increase the detail information of the reconstructed image;meanwhile,Sparse-Skip connections are used instead of dense connections to reduce the computational load of themodel and enhance its scalability.Through exhaustive experiments onMVTec,VisA,and railroad fastener datasets,the results show that Diff-Fastener achieves 99.1%Image AUROC(Area Under the Receiver Operating Characteristic)and 98.9%Pixel AUROC on the railroad fastener dataset,which outperforms the existing models and achieves the best average score on MVTec and VisA datasets.Our research provides new ideas and directions in the field of anomaly detection for rail fasteners.展开更多
The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing ...The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing attacks,which further guides the UAV on deviated positions or trajectories.To counter the GPS,,m spoofing on UAV system and to detect the position/trajectory anomaly in real time,a motion state vector based stack long short-term memory trajectory prediction scheme is firstly proposed,leveraging the temporal and spatial features of UAV kinematics.Based on the predicted results,an ensemble voting-based trajectory anomaly detection scheme is proposed to detect the position anomalies in real time with the information of motion state sequences.The proposed prediction-based trajectory anomaly detection scheme outperforms the existing offline detection schemes designed for fixed trajectories.Software In The Loop(SITL)based online prediction and online anomaly detection are demonstrated with random 3D flight trajectories.Results show that the coefficient of determination(R^(2))and Root Mean Square Error(RMSE)of the prediction scheme can reach 0.996 and 3.467,respectively.The accuracy,recall,and F1-score of the proposed anomaly detection scheme can reach 0.984,0.988,and 0.983,respectively,which outperform deep ensemble learning,LSTM-based classifier,machine learning classifier and GA-XGBoost based schemes.Moreover,results show that compared with LSTM-based classifier,the average duration(from the moment starting an attack to the moment the attack being detected)and distance of the proposed scheme are reduced by 24.4%and 19.5%,respectively.展开更多
Anomaly detection in wind turbines involves emphasizing its ability to improve operational efficiency,reduce maintenance costs,extend their lifespan,and enhance reliability in the wind energy sector.This is particular...Anomaly detection in wind turbines involves emphasizing its ability to improve operational efficiency,reduce maintenance costs,extend their lifespan,and enhance reliability in the wind energy sector.This is particularly necessary in offshore wind,currently one of the most critical assets for achieving sustainable energy generation goals,due to the harsh marine environment and the difficulty of maintenance tasks.To address this problem,this work proposes a data-driven methodology for detecting power generation anomalies in offshore wind turbines,using normalized and linearized operational data.The proposed framework transforms heterogeneous wind speed and power measurements into a unified scale,enabling the development of a new wind power index(WPi)that quantifies deviations from expected performance.Additionally,spatial and temporal coherence analyses of turbines within a wind farm ensure the validity of these normalized measurements across different wind turbine models and operating conditions.Furthermore,a Support Vector Machine(SVM)refines the classification process,effectively distinguishing measurement errors from actual power generation failures.Validation of this strategy using real-world data from the Alpha Ventus wind farm demonstrates that the proposed approach not only improves predictive maintenance but also optimizes energy production,highlighting its potential for broad application in offshore wind installations.展开更多
Attacks are growing more complex and dangerous as network capabilities improve at a rapid pace.Network intrusion detection is usually regarded as an efficient means of dealing with security attacks.Many ways have been...Attacks are growing more complex and dangerous as network capabilities improve at a rapid pace.Network intrusion detection is usually regarded as an efficient means of dealing with security attacks.Many ways have been presented,utilizing various strategies and focusing on different types of visitors.Anomaly-based network intrusion monitoring is an essential area of intrusion detection investigation and development.Despite extensive research on anomaly-based network detection,there is still a lack of comprehensive literature reviews covering current methodologies and datasets.Despite the substantial research into anomaly-based network intrusion detection algorithms,there is a dearth of a research evaluation of new methodologies and datasets.We explore and evaluate 50 highest publications on anomaly-based intrusion detection using an in-depth review of related literature techniques.Our work thoroughly explores the technological environment of the subject in order to help future research in this sector.Our examination is carried out from the relevant angles:application areas,data preprocessing and threat detection approaches,assessment measures,and datasets.We select unresolved research difficulties and underexplored research areas from every viewpoint recommendation of the study.Finally,we outline five potentially increased research areas for the future.展开更多
