Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mo...Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mode Decomposition(EMD),an adaptive multiscale analysis method for nonlinear and non-stationary signals,is widely used in geophysical and geodetic data processing.Compared with traditional EMD,Improved Complete Ensemble EMD with Adaptive Noise(ICEEMDAN)is more effective in addressing the problem of mode mixing.Based on the principles of 1D ICEEMDAN,this paper presents an alternative algorithm for 2D ICEEMDAN,extending its application to two-dimensional scenarios.The effectiveness of the proposed approach is demonstrated through synthetic signal experiments,which show that the 2D ICEEMDAN exhibits a weaker mode mixing effect compared to the traditional bidimensional EMD(BEMD)method.Furthermore,to improve the performance of the denoising method based on 2D ICEEMDAN and preserve useful signals in high-frequency components,an improved soft thresholding technique is introduced.Synthetic magnetic anomaly data testing indicates that our denoising method effectively preserves signal continuity and outperforms traditional soft thresholding methods.To validate the practical application of this improved threshold denoising method based on 2D ICEEMDAN,it is applied to ground magnetic survey data in the Yandun area of Xinjiang.The results demonstrate the effectiveness of the method in removing noise while retaining essential information from practical magnetic anomaly data.In particular,practical applications suggest that 2D ICEEMDAN can extract trend signals more accurately than the BEMD.In conclusion,as a potential tool for multi-scale decomposition,the 2D ICEEMDAN is versatile in processing and analyzing 2D geophysical and geodetic data.展开更多
The Caroline Plate is located among the Pacific Plate,the Philippine Sea Plate,and the India Australia Plate,and plays a key role in controlling the spreading direction of the Philippine Sea Plate.The Caroline Submari...The Caroline Plate is located among the Pacific Plate,the Philippine Sea Plate,and the India Australia Plate,and plays a key role in controlling the spreading direction of the Philippine Sea Plate.The Caroline Submarine Plateau(or Caroline Ridge)and the Eauripik Rise on the south formed a remarkable T-shaped large igneous rock province,which covered the northern boundary between the Caroline Plate and the Pacific Plate.However,relationship between these tectonic units and magma evolution remains unclear.Based on magnetic data from the Earth Magnetic Anomaly Grid(2-arc-minute resolution)(V2),the normalized vertical derivative of the total horizontal derivative(NVDR-THDR)technique was used to study the boundary of the Caroline Plate.Results show that the northern boundary is a transform fault that runs 1400 km long in approximately 28 km wide along the N8°in E-W direction.The eastern boundary is an NNW-SSE trending fault zone and subduction zone with a width of tens to hundreds of kilometers;and the north of N4°is a fracture zone of dense faults.The southeastern boundary may be the Lyra Trough.The area between the southwestern part of the Caroline Plate and the Ayu Trough is occupied by a wide shear zone up to 100 km wide in nearly S-N trending in general.The Eauripik transform fault(ETF)in the center of the Caroline Plate and the fault zones in the east and west basins are mostly semi-parallel sinistral NNW-SSE–trending faults,which together with the eastern boundary Mussau Trench(MT)sinistral fault,the northern Caroline transform fault(CTF),and the southern shear zone of the western boundary,indicates the sinistral characteristics of the Caroline Plate.The Caroline hotspot erupted in the Pacific Plate near the CTF and formed the west Caroline Ridge,and then joined with the Caroline transform fault at the N8°.A large amount of magma erupted along the CTF,by which the east Caroline Ridge was formed.At the same time,a large amount of magma developed southward via the eastern branch of the ETF,forming the northern segment of the Eauripik Rise.Therefore,the magmatic activity of the T-shaped large igneous province is obviously related to the fault structure of the boundary faults between the Caroline Plate and Pacific Plate,and the active faults within the Caroline Plate.展开更多
Based on the understanding that the seismic fault system is a nonlinear complex system,Rundle(1995)introduced the nonlinear threshold system used in meteorology to analyze the ocean-atmosphere interface and the El Ni?...Based on the understanding that the seismic fault system is a nonlinear complex system,Rundle(1995)introduced the nonlinear threshold system used in meteorology to analyze the ocean-atmosphere interface and the El Ni?o Southern Oscillation into the study of seismic activity changes,and then proposed the PI method(Rundle et al.,2000a,b).Wu et al.(2011)modified the Pattern Informatics Method named MPI to extract the ionospheric anomaly by using data from DEMETER satellites which is suitable for 1–3 months short-term prediction.展开更多
