Junchao Xiao,Lin Yang,Fuli Zhong,Hongbo Chen,Xiangxue Li

DOI: https://doi.org/10.1007/s10489-022-03412-8

IF: 5.3

2022-05-25

Applied Intelligence

Abstract:With the development of Internet of Vehicles (IoVs) techniques, many emerging technologies and their applications are integrated with IoVs. The application of these new technologies requires vehicles to communicate with external networks frequently, which makes the in-vehicle network more vulnerable to hacker attacks. It is imperative to detect hacker attacks on in-vehicle networks. A control area network graph attention networks (CAN-GAT) model is proposed to implement the anomaly detection of in-vehicle networks, and a graph neural network (GNN) anomaly-based detection framework using graph convolution, graph attention and CAN-GAT network model for in-vehicle network based on CAN bus is presented. In this detection framework, a graph is designed with the traffic on the CAN bus to capture the correlation between the change of the traffic bytes and the state of other traffic bytes effectively and help improve the detection accuracy and efficiency. Compared simulation experiments are conducted to test the proposed model, and the obtained model performance metrics results show that the CAN-GAT-2 model based on two-layer CAN-GAT achieves better performance. In addition, the visualization and quantitative analysis methods are used to explain how can the attention mechanism of CAN-GAT-2 improve the performance, which can help to construct better GNNs in anomaly detection of in-vehicle network. The model performance evaluation results show that CAN-GAT-2 achieved improved accuracy among the compared baseline methods, and has good detection speed performance.

computer science, artificial intelligence

Gaoyang Liu,Yanbo Niu,Weijian Zhao,Yuanfeng Duan,Jiangpeng Shu

DOI: https://doi.org/10.12989/sss.2022.29.1.053

IF: 4.581

2022-01-01

Smart Structures and Systems

Abstract:The deployment of advanced structural health monitoring (SHM) systems in large-scale civil structures collects large amounts of data. Note that these data may contain multiple types of anomalies (e.g., missing, minor, outlier, etc.) caused by harsh environment, sensor faults, transfer omission and other factors. These anomalies seriously affect the evaluation of structural performance. Therefore, the effective analysis and mining of SHM data is an extremely important task. Inspired by the deep learning paradigm, this study develops a novel generative adversarial network (GAN) and convolutional neural network (CNN)-based data anomaly detection approach for SHM. The framework of the proposed approach includes three modules : (a) A three-channel input is established based on fast Fourier transform (FFT) and Gramian angular field (GAF) method; (b) A GANomaly is introduced and trained to extract features from normal samples alone for class-imbalanced problems; (c) Based on the output of GANomaly, a CNN is employed to distinguish the types of anomalies. In addition, a dataset-oriented method (i.e., multistage sampling) is adopted to obtain the optimal sampling ratios between all different samples. The proposed approach is tested with acceleration data from an SHM system of a long-span bridge. The results show that the proposed approach has a higher accuracy in detecting the multi-pattern anomalies of SHM data.

Junchao Xiao,Hongbo Chen,Fuli Zhong

DOI: https://doi.org/10.1109/jsyst.2023.3337091

IF: 4.802

2024-03-19

IEEE Systems Journal

Abstract:As various intelligent networked devices are increasingly introduced and applied or connected to modern vehicles, the services and functions of vehicles with controller area network (CAN) become more powerful and intelligent, however, exposed to the wide external networks. which suffer from serious cyber-security threats. Benefit from the intelligent and networked techniques, CAN for modern intelligent vehicles develops rapidly, but still faces critical security problems since it is lack of strong security protection mechanism. For the threat detection of CAN in modern vehicles, this research proposes a graph node attention network (GNAT) method to extract CAN packet context-dependent features, and improve the accuracy of malicious packet IDs identification in packet sequence windows. First, time-continuous CAN packets are converted into node profile according to the arbitration field, and the obtained nodes are connected to edges based on the time–adjacent relationship, thereby being converted into a graph. Using proper graph construction method, normal and malicious CAN packets can be converted into graphs with different topological structures. Second, the attention values of each node and edge in the graph are calculated with the GNAT through the topology difference between normal and malicious CAN packet conversion graphs, and then the node fusion features are acquired. The fused features are fed to the random forest for training and intrusion detection of CAN. Multiple tests were carried out, and the results show the features extracted by GNAT can help improve the generalization performance of the trained random forest model.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