Edge computing(EC)combined with the Internet of Things(IoT)provides a scalable and efficient solution for smart homes.Therapid proliferation of IoT devices poses real-time data processing and security challenges.EC ha...Edge computing(EC)combined with the Internet of Things(IoT)provides a scalable and efficient solution for smart homes.Therapid proliferation of IoT devices poses real-time data processing and security challenges.EC has become a transformative paradigm for addressing these challenges,particularly in intrusion detection and anomaly mitigation.The widespread connectivity of IoT edge networks has exposed them to various security threats,necessitating robust strategies to detect malicious activities.This research presents a privacy-preserving federated anomaly detection framework combined with Bayesian game theory(BGT)and double deep Q-learning(DDQL).The proposed framework integrates BGT to model attacker and defender interactions for dynamic threat level adaptation and resource availability.It also models a strategic layout between attackers and defenders that takes into account uncertainty.DDQL is incorporated to optimize decision-making and aids in learning optimal defense policies at the edge,thereby ensuring policy and decision optimization.Federated learning(FL)enables decentralized and unshared anomaly detection for sensitive data between devices.Data collection has been performed from various sensors in a real-time EC-IoT network to identify irregularities that occurred due to different attacks.The results reveal that the proposed model achieves high detection accuracy of up to 98%while maintaining low resource consumption.This study demonstrates the synergy between game theory and FL to strengthen anomaly detection in EC-IoT networks.展开更多
Cross-domain graph anomaly detection(CD-GAD)is a promising task that leverages knowledge from a labelled source graph to guide anomaly detection on an unlabelled target graph.CD-GAD classifies anomalies as unique or c...Cross-domain graph anomaly detection(CD-GAD)is a promising task that leverages knowledge from a labelled source graph to guide anomaly detection on an unlabelled target graph.CD-GAD classifies anomalies as unique or common based on their presence in both the source and target graphs.However,existing models often fail to fully explore domain-unique knowledge of the target graph for detecting unique anomalies.Additionally,they tend to focus solely on node-level differences,overlooking structural-level differences that provide complementary information for common anomaly detection.To address these issues,we propose a novel method,Synthetic Graph Anomaly Detection via Graph Transfer and Graph Decouple(GTGD),which effectively detects common and unique anomalies in the target graph.Specifically,our approach ensures deeper learning of domain-unique knowledge by decoupling the reconstruction graphs of common and unique features.Moreover,we simulta-neously consider node-level and structural-level differences by transferring node and edge information from the source graph to the target graph,enabling comprehensive domain-common knowledge representation.Anomalies are detected using both common and unique features,with their synthetic score serving as the final result.Extensive experiments demonstrate the effectiveness of our approach,improving an average performance by 12.6%on the AUC-PR compared to state-of-the-art methods.展开更多
In space probes,anomaly detection of sequence data collected by various sensors is essential to help detect potential faults promptly,improve the reliability of equipment operation,and ensure the smooth operation of t...In space probes,anomaly detection of sequence data collected by various sensors is essential to help detect potential faults promptly,improve the reliability of equipment operation,and ensure the smooth operation of the mission.However,sensors'signals often contain a superposition of various frequencies,changing fluctuations,and correlations between features.This complexity of data attributes makes building effective models challenging.This paper proposes a TimeEvolving Multi-Period Observational(TEMPO)anomaly detection method for space probes.First,fusing wavelet analysis and natural periods improves the ability to capture multi-period features in data.Then,the feature extraction framework proposed enhances the effectiveness of anomaly detection by comprehensively extracting the complex features of data through the multi-module synergy of temporal and channel.The results demonstrate that the proposed method enhances anomaly detection accuracy and its effectiveness is confirmed.Additionally,the ablation experiment results further validate the efficacy of each module.An evaluation of the algorithm's computational complexity confirms its suitability for real-time processing.展开更多
基金supported by the National Natural Science Foundation of China(No.52188102).