In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower s...In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower substations to construct multidimensional time series. These time series are subsequently transformed intograph structures, and corresponding adjacency matrices are obtained. By incorporating the adjacency matricesand additional weights associated with the graph structure, an aggregation matrix is derived. The aggregationmatrix is then fed into a pre-trained graph convolutional neural network (GCN) to extract graph structure features.Moreover, both themultidimensional time series segments and the graph structure features are inputted into a pretrainedanomaly detectionmodel, resulting in corresponding anomaly detection results that help identify abnormaldata. The anomaly detection model consists of a multi-level encoder-decoder module, wherein each level includesa transformer encoder and decoder based on correlation differences. The attention module in the encoding layeradopts an abnormal attention module with a dual-branch structure. Experimental results demonstrate that ourproposed method significantly improves the accuracy and stability of anomaly detection.展开更多
Recently,anomaly detection(AD)in streaming data gained significant attention among research communities due to its applicability in finance,business,healthcare,education,etc.The recent developments of deep learning(DL...Recently,anomaly detection(AD)in streaming data gained significant attention among research communities due to its applicability in finance,business,healthcare,education,etc.The recent developments of deep learning(DL)models find helpful in the detection and classification of anomalies.This article designs an oversampling with an optimal deep learning-based streaming data classification(OS-ODLSDC)model.The aim of the OSODLSDC model is to recognize and classify the presence of anomalies in the streaming data.The proposed OS-ODLSDC model initially undergoes preprocessing step.Since streaming data is unbalanced,support vector machine(SVM)-Synthetic Minority Over-sampling Technique(SVM-SMOTE)is applied for oversampling process.Besides,the OS-ODLSDC model employs bidirectional long short-term memory(Bi LSTM)for AD and classification.Finally,the root means square propagation(RMSProp)optimizer is applied for optimal hyperparameter tuning of the Bi LSTM model.For ensuring the promising performance of the OS-ODLSDC model,a wide-ranging experimental analysis is performed using three benchmark datasets such as CICIDS 2018,KDD-Cup 1999,and NSL-KDD datasets.展开更多
Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible...Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.展开更多
In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.A...In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.Although many anomaly detection methods have been proposed,the temporal correlation of the time series over the same sensor and the state(spatial)correlation between different sensors are rarely considered simultaneously in these methods.Owing to the superior capability of Transformer in learning time series features.This paper proposes a time series anomaly detection method based on a spatial-temporal network and an improved Transformer.Additionally,the methods based on graph neural networks typically include a graph structure learning module and an anomaly detection module,which are interdependent.However,in the initial phase of training,since neither of the modules has reached an optimal state,their performance may influence each other.This scenario makes the end-to-end training approach hard to effectively direct the learning trajectory of each module.This interdependence between the modules,coupled with the initial instability,may cause the model to find it hard to find the optimal solution during the training process,resulting in unsatisfactory results.We introduce an adaptive graph structure learning method to obtain the optimal model parameters and graph structure.Experiments on two publicly available datasets demonstrate that the proposed method attains higher anomaly detection results than other methods.展开更多
The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the reali...The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.展开更多
Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of t...Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of the general population,even when the various types are combined.Coronary anomalies are practically challenging when the left and right coronary ostium are not found around their normal positions during coronary angiography with a catheter.If there is atherosclerotic stenosis of the coronary artery with an anomaly and percutaneous coronary intervention(PCI)is required,the suitability of the guiding catheter at the entrance and the adequate back up force of the guiding catheter are issues.The level of PCI risk itself should also be considered on a caseby-case basis.In this case,emission computed tomography in the R-1 subtype single coronary artery proved that ischemia occurred in an area where the coronary artery was not visible to the naked eye.Meticulous follow-up would be crucial,because sudden death may occur in single coronary arteries.To prevent atherosclerosis with full efforts is also important,as the authors indicated admirably.展开更多
In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly d...In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods.展开更多
Predictive maintenance has emerged as an effective tool for curbing maintenance costs,yet prevailing research predominantly concentrates on the abnormal phases.Within the ostensibly stable healthy phase,the reliance o...Predictive maintenance has emerged as an effective tool for curbing maintenance costs,yet prevailing research predominantly concentrates on the abnormal phases.Within the ostensibly stable healthy phase,the reliance on anomaly detection to preempt equipment malfunctions faces the challenge of sudden anomaly discernment.To address this challenge,this paper proposes a dual-task learning approach for bearing anomaly detection and state evaluation of safe regions.The proposed method transforms the execution of the two tasks into an optimization issue of the hypersphere center.By leveraging the monotonicity and distinguishability pertinent to the tasks as the foundation for optimization,it reconstructs the SVDD model to ensure equilibrium in the model’s performance across the two tasks.Subsequent experiments verify the proposed method’s effectiveness,which is interpreted from the perspectives of parameter adjustment and enveloping trade-offs.In the meantime,experimental results also show two deficiencies in anomaly detection accuracy and state evaluation metrics.Their theoretical analysis inspires us to focus on feature extraction and data collection to achieve improvements.The proposed method lays the foundation for realizing predictive maintenance in a healthy stage by improving condition awareness in safe regions.展开更多
Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misr...Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.展开更多
This study introduces a long-short-term memory(LSTM)-based neural network model developed for detecting anomaly events in care-independent smart homes,focusing on the critical application of elderly fall detection.It ...This study introduces a long-short-term memory(LSTM)-based neural network model developed for detecting anomaly events in care-independent smart homes,focusing on the critical application of elderly fall detection.It balances the dataset using the Synthetic Minority Over-sampling Technique(SMOTE),effectively neutralizing bias to address the challenge of unbalanced datasets prevalent in time-series classification tasks.The proposed LSTM model is trained on the enriched dataset,capturing the temporal dependencies essential for anomaly recognition.The model demonstrated a significant improvement in anomaly detection,with an accuracy of 84%.The results,detailed in the comprehensive classification and confusion matrices,showed the model’s proficiency in distinguishing between normal activities and falls.This study contributes to the advancement of smart home safety,presenting a robust framework for real-time anomaly monitoring.展开更多
The Qilian Orogenic belt is one of the typical orogenic belts globally and a natural laboratory for studying plate tectonics.Many researchers have studied the ophiolite and high pressure and ultra-high pressure metamo...The Qilian Orogenic belt is one of the typical orogenic belts globally and a natural laboratory for studying plate tectonics.Many researchers have studied the ophiolite and high pressure and ultra-high pressure metamorphic rocks in the Qilian orogen and obtained valuable achievements.However,a hot debate exists on the basement property,the distribution of ophiolite,and the boundaries of tectonic units.Large-scale high-precision aeromagnetic surveys have recently been conducted in the Qilian Orogenic belt