A. Jaekel,Pegah Mansourian,N. Zhang,Marc Kneppers

DOI: https://doi.org/10.1109/TITS.2023.3286611

2023-12-01

Abstract:Although connected mymargin autonomous vehicles (CAVs) hold great potential to improve driving safety and experience significantly, cybersecurity remains a critical concern. As the de-facto standard for in-vehicle networks, the Controller Area Network (CAN) carries messages and commands vital to the operation of the vehicle. However, due to a lack of security mechanisms, intruders are able to conduct devastating attacks on drivers and passengers over CAN. In order to safeguard CAVs, an Intrusion Detection System (IDS) can be deployed to monitor CAN network activities and detect suspicious behavior resulting from an attack. This paper proposes a prediction-based IDS framework for detecting anomalies and attacks on a CAN bus using temporal correlation of message contents. Two candidates are introduced as the prediction module. The first network is an LSTM that predicts time series data separately for each CAN ID, and the second is a ConvLSTM that predicts messages using correlated data of several CAN IDs. An attack is classified according to prediction errors by a Gaussian Naïve Bayes classifier. The proposed IDS is evaluated against other state-of-the-art one-class classifiers, including OCSVM, Isolation Forest, and Autoencoder, and three existing works, including ReducedInception-ResNet, NeuroCAN, and CANLite, using a real-world dataset, the Car Hacking Dataset. A comparison between the two suggested architectures and their use cases is given. Compared to baseline methods and related studies, the proposed method is shown to be more accurate and can achieve F-scores and detection accuracy of almost 100%.

Computer Science,Engineering

Rui Zhao,Cheng Luo,Fei Gao,Zhenhai Gao,Longyi Li,Dong Zhang,Wengang Yang

DOI: https://doi.org/10.3390/electronics13020377

IF: 2.9

2024-01-17

Electronics

Abstract:The Controller Area Network with Flexible Data-Rate (CAN-FD) bus is the predominant in-vehicle network protocol, responsible for transmitting crucial application semantic signals. Due to the absence of security measures, CAN-FD is vulnerable to numerous cyber threats, particularly those altering its authentic physical values. This paper introduces Physical Semantics-Enhanced Anomaly Detection (PSEAD) for CAN-FD networks. Our framework effectively extracts and standardizes the genuine physical meaning features present in the message data fields. The implementation involves a Long Short-Term Memory (LSTM) network augmented with a self-attention mechanism, thereby enabling the unsupervised capture of temporal information within high-dimensional data. Consequently, this approach fully exploits contextual information within the physical meaning features. In contrast to the non-physical semantics-aware whole frame combination detection method, our approach is more adept at harnessing the physical significance inherent in each segment of the message. This enhancement results in improved accuracy and interpretability of anomaly detection. Experimental results demonstrate that our method achieves a mere 0.64% misclassification rate for challenging-to-detect replay attacks and zero misclassifications for DoS, fuzzing, and spoofing attacks. The accuracy has been enhanced by over 4% in comparison to existing methods that rely on byte-level data field characterization at the data link layer.

engineering, electrical & electronic,computer science, information systems,physics, applied

William Marfo,Pablo Moriano,Deepak K. Tosh,Shirley V. Moore

2024-08-10

Abstract:Modern vehicles rely on a myriad of electronic control units (ECUs) interconnected via controller area networks (CANs) for critical operations. Despite their ubiquitous use and reliability, CANs are susceptible to sophisticated cyberattacks, particularly masquerade attacks, which inject false data that mimic legitimate messages at the expected frequency. These attacks pose severe risks such as unintended acceleration, brake deactivation, and rogue steering. Traditional intrusion detection systems (IDS) often struggle to detect these subtle intrusions due to their seamless integration into normal traffic. This paper introduces a novel framework for detecting masquerade attacks in the CAN bus using graph machine learning (ML). We hypothesize that the integration of shallow graph embeddings with time series features derived from CAN frames enhances the detection of masquerade attacks. We show that by representing CAN bus frames as message sequence graphs (MSGs) and enriching each node with contextual statistical attributes from time series, we can enhance detection capabilities across various attack patterns compared to using only graph-based features. Our method ensures a comprehensive and dynamic analysis of CAN frame interactions, improving robustness and efficiency. Extensive experiments on the ROAD dataset validate the effectiveness of our approach, demonstrating statistically significant improvements in the detection rates of masquerade attacks compared to a baseline that uses only graph-based features, as confirmed by Mann-Whitney U and Kolmogorov-Smirnov tests (p < 0.05).