文摘Anomaly Detection (AD) has been extensively adopted in industrial settings to facilitate quality control of products. It is critical to industrial production, especially to areas such as aircraft manufacturing, which require strict part qualification rates. Although being more efficient and practical, few-shot AD has not been well explored. The existing AD methods only extract features in a single frequency while defects exist in multiple frequency domains. Moreover, current methods have not fully leveraged the few-shot support samples to extract input-related normal patterns. To address these issues, we propose an industrial few-shot AD method, Feature Extender for Anomaly Detection (FEAD), which extracts normal patterns in multiple frequency domains from few-shot samples under the guidance of the input sample. Firstly, to achieve better coverage of normal patterns in the input sample, we introduce a Sample-Conditioned Transformation Module (SCTM), which transforms support features under the guidance of the input sample to obtain extra normal patterns. Secondly, to effectively distinguish and localize anomaly patterns in multiple frequency domains, we devise an Adaptive Descriptor Construction Module (ADCM) to build and select pattern descriptors in a series of frequencies adaptively. Finally, an auxiliary task for SCTM is designed to ensure the diversity of transformations and include more normal patterns into support features. Extensive experiments on two widely used industrial AD datasets (MVTec-AD and VisA) demonstrate the effectiveness of the proposed FEAD.
基金supported by Jiangsu Provincial Science and Technology Project,grant number J2023124.Jing Guo received this grant,the URLs of sponsors’website is https://kxjst.jiangsu.gov.cn/(accessed on 06 June 2024).
文摘The rapid proliferation of electric vehicle(EV)charging infrastructure introduces critical cybersecurity vulnerabilities to power grids system.This study presents an innovative anomaly detection framework for EV charging stations,addressing the unique challenges posed by third-party aggregation platforms.Our approach integrates node equations-based on the parameter identification with a novel deep learning model,xDeepCIN,to detect abnormal data reporting indicative of aggregation attacks.We employ a graph-theoretic approach to model EV charging networks and utilize Markov Chain Monte Carlo techniques for accurate parameter estimation.The xDeepCIN model,incorporating a Compressed Interaction Network,has the ability to capture complex feature interactions in sparse,high-dimensional charging data.Experimental results on both proprietary and public datasets demonstrate significant improvements in anomaly detection performance,with F1-scores increasing by up to 32.3%for specific anomaly types compared to traditional methods,such as wide&deep and DeepFM(Factorization-Machine).Our framework exhibits robust scalability,effectively handling networks ranging from 8 to 85 charging points.Furthermore,we achieve real-time monitoring capabilities,with parameter identification completing within seconds for networks up to 1000 nodes.This research contributes to enhancing the security and reliability of renewable energy systems against evolving cyber threats,offering a comprehensive solution for safeguarding the rapidly expanding EV charging infrastructure.
基金supported in part by the Guangxi Science and Technology Major Program under grant AA22068067the Guangxi Natural Science Foundation under grant 2023GXNSFAA026236 and 2024GXNSFDA010064the National Natural Science Foundation of China under project 62172119.
文摘As more and more devices in Cyber-Physical Systems(CPS)are connected to the Internet,physical components such as programmable logic controller(PLC),sensors,and actuators are facing greater risks of network attacks,and fast and accurate attack detection techniques are crucial.The key problem in distinguishing between normal and abnormal sequences is to model sequential changes in a large and diverse field of time series.To address this issue,we propose an anomaly detection method based on distributed deep learning.Our method uses a bilateral filtering algorithm for sequential sequences to remove noise in the time series,which can maintain the edge of discrete features.We use a distributed linear deep learning model to establish a sequential prediction model and adjust the threshold for anomaly detection based on the prediction error of the validation set.Our method can not only detect abnormal attacks but also locate the sensors that cause anomalies.We conducted experiments on the Secure Water Treatment(SWAT)and Water Distribution(WADI)public datasets.The experimental results show that our method is superior to the baseline method in identifying the types of attacks and detecting efficiency.