and adjacent areas.In this study,we are trying to analysis the tectonic framework of the Qilian Orogen using 1:500,000 aeromagnetic data.The results provide geophysical perspectives for studying the structural framework and deformation of this area.According to the aeromagnetic∆T anomaly map,the central and Southern Qilian have the same magnetic anomaly feature that noticeably differs from the North Qilian Orogenic belt and the Qaidam Block.This result indicates that the central and Southern Qilian have a unified magnetic basement and differ from the North Qilian orogenic belt and Qaidam Block.The map shows the distribution of ophiolite in the North Qilian orogenic belt.Linear magnetic anomalies represent the ophiolites because the mafic–ultramafic rocks usually have high magnetic susceptibility.The ophiolite belts are continuously distributed in the western part of North Qilian orogenic belt and have a large scale.However,the scale of the ophiolite belt and the outcropping of mafic–ultramafic rocks reduces when they pass through Qilian County to the east.The results indicate differences in the evolution process between the eastern and western parts of North Qilian,with Qilian County as the transition zone.This study also systematically defines the geophysical boundaries of the Qaidam Block,Qilian Block,North Qilian Orogenic belt,and Alxa block.It is proposed that the sinistral displacement of the Altun Fault is adjusted and absorbed by the series of NE-trending faults in the Qilian orogen and merge into the Longshoushan–Gushi Fault.The extension of the North Qilian Orogenic belt is strengthened by the neotectonics movement along the shearing direction,which separated the North Qilian Orogenic belt into several segments and formed a series of northeast-trending faults.展开更多
With the popularisation of intelligent power,power devices have different shapes,numbers and specifications.This means that the power data has distributional variability,the model learning process cannot achieve suffi...With the popularisation of intelligent power,power devices have different shapes,numbers and specifications.This means that the power data has distributional variability,the model learning process cannot achieve sufficient extraction of data features,which seriously affects the accuracy and performance of anomaly detection.Therefore,this paper proposes a deep learning-based anomaly detection model for power data,which integrates a data alignment enhancement technique based on random sampling and an adaptive feature fusion method leveraging dimension reduction.Aiming at the distribution variability of power data,this paper developed a sliding window-based data adjustment method for this model,which solves the problem of high-dimensional feature noise and low-dimensional missing data.To address the problem of insufficient feature fusion,an adaptive feature fusion method based on feature dimension reduction and dictionary learning is proposed to improve the anomaly data detection accuracy of the model.In order to verify the effectiveness of the proposed method,we conducted effectiveness comparisons through elimination experiments.The experimental results show that compared with the traditional anomaly detection methods,the method proposed in this paper not only has an advantage in model accuracy,but also reduces the amount of parameter calculation of the model in the process of feature matching and improves the detection speed.展开更多
Structural Health Monitoring(SHM)systems have become a crucial tool for the operational management of long tunnels.For immersed tunnels exposed to both traffic loads and the effects of the marine environment,efficient...Structural Health Monitoring(SHM)systems have become a crucial tool for the operational management of long tunnels.For immersed tunnels exposed to both traffic loads and the effects of the marine environment,efficiently identifying abnormal conditions from the extensive unannotated SHM data presents a significant challenge.This study proposed amodel-based approach for anomaly detection and conducted validation and comparative analysis of two distinct temporal predictive models using SHM data from a real immersed tunnel.Firstly,a dynamic predictive model-based anomaly detectionmethod is proposed,which utilizes a rolling time window for modeling to achieve dynamic prediction.Leveraging the assumption of temporal data similarity,an interval prediction value deviation was employed to determine the abnormality of the data.Subsequently,dynamic predictive models were constructed based on the Autoregressive Integrated Moving Average(ARIMA)and Long Short-Term Memory(LSTM)models.The hyperparameters of these