Cryptography and Security,Machine Learning

Qingling Zhao,Mingqiang Chen,Zonghua Gu,Siyu Luan,Haibo Zeng,Samarjit Chakrabory

DOI: https://doi.org/10.1145/3540198

2022-09-05

ACM Transactions on Embedded Computing Systems

Abstract:The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle’s attack surface. We address the problem of Intrusion Detection on the CAN bus and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrates that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.

computer science, software engineering, hardware & architecture

Fei Gao,Jinshuo Liu,Yingqi Liu,Zhenhai Gao,Rui Zhao

DOI: https://doi.org/10.3390/s24113461

IF: 3.9

2024-05-28

Sensors

Abstract:As an enhanced version of standard CAN, the Controller Area Network with Flexible Data (CAN-FD) rate is vulnerable to attacks due to its lack of information security measures. However, although anomaly detection is an effective method to prevent attacks, the accuracy of detection needs further improvement. In this paper, we propose a novel intrusion detection model for the CAN-FD bus, comprising two sub-models: Anomaly Data Detection Model (ADDM) for spotting anomalies and Anomaly Classification Detection Model (ACDM) for identifying and classifying anomaly types. ADDM employs Long Short-Term Memory (LSTM) layers to capture the long-range dependencies and temporal patterns within CAN-FD frame data, thus identifying frames that deviate from established norms. ACDM is enhanced with the attention mechanism that weights LSTM outputs, further improving the identification of sequence-based relationships and facilitating multi-attack classification. The method is evaluated on two datasets: a real-vehicle dataset including frames designed by us based on known attack patterns, and the CAN-FD Intrusion Dataset, developed by the Hacking and Countermeasure Research Lab. Our method offers broader applicability and more refined classification in anomaly detection. Compared with existing advanced LSTM-based and CNN-LSTM-based methods, our method exhibits superior performance in detection, achieving an improvement in accuracy of 1.44% and 1.01%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Maloy Kumar Devnath

2023-09-24

Abstract:The Controller Area Network (CAN) bus serves as a standard protocol for facilitating communication among various electronic control units (ECUs) within contemporary vehicles. However, it has been demonstrated that the CAN bus is susceptible to remote attacks, which pose risks to the vehicle's safety and functionality. To tackle this concern, researchers have introduced intrusion detection systems (IDSs) to identify and thwart such attacks. In this paper, we present an innovative approach to intruder detection within the CAN bus, leveraging Graph Convolutional Network (GCN) techniques as introduced by Zhang, Tong, Xu, and Maciejewski in 2019. By harnessing the capabilities of deep learning, we aim to enhance attack detection accuracy while minimizing the requirement for manual feature engineering. Our experimental findings substantiate that the proposed GCN-based method surpasses existing IDSs in terms of accuracy, precision, and recall. Additionally, our approach demonstrates efficacy in detecting mixed attacks, which are more challenging to identify than single attacks. Furthermore, it reduces the necessity for extensive feature engineering and is particularly well-suited for real-time detection systems. To the best of our knowledge, this represents the pioneering application of GCN to CAN data for intrusion detection. Our proposed approach holds significant potential in fortifying the security and safety of modern vehicles, safeguarding against attacks and preventing them from undermining vehicle functionality.

Cryptography and Security

Ruize Sun,Zixuan Luo,Huancheng Xiao,Jianmin Cao,Xinan Wang,Jinping Hu

DOI: https://doi.org/10.1109/nnice61279.2024.10498797

2024-01-01

Abstract:As elevator usage time gradually increases, elevator faults become more frequent. Constrained by the lack of communication protocol disclosure from elevator manufacturers, current elevator anomaly detection typically necessitates additional sensors to acquire the dataset. However, this approach is marred by increased hardware costs, impacts on the elevator's original system, and unclear anomaly correlation. In this paper, we propose an elevator dataset scheme based on CAN bus data, eliminating the need for additional sensors while obtaining various critical elevator signals. For anomaly detection, we have i suggested a Graph Neural Networks which labels normal data as running up or down single-layer, multi-layer and stationary while all fault data are represented with one label. The approach detects anomalies by analyzing the Gini index under the operating state of elevators. It does not rely on expert knowledge nor limited to specific finite anomalies. Experiments conducted on an elevator in Shenzhen, China, demonstrated the model achieving 98.4% accuracy when a certain amount of anomalies was included in the training set. The model exhibited the ability to recognize unknown types of anomalies not present in the training set. Maintaining a high accuracy rate for both serious and minor anomalies, the model may detect subtle anomalies in the elevator before they manifest as serious faults, contributing to the predictive maintenance of the elevator.