文摘The rapid integration of Internet of Things(IoT)technologies is reshaping the global energy landscape by deploying smart meters that enable high-resolution consumption monitoring,two-way communication,and advanced metering infrastructure services.However,this digital transformation also exposes power system to evolving threats,ranging from cyber intrusions and electricity theft to device malfunctions,and the unpredictable nature of these anomalies,coupled with the scarcity of labeled fault data,makes realtime detection exceptionally challenging.To address these difficulties,a real-time decision support framework is presented for smart meter anomality detection that leverages rolling time windows and two self-supervised contrastive learning modules.The first module synthesizes diverse negative samples to overcome the lack of labeled anomalies,while the second captures intrinsic temporal patterns for enhanced contextual discrimination.The end-to-end framework continuously updates its model with rolling updated meter data to deliver timely identification of emerging abnormal behaviors in evolving grids.Extensive evaluations on eight publicly available smart meter datasets over seven diverse abnormal patterns testing demonstrate the effectiveness of the proposed full framework,achieving average recall and F1 score of more than 0.85.
基金support from the Fundamental Research Funds for Central Public Welfare Research Institutes(SK202324)the Central Guidance on Local Science and Technology Development Fund of Hebei Province(236Z0104G)+1 种基金the National Natural Science Foundation of China(62476078)the Geological Survey Project of China Geological Survey(G202304-2).
文摘Time series anomaly detection is crucial in finance,healthcare,and industrial monitoring.However,traditional methods often face challenges when handling time series data,such as limited feature extraction capability,poor temporal dependency handling,and suboptimal real-time performance,sometimes even neglecting the temporal relationships between data.To address these issues and improve anomaly detection performance by better capturing temporal dependencies,we propose an unsupervised time series anomaly detection method,VLT-Anomaly.First,we enhance the Variational Autoencoder(VAE)module by redesigning its network structure to better suit anomaly detection through data reconstruction.We introduce hyperparameters to control the weight of the Kullback-Leibler(KL)divergence term in the Evidence Lower Bound(ELBO),thereby improving the encoder module’s decoupling and expressive power in the latent space,which yields more effective latent representations of the data.Next,we incorporate transformer and Long Short-Term Memory(LSTM)modules to estimate the long-term dependencies of the latent representations,capturing both forward and backward temporal relationships and performing time series forecasting.Finally,we compute the reconstruction error by averaging the predicted results and decoder reconstruction and detect anomalies through grid search for optimal threshold values.Experimental results demonstrate that the proposed method performs superior anomaly detection on multiple public time series datasets,effectively extracting complex time-related features and enabling efficient computation and real-time anomaly detection.It improves detection accuracy and robustness while reducing false positives and false negatives.
文摘Cloud computing(CC) provides infrastructure,storage services,and applications to the users that should be secured by some procedures or policies.Security in the cloud environment becomes essential to safeguard infrastructure and user information from unauthorized access by implementing timely intrusion detection systems(IDS).Ensemble learning harnesses the collective power of multiple machine learning(ML) methods with feature selection(FS)process aids to progress the sturdiness and overall precision of intrusion detection.Therefore,this article presents a meta-heuristic feature selection by ensemble learning-based anomaly detection(MFS-ELAD)algorithm for the CC platforms.To realize this objective,the proposed approach utilizes a min-max standardization technique.Then,higher dimensionality features are decreased by Prairie Dogs Optimizer(PDO) algorithm.For the recognition procedure,the MFS-ELAD method emulates a group of 3 DL techniques such as sparse auto-encoder(SAE),stacked long short-term memory(SLSTM),and Elman neural network(ENN) algorithms.Eventually,the parameter fine-tuning of the DL algorithms occurs utilizing the sand cat swarm optimizer(SCSO) approach that helps in improving the recognition outcomes.The simulation examination of MFS-ELAD system on the CSE-CIC-IDS2018 dataset exhibits its promising performance across another method using a maximal precision of 99.71%.