models were optimized and selected using monitoring data from the immersed tunnel,yielding viable static and dynamic predictive models.Finally,the models were applied within the same segment of SHM data,to validate the effectiveness of the anomaly detection approach based on dynamic predictive modeling.A detailed comparative analysis discusses the discrepancies in temporal anomaly detection between the ARIMA-and LSTM-based models.The results demonstrated that the dynamic predictive modelbased anomaly detection approach was effective for dealing with unannotated SHM data.In a comparison between ARIMA and LSTM,it was found that ARIMA demonstrated higher modeling efficiency,rendering it suitable for short-term predictions.In contrast,the LSTM model exhibited greater capacity to capture long-term performance trends and enhanced early warning capabilities,thereby resulting in superior overall performance.展开更多
The rapid growth of Internet of Things(IoT)devices has brought numerous benefits to the interconnected world.However,the ubiquitous nature of IoT networks exposes them to various security threats,including anomaly int...The rapid growth of Internet of Things(IoT)devices has brought numerous benefits to the interconnected world.However,the ubiquitous nature of IoT networks exposes them to various security threats,including anomaly intrusion attacks.In addition,IoT devices generate a high volume of unstructured data.Traditional intrusion detection systems often struggle to cope with the unique characteristics of IoT networks,such as resource constraints and heterogeneous data sources.Given the unpredictable nature of network technologies and diverse intrusion methods,conventional machine-learning approaches seem to lack efficiency.Across numerous research domains,deep learning techniques have demonstrated their capability to precisely detect anomalies.This study designs and enhances a novel anomaly-based intrusion detection system(AIDS)for IoT networks.Firstly,a Sparse Autoencoder(SAE)is applied to reduce the high dimension and get a significant data representation by calculating the reconstructed error.Secondly,the Convolutional Neural Network(CNN)technique is employed to create a binary classification approach.The proposed SAE-CNN approach is validated using the Bot-IoT dataset.The proposed models exceed the performance of the existing deep learning approach in the literature with an accuracy of 99.9%,precision of 99.9%,recall of 100%,F1 of 99.9%,False Positive Rate(FPR)of 0.0003,and True Positive Rate(TPR)of 0.9992.In addition,alternative metrics,such as training and testing durations,indicated that SAE-CNN performs better.展开更多
With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasin...With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasing complexity of IoT systems,the stability and security issues of IoT systems have become increasingly prominent.Thus,it is crucial to detect anomalies in the collected IoT time series from various sensors.Recently,deep learning models have been leveraged for IoT anomaly detection.However,owing to the challenges associated with data labeling,most IoT anomaly detection methods resort to unsupervised learning techniques.Nevertheless,the absence of accurate abnormal information in unsupervised learning methods limits their performance.To address these problems,we propose AS-GCN-MTM,an adaptive structural Graph Convolutional Networks(GCN)-based framework using a mean-teacher mechanism(AS-GCN-MTM)for anomaly identification.It performs better than unsupervised methods using only a small amount of labeled data.Mean Teachers is an effective semi-supervised learning method that utilizes unlabeled data for training to improve the generalization ability and performance of the model.However,the dependencies between data are often unknown in time series data.To solve this problem,we designed a graph structure adaptive learning layer based on neural networks,which can automatically learn the graph structure from time series data.It not only better captures the relationships between nodes but also enhances the model’s performance by augmenting key data.Experiments have demonstrated that our method improves the baseline model with the highest F1 value by 10.4%,36.1%,and 5.6%,respectively,on three real datasets with a 10%data labeling rate.展开更多
Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconst...Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconstruction has become a prevalent approach for unsupervised anomaly detection.However,effectively learning representations and achieving accurate detection results remain challenging due to the intricate temporal patterns and dependencies in real-world time series.In this paper,we propose a cross-dimension attentive feature fusion network for time series anomaly detection,referred to as CAFFN.Specifically,a series and feature mixing block is introduced to learn representations in 1D space.Additionally,a fast Fourier transform is employed to convert the time series into 2D space,providing the capability for 2D feature extraction.Finally,a cross-dimension attentive feature fusion mechanism is designed that adaptively integrates features across different dimensions for anomaly detection.Experimental results on real-world time series datasets demonstrate that CAFFN performs better than other competing methods in time series anomaly detection.展开更多
While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),...While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),given that these techniques are increasingly being used by malicious actors to compromise IoT systems.Although an ample body of research focusing on conventional AI methods exists,there is a paucity of studies related to advanced statistical and optimization approaches aimed at enhancing security measures.To contribute to this nascent research stream,a novel AI-driven security system denoted as“AI2AI”is presented in this work.AI2AI employs AI techniques to enhance the performance and optimize security mechanisms within the IoT framework.We also introduce the Genetic Algorithm Anomaly Detection and Prevention Deep Neural Networks(GAADPSDNN)sys-tem that can be implemented to effectively identify,detect,and prevent cyberattacks targeting IoT devices.Notably,this system demonstrates adaptability to both federated and centralized learning environments,accommodating a wide array of IoT devices.Our evaluation of the GAADPSDNN system using the recently complied WUSTL-IIoT and Edge-IIoT datasets underscores its efficacy.Achieving an impressive overall accuracy of 98.18%on the Edge-IIoT dataset,the GAADPSDNN outperforms the standard deep neural network(DNN)classifier with 94.11%accuracy.Furthermore,with the proposed enhancements,the accuracy of the unoptimized random forest classifier(80.89%)is improved to 93.51%,while the overall accuracy(98.18%)surpasses the results(93.91%,94.67%,94.94%,and 94.96%)achieved when alternative systems based on diverse optimization techniques and the same dataset are employed.The proposed optimization techniques increase the effectiveness of the anomaly detection system by efficiently achieving high accuracy and reducing the computational load on IoT devices through the adaptive selection of active features.展开更多
基金supported by the National Natural Science Foundation of China(No.42174090 and No.42250103)the MOST Special Fund from the State Key Laboratory of Geological Processes and Mineral Resources(No.MSFGPMR2022-4)+1 种基金the Opening Fund of Key Laboratory of Geological Survey and Evaluation of Ministry of Education(No.GLAB2023ZR02)the Fundamental Research Funds for the Central Universities。
文摘Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mode Decomposition(EMD),an adaptive multiscale analysis method for nonlinear and non-stationary signals,is widely used in geophysical and geodetic data processing.Compared with traditional EMD,Improved Complete Ensemble EMD with Adaptive Noise(ICEEMDAN)is more effective in addressing the problem of mode mixing.Based on the principles of 1D ICEEMDAN,this paper presents an alternative algorithm for 2D ICEEMDAN,extending its application to two-dimensional scenarios.The effectiveness of the proposed approach is demonstrated through synthetic signal experiments,which show that the 2D ICEEMDAN exhibits a weaker mode mixing effect compared to the traditional bidimensional EMD(BEMD)method.Furthermore,to improve the performance of the denoising method based on 2D ICEEMDAN and preserve useful signals in high-frequency components,an improved soft thresholding technique is introduced.Synthetic magnetic anomaly data testing indicates that our denoising method effectively preserves signal continuity and outperforms traditional soft thresholding methods.To validate the practical application of this improved threshold denoising method based on 2D ICEEMDAN,it is applied to ground magnetic survey data in the Yandun area of Xinjiang.The results demonstrate the effectiveness of the method in removing noise while retaining essential information from practical magnetic anomaly data.In particular,practical applications suggest that 2D ICEEMDAN can extract trend signals more accurately than the BEMD.In conclusion,as a potential tool for multi-scale decomposition,the 2D ICEEMDAN is versatile in processing and analyzing 2D geophysical and geodetic data.