Haichun Zhang,Kelin Huang,Jie Wang,Zhenglin Liu

DOI: https://doi.org/10.1109/cisai54367.2021.00050

2021-09-01

Abstract:The Controller Area Network (CAN) bus is the de-facto standard for connecting the Electronic Control Units (ECUs) in automobiles. However, there are serious cyber-security risks due to the lack of security mechanisms. In order to mine the vulnerabilities in CAN bus, this paper proposes CAN-FT, a fuzz testing method for automotive CAN bus, which uses a Generative Adversarial Network (GAN) based fuzzy message generation algorithm and the Adaptive Boosting (AdaBoost) based anomaly detection mechanism to capture the abnormal states of CAN bus. Experimental results on a real-world vehicle show that CAN-FT can find vulnerabilities more efficiently and comprehensively.

Markus Hanselmann,Thilo Strauss,Katharina Dormann,Holger Ulmer

DOI: https://doi.org/10.1109/access.2020.2982544

IF: 3.9

2020-01-01

IEEE Access

Abstract:We propose a neural network architecture for detecting intrusions on the controller area network (CAN). The latter is the standard communication method between the electronic control units (ECUs) of automobiles. However, CAN lacks security mechanisms and it has recently been shown that it can be attacked remotely. Hence, it is desirable to monitor CAN traffic to detect intrusions. In order to find both, known and unknown intrusion scenarios, we consider a novel unsupervised learning approach which we call CANet. To our knowledge, this is the first deep learning based intrusion detection system (IDS) that naturally handles the data structure of the high dimensional CAN bus, where different message types are sent at different times. Our method is evaluated on real and synthetic CAN data. A comparison with previous machine learning based methods shows that CANet outperforms them by a significant margin. For reproducibility of the method, our synthetic data is publicly available.

Reek Majumder,Gurcan Comert,David Werth,Adrian Gale,Mashrur Chowdhury,M Sabbir Salek

2024-12-04

Abstract:The network of services, including delivery, farming, and environmental monitoring, has experienced exponential expansion in the past decade with Unmanned Aerial Vehicles (UAVs). Yet, UAVs are not robust enough against cyberattacks, especially on the Controller Area Network (CAN) bus. The CAN bus is a general-purpose vehicle-bus standard to enable microcontrollers and in-vehicle computers to interact, primarily connecting different Electronic Control Units (ECUs). In this study, we focus on solving some of the most critical security weaknesses in UAVs by developing a novel graph-based intrusion detection system (IDS) leveraging the Uncomplicated Application-level Vehicular Communication and Networking (UAVCAN) protocol. First, we decode CAN messages based on UAVCAN protocol specification; second, we present a comprehensive method of transforming tabular UAVCAN messages into graph structures. Lastly, we apply various graph-based machine learning models for detecting cyber-attacks on the CAN bus, including graph convolutional neural networks (GCNNs), graph attention networks (GATs), Graph Sample and Aggregate Networks (GraphSAGE), and graph structure-based transformers. Our findings show that inductive models such as GATs, GraphSAGE, and graph-based transformers can achieve competitive and even better accuracy than transductive models like GCNNs in detecting various types of intrusions, with minimum information on protocol specification, thus providing a generic robust solution for CAN bus security for the UAVs. We also compared our results with baseline single-layer Long Short-Term Memory (LSTM) and found that all our graph-based models perform better without using any decoded features based on the UAVCAN protocol, highlighting higher detection performance with protocol-independent capability.