基金co-supported by the National Science and Technology Major Project,China(No.J2019-I-0001-0001)the National Natural Science Foundation of China(No.52105545)。
文摘The original monitoring data from aero-engines possess characteristics such as high dimen-sionality,strong noise,and imbalance,which present substantial challenges to traditional anomalydetection methods.In response,this paper proposes a method based on Fuzzy Fusion of variablesand Discriminant mapping of features for Clustering(FFD-Clustering)to detect anomalies in originalmonitoring data from Aircraft Communication Addressing and Reporting System(ACARS).Firstly,associated variables are fuzzily grouped to extract the underlying distribution characteristics and trendsfrom the data.Secondly,a multi-layer contrastive denoising-based feature Fusion Encoding Network(FEN)is designed for each variable group,which can construct representative features for each variablegroup through eliminating strong noise and complex interrelations between variables.Thirdly,a featureDiscriminative Mapping Network(DMN)based on reconstruction difference re-clustering is designed,which can distinguish dissimilar feature vectors when mapping representative features to a unified fea-ture space.Finally,the K-means clustering is used to detect the abnormal feature vectors in the unifiedfeature space.Additionally,the algorithm is capable of reconstructing identified abnormal vectors,thereby locating the abnormal variable groups.The performance of this algorithm was tested ontwo public datasets and real original monitoring data from four aero-engines'ACARS,demonstratingits superiority and application potential in aero-engine anomaly detection.
基金funded by the Ongoing Research Funding Program(ORF-2025-890)King Saud University,Riyadh,Saudi Arabia and was supported by the Competitive Research Fund of theUniversity of Aizu,Japan.
文摘The exponential expansion of the Internet of Things(IoT),Industrial Internet of Things(IIoT),and Transportation Management of Things(TMoT)produces vast amounts of real-time streaming data.Ensuring system dependability,operational efficiency,and security depends on the identification of anomalies in these dynamic and resource-constrained systems.Due to their high computational requirements and inability to efficiently process continuous data streams,traditional anomaly detection techniques often fail in IoT systems.This work presents a resource-efficient adaptive anomaly detection model for real-time streaming data in IoT systems.Extensive experiments were carried out on multiple real-world datasets,achieving an average accuracy score of 96.06%with an execution time close to 7.5 milliseconds for each individual streaming data point,demonstrating its potential for real-time,resourceconstrained applications.The model uses Principal Component Analysis(PCA)for dimensionality reduction and a Z-score technique for anomaly detection.It maintains a low computational footprint with a sliding window mechanism,enabling incremental data processing and identification of both transient and sustained anomalies without storing historical data.The system uses a Multivariate Linear Regression(MLR)based imputation technique that estimates missing or corrupted sensor values,preserving data integrity prior to anomaly detection.The suggested solution is appropriate for many uses in smart cities,industrial automation,environmental monitoring,IoT security,and intelligent transportation systems,and is particularly well-suited for resource-constrained edge devices.
文摘We introduce a pioneering anomaly detection framework within spatial crowdsourcing Internet of Drone Things(IoDT),specifically designed to improve bushfire management in Australia’s expanding urban areas.This framework innovatively combines Graph Neural Networks(GNN)and advanced data fusion techniques to enhance IoDT capabilities.Through spatial crowdsourcing,drones collectively gather diverse,real-time data across multiple locations,creating a rich dataset for analysis.This method integrates spatial,temporal,and various data modalities,facilitating early bushfire detection by identifying subtle environmental and operational changes.Utilizing a complex GNN architecture,our model effectively processes the intricacies of spatially crowdsourced data,significantly increasing anomaly detection accuracy.It incorporates modules for temporal pattern recognition and spatial analysis of environmental impacts,leveraging multimodal data to detect a wide range of anomalies,from temperature shifts to humidity variations.Our approach has been empirically validated,achieving an F1 score of 0.885,highlighting its superior anomaly detection performance.This integration of spatial crowdsourcing with IoDT not only establishes a new standard for environmental monitoring but also contributes significantly to disaster management and urban sustainability.
基金supported by Korea National University of Transportation Industry-Academy Cooperation Foundation in 2024.
文摘As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.
基金funded by the Hainan Provincial Natural Science Foundation Project(Grant No.622RC675)the National Natural Science Foundation of China(Grant No.62262019).