基金The Open Fund of the Key Laboratory of Marine Geology and Environment,Chinese Academy of Sciences,under contract No.MGE2022KG11。
文摘The Caroline Plate is located among the Pacific Plate,the Philippine Sea Plate,and the India Australia Plate,and plays a key role in controlling the spreading direction of the Philippine Sea Plate.The Caroline Submarine Plateau(or Caroline Ridge)and the Eauripik Rise on the south formed a remarkable T-shaped large igneous rock province,which covered the northern boundary between the Caroline Plate and the Pacific Plate.However,relationship between these tectonic units and magma evolution remains unclear.Based on magnetic data from the Earth Magnetic Anomaly Grid(2-arc-minute resolution)(V2),the normalized vertical derivative of the total horizontal derivative(NVDR-THDR)technique was used to study the boundary of the Caroline Plate.Results show that the northern boundary is a transform fault that runs 1400 km long in approximately 28 km wide along the N8°in E-W direction.The eastern boundary is an NNW-SSE trending fault zone and subduction zone with a width of tens to hundreds of kilometers;and the north of N4°is a fracture zone of dense faults.The southeastern boundary may be the Lyra Trough.The area between the southwestern part of the Caroline Plate and the Ayu Trough is occupied by a wide shear zone up to 100 km wide in nearly S-N trending in general.The Eauripik transform fault(ETF)in the center of the Caroline Plate and the fault zones in the east and west basins are mostly semi-parallel sinistral NNW-SSE–trending faults,which together with the eastern boundary Mussau Trench(MT)sinistral fault,the northern Caroline transform fault(CTF),and the southern shear zone of the western boundary,indicates the sinistral characteristics of the Caroline Plate.The Caroline hotspot erupted in the Pacific Plate near the CTF and formed the west Caroline Ridge,and then joined with the Caroline transform fault at the N8°.A large amount of magma erupted along the CTF,by which the east Caroline Ridge was formed.At the same time,a large amount of magma developed southward via the eastern branch of the ETF,forming the northern segment of the Eauripik Rise.Therefore,the magmatic activity of the T-shaped large igneous province is obviously related to the fault structure of the boundary faults between the Caroline Plate and Pacific Plate,and the active faults within the Caroline Plate.
基金supported by the Joint Funds of the National Natural Science Foundation of China(Grant No.U2039207)。
文摘Based on the understanding that the seismic fault system is a nonlinear complex system,Rundle(1995)introduced the nonlinear threshold system used in meteorology to analyze the ocean-atmosphere interface and the El Ni?o Southern Oscillation into the study of seismic activity changes,and then proposed the PI method(Rundle et al.,2000a,b).Wu et al.(2011)modified the Pattern Informatics Method named MPI to extract the ionospheric anomaly by using data from DEMETER satellites which is suitable for 1–3 months short-term prediction.
基金the Science and Technology Project of China Southern Power Grid Company,Ltd.(031200KK52200003)the National Natural Science Foundation of China(Nos.62371253,52278119).
文摘In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower substations to construct multidimensional time series. These time series are subsequently transformed intograph structures, and corresponding adjacency matrices are obtained. By incorporating the adjacency matricesand additional weights associated with the graph structure, an aggregation matrix is derived. The aggregationmatrix is then fed into a pre-trained graph convolutional neural network (GCN) to extract graph structure features.Moreover, both themultidimensional time series segments and the graph structure features are inputted into a pretrainedanomaly detectionmodel, resulting in corresponding anomaly detection results that help identify abnormaldata. The anomaly detection model consists of a multi-level encoder-decoder module, wherein each level includesa transformer encoder and decoder based on correlation differences. The attention module in the encoding layeradopts an abnormal attention module with a dual-branch structure. Experimental results demonstrate that ourproposed method significantly improves the accuracy and stability of anomaly detection.
文摘Recently,anomaly detection(AD)in streaming data gained significant attention among research communities due to its applicability in finance,business,healthcare,education,etc.The recent developments of deep learning(DL)models find helpful in the detection and classification of anomalies.This article designs an oversampling with an optimal deep learning-based streaming data classification(OS-ODLSDC)model.The aim of the OSODLSDC model is to recognize and classify the presence of anomalies in the streaming data.The proposed OS-ODLSDC model initially undergoes preprocessing step.Since streaming data is unbalanced,support vector machine(SVM)-Synthetic Minority Over-sampling Technique(SVM-SMOTE)is applied for oversampling process.Besides,the OS-ODLSDC model employs bidirectional long short-term memory(Bi LSTM)for AD and classification.Finally,the root means square propagation(RMSProp)optimizer is applied for optimal hyperparameter tuning of the Bi LSTM model.For ensuring the promising performance of the OS-ODLSDC model,a wide-ranging experimental analysis is performed using three benchmark datasets such as CICIDS 2018,KDD-Cup 1999,and NSL-KDD datasets.