Artificial Intelligence

Jingwen Wei,Ye Chen,Yingxu Lai,Yuhang Wang,Zhaoyi Zhang

DOI: https://doi.org/10.1109/lcomm.2022.3195486

IF: 3.5529

2022-11-12

IEEE Communications Letters

Abstract:A controller area network (CAN) bus that controls real-time communication and data transmission of electronic control units in vehicles lacks security mechanisms and is highly vulnerable to attacks. The detection effectiveness of existing In-Vehicle network intrusion detection systems (IDSs) is usually reliant on training samples of known attacks. Owing to the simple structure of the CAN bus protocol, attackers can easily create variants based on known attacks. In this study, we propose a CAN bus IDS based on a domain adversarial neural network, which can achieve high detection performance on unlearned variant attack data. In addition, we used feature fusion techniques to synthetically extract the features of the attack data to improve detection capability. The experimental results demonstrate that our proposed model has high performance and generalization ability in attack detection.

telecommunications

Pengzhou Cheng,Zongru Wu,Gongshen Liu

2024-03-15

Abstract:Control Area Network (CAN) is an essential communication protocol that interacts between Electronic Control Units (ECUs) in the vehicular network. However, CAN is facing stringent security challenges due to innate security risks. Intrusion detection systems (IDSs) are a crucial safety component in remediating Vehicular Electronics and Systems vulnerabilities. However, existing IDSs fail to identify complexity attacks and have higher false alarms owing to capability bottleneck. In this paper, we propose a self-supervised multi-knowledge fused anomaly detection model, called MKF-ADS. Specifically, the method designs an integration framework, including spatial-temporal correlation with an attention mechanism (STcAM) module and patch sparse-transformer module (PatchST). The STcAM with fine-pruning uses one-dimensional convolution (Conv1D) to extract spatial features and subsequently utilizes the Bidirectional Long Short Term Memory (Bi-LSTM) to extract the temporal features, where the attention mechanism will focus on the important time steps. Meanwhile, the PatchST captures the combined contextual features from independent univariate time series. Finally, the proposed method is based on knowledge distillation to STcAM as a student model for learning intrinsic knowledge and cross the ability to mimic PatchST. We conduct extensive experiments on six simulation attack scenarios across various CAN IDs and time steps, and two real attack scenarios, which present a competitive prediction and detection performance. Compared with the baseline in the same paradigm, the error rate and FAR are 2.62\% and 2.41\% and achieve a promising F1-score of 97.3\%.

Artificial Intelligence,Cryptography and Security

Kai Wang,Qiguang Jiang,Bailing Wang,Yongzheng Zhang,Yulei Wu

DOI: https://doi.org/10.48550/arXiv.2311.07056

2023-11-13

Abstract:As an important component of internet of vehicles (IoV), intelligent connected vehicles (ICVs) have to communicate with external networks frequently. In this case, the resource-constrained in-vehicle network (IVN) is facing a wide variety of complex and changing external cyber-attacks, especially the masquerade attack with high difficulty of detection while serious damaging effects that few counter measures can identify successfully. Moreover, only coarse-grained recognition can be achieved in current mainstream intrusion detection mechanisms, i.e., whether a whole data flow observation window contains attack labels rather than fine-grained recognition on every single data item within this window. In this paper, we propose StatGraph: an Effective Multi-view Statistical Graph Learning Intrusion Detection to implement the fine-grained intrusion detection. Specifically, StatGraph generates two statistical graphs, timing correlation graph (TCG) and coupling relationship graph (CRG), based on data streams. In given message observation windows, edge attributes in TCGs represent temporal correlation between different message IDs, while edge attributes in CRGs denote the neighbour relationship and contextual similarity. Besides, a lightweight shallow layered GCN network is trained based graph property of TCGs and CRGs, which can learn the universal laws of various patterns more effectively and further enhance the performance of detection. To address the problem of insufficient attack types in previous intrusion detection, we select two real in-vehicle CAN datasets that cover four new attacks never investigated before. Experimental result shows StatGraph improves both detection granularity and detection performance over state-of-the-art intrusion detection methods.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security

Övgü Özdemir,M. Tuğberk İşyapar,Pınar Karagöz,Klaus Werner Schmidt,Demet Demir,N. Alpay Karagöz

2024-09-11

Abstract:Modern vehicles are equipped with Electronic Control Units (ECU) that are used for controlling important vehicle functions including safety-critical operations. ECUs exchange information via in-vehicle communication buses, of which the Controller Area Network (CAN bus) is by far the most widespread representative. Problems that may occur in the vehicle's physical parts or malicious attacks may cause anomalies in the CAN traffic, impairing the correct vehicle operation. Therefore, the detection of such anomalies is vital for vehicle safety. This paper reviews the research on anomaly detection for in-vehicle networks, more specifically for the CAN bus. Our main focus is the evaluation of methods used for CAN bus anomaly detection together with the datasets used in such analysis. To provide the reader with a more comprehensive understanding of the subject, we first give a brief review of related studies on time series-based anomaly detection. Then, we conduct an extensive survey of recent deep learning-based techniques as well as conventional techniques for CAN bus anomaly detection. Our comprehensive analysis delves into anomaly detection algorithms employed in in-vehicle networks, specifically focusing on their learning paradigms, inherent strengths, and weaknesses, as well as their efficacy when applied to CAN bus datasets. Lastly, we highlight challenges and open research problems in CAN bus anomaly detection.