文摘As computer data grows exponentially,detecting anomalies within system logs has become increasingly important.Current research on log anomaly detection largely depends on log templates derived from log parsing.Word embedding is utilized to extract information from these templates.However,this method neglects a portion of the content within the logs and confronts the challenge of data imbalance among various log template types after parsing.Currently,specialized research on data imbalance across log template categories remains scarce.A dual-attention-based log anomaly detection model(LogDA),which leveraged data imbalance,was proposed to address these issues in the work.The LogDA model initially utilized a pre-trained model to extract semantic embedding from log templates.Besides,the similarity between embedding was calculated to discern the relationships among the various templates.Then,a Transformer model with a dual-attention mechanism was constructed to capture positional information and global dependencies.Compared to multiple baseline experiments across three public datasets,the proposed approach could improve precision,recall,and F1 scores.
文摘In recent years,there has been a concerted effort to improve anomaly detection tech-niques,particularly in the context of high-dimensional,distributed clinical data.Analysing patient data within clinical settings reveals a pronounced focus on refining diagnostic accuracy,personalising treatment plans,and optimising resource allocation to enhance clinical outcomes.Nonetheless,this domain faces unique challenges,such as irregular data collection,inconsistent data quality,and patient-specific structural variations.This paper proposed a novel hybrid approach that integrates heuristic and stochastic methods for anomaly detection in patient clinical data to address these challenges.The strategy combines HPO-based optimal Density-Based Spatial Clustering of Applications with Noise for clustering patient exercise data,facilitating efficient anomaly identification.Subsequently,a stochastic method based on the Interquartile Range filters unreliable data points,ensuring that medical tools and professionals receive only the most pertinent and accurate information.The primary objective of this study is to equip healthcare pro-fessionals and researchers with a robust tool for managing extensive,high-dimensional clinical datasets,enabling effective isolation and removal of aberrant data points.Furthermore,a sophisticated regression model has been developed using Automated Machine Learning(AutoML)to assess the impact of the ensemble abnormal pattern detection approach.Various statistical error estimation techniques validate the efficacy of the hybrid approach alongside AutoML.Experimental results show that implementing this innovative hybrid model on patient rehabilitation data leads to a notable enhance-ment in AutoML performance,with an average improvement of 0.041 in the R2 score,surpassing the effectiveness of traditional regression models.
文摘Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are highly secure closed systems with interfaces defined through the 3rd Generation Partnership Project(3GPP)specifications to fulfill communication requirements.However,the 5GC boundary,especially the access domain,faces diverse security threats due to the availability of open-source cellular software suites and SoftwareDefined Radio(SDR)devices.Therefore,we systematically summarize security threats targeting the N2 interfaces at the 5GC boundary,which are categorized as Illegal Registration,Protocol attack,and Signaling Storm.We further construct datasets of attack and normal communication patterns based on a 5G simulated platform.In addition,we propose an anomaly detection method based on Next Generation Application Protocol(NGAP)message sequences,which extracts session temporal features at the granularity of User Equipment(UE).The method combines the Long Short-Term Memory Network(LSTM)and the attention mechanism can effectively mine the dynamic patterns and key anomaly time-steps in the temporal sequence.We conducted anomaly detection baseline algorithm comparison experiments,ablation experiments,and real-world simulation experiments.Experimental evaluations demonstrated that our model can accurately learn the dependencies of uplink and downlink messages for our self-constructed datasets,achieving 99.80%Accuracy and 99.85%F1 Score,which can effectively detect UE anomaly behavior.
基金funded by the National Natural Science Foundation of China,grant number 52272385 and 52475085.
文摘Supervised learning-based rail fastener anomaly detection models are limited by the scarcity of anomaly samples and perform poorly under data imbalance conditions.However,unsupervised anomaly detection methods based on diffusion models reduce the dependence on the number of anomalous samples but suffer from too many iterations and excessive smoothing of reconstructed images.In this work,we have established a rail fastener anomaly detection framework called Diff-Fastener,the diffusion model is introduced into the fastener detection task,half of the normal samples are converted into anomaly samples online in the model training stage,and One-Step denoising and canonical guided denoising paradigms are used instead of iterative denoising to improve the reconstruction efficiency of the model while solving the problem of excessive smoothing.DACM(Dilated Attention Convolution Module)is proposed in the middle layer of the reconstruction network to increase the detail information of the reconstructed image;meanwhile,Sparse-Skip connections are used instead of dense connections to reduce the computational load of themodel and enhance its scalability.Through exhaustive experiments onMVTec,VisA,and railroad fastener datasets,the results show that Diff-Fastener achieves 99.1%Image AUROC(Area Under the Receiver Operating Characteristic)and 98.9%Pixel AUROC on the railroad fastener dataset,which outperforms the existing models and achieves the best average score on MVTec and VisA datasets.Our research provides new ideas and directions in the field of anomaly detection for rail fasteners.
基金supported in part by the National Natural Science Foundation of China(No.62271076)in part by the Fundamental Research Funds for the Central Universities,China(No.2242022k60006).
文摘The Global Positioning System(GPS)plays an indispensable role in the control of Unmanned Aerial Vehicle(UAV).However,the civilian GPS signals,transmitted over the air without any encryption,are vulnerable to spoofing attacks,which further guides the UAV on deviated positions or trajectories.To counter the GPS,,m spoofing on UAV system and to detect the position/trajectory anomaly in real time,a motion state vector based stack long short-term memory trajectory prediction scheme is firstly proposed,leveraging the temporal and spatial features of UAV kinematics.Based on the predicted results,an ensemble voting-based trajectory anomaly detection scheme is proposed to detect the position anomalies in real time with the information of motion state sequences.The proposed prediction-based trajectory anomaly detection scheme outperforms the existing offline detection schemes designed for fixed trajectories.Software In The Loop(SITL)based online prediction and online anomaly detection are demonstrated with random 3D flight trajectories.Results show that the coefficient of determination(R^(2))and Root Mean Square Error(RMSE)of the prediction scheme can reach 0.996 and 3.467,respectively.The accuracy,recall,and F1-score of the proposed anomaly detection scheme can reach 0.984,0.988,and 0.983,respectively,which outperform deep ensemble learning,LSTM-based classifier,machine learning classifier and GA-XGBoost based schemes.Moreover,results show that compared with LSTM-based classifier,the average duration(from the moment starting an attack to the moment the attack being detected)and distance of the proposed scheme are reduced by 24.4%and 19.5%,respectively.
基金supported by the Spanish Ministry of Science and Innovation under the MCI/AEI/FEDER project number PID2021-123543OBC21.
文摘Anomaly detection in wind turbines involves emphasizing its ability to improve operational efficiency,reduce maintenance costs,extend their lifespan,and enhance reliability in the wind energy sector.This is particularly necessary in offshore wind,currently one of the most critical assets for achieving sustainable energy generation goals,due to the harsh marine environment and the difficulty of maintenance tasks.To address this problem,this work proposes a data-driven methodology for detecting power generation anomalies in offshore wind turbines,using normalized and linearized operational data.The proposed framework transforms heterogeneous wind speed and power measurements into a unified scale,enabling the development of a new wind power index(WPi)that quantifies deviations from expected performance.Additionally,spatial and temporal coherence analyses of turbines within a wind farm ensure the validity of these normalized measurements across different wind turbine models and operating conditions.Furthermore,a Support Vector Machine(SVM)refines the classification process,effectively distinguishing measurement errors from actual power generation failures.Validation of this strategy using real-world data from the Alpha Ventus wind farm demonstrates that the proposed approach not only improves predictive maintenance but also optimizes energy production,highlighting its potential for broad application in offshore wind installations.
文摘Attacks are growing more complex and dangerous as network capabilities improve at a rapid pace.Network intrusion detection is usually regarded as an efficient means of dealing with security attacks.Many ways have been presented,utilizing various strategies and focusing on different types of visitors.Anomaly-based network intrusion monitoring is an essential area of intrusion detection investigation and development.Despite extensive research on anomaly-based network detection,there is still a lack of comprehensive literature reviews covering current methodologies and datasets.Despite the substantial research into anomaly-based network intrusion detection algorithms,there is a dearth of a research evaluation of new methodologies and datasets.We explore and evaluate 50 highest publications on anomaly-based intrusion detection using an in-depth review of related literature techniques.Our work thoroughly explores the technological environment of the subject in order to help future research in this sector.Our examination is carried out from the relevant angles:application areas,data preprocessing and threat detection approaches,assessment measures,and datasets.We select unresolved research difficulties and underexplored research areas from every viewpoint recommendation of the study.Finally,we outline five potentially increased research areas for the future.