Machine Learning,Artificial Intelligence,Signal Processing

Yulei Wu,Hong-Ning Dai,Haina Tang

DOI: https://doi.org/10.1109/jiot.2021.3094295

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) plays an important role in digital transformation of traditional industries toward Industry 4.0. By connecting sensors, instruments, and other industry devices to the Internet, IIoT facilitates the data collection, data analysis, and automated control, thereby improving the productivity and efficiency of the business as well as the resulting economic benefits. Due to the complex IIoT infrastructure, anomaly detection becomes an important tool to ensure the success of IIoT. Due to the nature of IIoT, graph-level anomaly detection has been a promising means to detect and predict anomalies in many different domains, such as transportation, energy, and factory, as well as for dynamically evolving networks. This article provides a useful investigation on graph neural networks (GNNs) for anomaly detection in IIoT-enabled smart transportation, smart energy, and smart factory. In addition to the GNN-empowered anomaly detection solutions on point, contextual, and collective types of anomalies, useful data sets, challenges, and open issues for each type of anomalies in the three identified industry sectors (i.e., smart transportation, smart energy, and smart factory) are also provided and discussed, which will be useful for future research in this area. To demonstrate the use of GNN in concrete scenarios, we show three case studies in smart transportation, smart energy, and smart factory, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

William Marfo,Deepak K. Tosh,Shirley V. Moore

DOI: https://doi.org/10.48550/arXiv.2303.07452

2023-03-14

Abstract:Due to the veracity and heterogeneity in network traffic, detecting anomalous events is challenging. The computational load on global servers is a significant challenge in terms of efficiency, accuracy, and scalability. Our primary motivation is to introduce a robust and scalable framework that enables efficient network anomaly detection. We address the issue of scalability and efficiency for network anomaly detection by leveraging federated learning, in which multiple participants train a global model jointly. Unlike centralized training architectures, federated learning does not require participants to upload their training data to the server, preventing attackers from exploiting the training data. Moreover, most prior works have focused on traditional centralized machine learning, making federated machine learning under-explored in network anomaly detection. Therefore, we propose a deep neural network framework that could work on low to mid-end devices detecting network anomalies while checking if a request from a specific IP address is malicious or not. Compared to multiple traditional centralized machine learning models, the deep neural federated model reduces training time overhead. The proposed method performs better than baseline machine learning techniques on the UNSW-NB15 data set as measured by experiments conducted with an accuracy of 97.21% and a faster computation time.

Machine Learning,Distributed, Parallel, and Cluster Computing

Haodong Yan,Fudong Li,Jinglong Chen,Zijun Liu,Jun Wang,Yong Feng,Xinwei Zhang

DOI: https://doi.org/10.1016/j.ress.2023.109418

2023-06-09

Abstract:Real-time anomaly detection is essential for the safe launch of some sophisticated equipment, such as liquid rocket engines (LRE), in order to head off disasters. However, the Industrial Internet of Things (IIoT) edge's real-time requirements cannot be addressed by the present methodologies, and the outcome is poor when dealing with a lack of training samples on the device side. We provide a solution for device-side real-time anomaly detection using the architecture known as Graph Embedded in Graph Networks to address these issues (GG-Nets). To fully extract features under insufficient training data, in our method, we learn the temporal relationship of timestamps in the multivariate signal through a time-series graph attention network (T-GAT) and extract features, and use the extracted features to replace the original signal as the information of the sensor attention network (S-GAT) nodes. For efficiency, the signals in the original sample are divided into odd and even sequences, which greatly reduces the number of nodes in the T-GAT. Experiments reveal that the proposed method outperforms other state-of-the-art models on the LRE ignition dataset. Furthermore, the ablation experiment proves that each module of the model improves the effect and extensive discussions explore interpretability. Our code can be found on: https://github.com/yhd-ai/GG-Nets .

engineering, industrial,operations research & management science