基金The authors extend their appreciation to the Deanship of Research and Graduate Studies at King Khalid University for funding this work through the Large Group Project under grant number(RGP2/337/46)The research team thanks the Deanship of Graduate Studies and Scientific Research at Najran University for supporting the research project through the Nama’a program,with the project code NU/GP/SERC/13/352-4.
文摘Edge computing(EC)combined with the Internet of Things(IoT)provides a scalable and efficient solution for smart homes.Therapid proliferation of IoT devices poses real-time data processing and security challenges.EC has become a transformative paradigm for addressing these challenges,particularly in intrusion detection and anomaly mitigation.The widespread connectivity of IoT edge networks has exposed them to various security threats,necessitating robust strategies to detect malicious activities.This research presents a privacy-preserving federated anomaly detection framework combined with Bayesian game theory(BGT)and double deep Q-learning(DDQL).The proposed framework integrates BGT to model attacker and defender interactions for dynamic threat level adaptation and resource availability.It also models a strategic layout between attackers and defenders that takes into account uncertainty.DDQL is incorporated to optimize decision-making and aids in learning optimal defense policies at the edge,thereby ensuring policy and decision optimization.Federated learning(FL)enables decentralized and unshared anomaly detection for sensitive data between devices.Data collection has been performed from various sensors in a real-time EC-IoT network to identify irregularities that occurred due to different attacks.The results reveal that the proposed model achieves high detection accuracy of up to 98%while maintaining low resource consumption.This study demonstrates the synergy between game theory and FL to strengthen anomaly detection in EC-IoT networks.
基金supported by the National Nature Science Foundation of China,Grant/Award Numbers:62337001,62037001“Pioneer”and“Leading Goose”R&D Program of Zhejiang,Grant/Award Number:2022C03106.
文摘Cross-domain graph anomaly detection(CD-GAD)is a promising task that leverages knowledge from a labelled source graph to guide anomaly detection on an unlabelled target graph.CD-GAD classifies anomalies as unique or common based on their presence in both the source and target graphs.However,existing models often fail to fully explore domain-unique knowledge of the target graph for detecting unique anomalies.Additionally,they tend to focus solely on node-level differences,overlooking structural-level differences that provide complementary information for common anomaly detection.To address these issues,we propose a novel method,Synthetic Graph Anomaly Detection via Graph Transfer and Graph Decouple(GTGD),which effectively detects common and unique anomalies in the target graph.Specifically,our approach ensures deeper learning of domain-unique knowledge by decoupling the reconstruction graphs of common and unique features.Moreover,we simulta-neously consider node-level and structural-level differences by transferring node and edge information from the source graph to the target graph,enabling comprehensive domain-common knowledge representation.Anomalies are detected using both common and unique features,with their synthetic score serving as the final result.Extensive experiments demonstrate the effectiveness of our approach,improving an average performance by 12.6%on the AUC-PR compared to state-of-the-art methods.
基金supported by the National Natural Science Foundation of China(Nos.92467108,62141604,62032016,92467206)Beijing Nova Program,China No.(20220484106,20230484451)。
文摘In space probes,anomaly detection of sequence data collected by various sensors is essential to help detect potential faults promptly,improve the reliability of equipment operation,and ensure the smooth operation of the mission.However,sensors'signals often contain a superposition of various frequencies,changing fluctuations,and correlations between features.This complexity of data attributes makes building effective models challenging.This paper proposes a TimeEvolving Multi-Period Observational(TEMPO)anomaly detection method for space probes.First,fusing wavelet analysis and natural periods improves the ability to capture multi-period features in data.Then,the feature extraction framework proposed enhances the effectiveness of anomaly detection by comprehensively extracting the complex features of data through the multi-module synergy of temporal and channel.The results demonstrate that the proposed method enhances anomaly detection accuracy and its effectiveness is confirmed.Additionally,the ablation experiment results further validate the efficacy of each module.An evaluation of the algorithm's computational complexity confirms its suitability for real-time processing.