文摘Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.
基金This work is partly supported by the National Key Research and Development Program of China(Grant No.2020YFB1805403)the National Natural Science Foundation of China(Grant No.62032002)the 111 Project(Grant No.B21049).
文摘In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.Although many anomaly detection methods have been proposed,the temporal correlation of the time series over the same sensor and the state(spatial)correlation between different sensors are rarely considered simultaneously in these methods.Owing to the superior capability of Transformer in learning time series features.This paper proposes a time series anomaly detection method based on a spatial-temporal network and an improved Transformer.Additionally,the methods based on graph neural networks typically include a graph structure learning module and an anomaly detection module,which are interdependent.However,in the initial phase of training,since neither of the modules has reached an optimal state,their performance may influence each other.This scenario makes the end-to-end training approach hard to effectively direct the learning trajectory of each module.This interdependence between the modules,coupled with the initial instability,may cause the model to find it hard to find the optimal solution during the training process,resulting in unsatisfactory results.We introduce an adaptive graph structure learning method to obtain the optimal model parameters and graph structure.Experiments on two publicly available datasets demonstrate that the proposed method attains higher anomaly detection results than other methods.
基金supported by the grants:PID2020-112675RBC44(ONOFRE-3),funded by MCIN/AEI/10.13039/501100011033Horizon Project RIGOUROUS funded by European Commission,GA:101095933TSI-063000-2021-{36,44,45,62}(Cerberus)funded by MAETD’s 2021 UNICO I+D Program.
文摘The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.
文摘Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of the general population,even when the various types are combined.Coronary anomalies are practically challenging when the left and right coronary ostium are not found around their normal positions during coronary angiography with a catheter.If there is atherosclerotic stenosis of the coronary artery with an anomaly and percutaneous coronary intervention(PCI)is required,the suitability of the guiding catheter at the entrance and the adequate back up force of the guiding catheter are issues.The level of PCI risk itself should also be considered on a caseby-case basis.In this case,emission computed tomography in the R-1 subtype single coronary artery proved that ischemia occurred in an area where the coronary artery was not visible to the naked eye.Meticulous follow-up would be crucial,because sudden death may occur in single coronary arteries.To prevent atherosclerosis with full efforts is also important,as the authors indicated admirably.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2023-00235509,Development of Security Monitoring Technology Based Network Behavior against Encrypted Cyber Threats in ICT Convergence Environment).
文摘In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods.
基金Supported by Sichuan Provincial Key Research and Development Program of China(Grant No.2023YFG0351)National Natural Science Foundation of China(Grant No.61833002).
文摘Predictive maintenance has emerged as an effective tool for curbing maintenance costs,yet prevailing research predominantly concentrates on the abnormal phases.Within the ostensibly stable healthy phase,the reliance on anomaly detection to preempt equipment malfunctions faces the challenge of sudden anomaly discernment.To address this challenge,this paper proposes a dual-task learning approach for bearing anomaly detection and state evaluation of safe regions.The proposed method transforms the execution of the two tasks into an optimization issue of the hypersphere center.By leveraging the monotonicity and distinguishability pertinent to the tasks as the foundation for optimization,it reconstructs the SVDD model to ensure equilibrium in the model’s performance across the two tasks.Subsequent experiments verify the proposed method’s effectiveness,which is interpreted from the perspectives of parameter adjustment and enveloping trade-offs.In the meantime,experimental results also show two deficiencies in anomaly detection accuracy and state evaluation metrics.Their theoretical analysis inspires us to focus on feature extraction and data collection to achieve improvements.The proposed method lays the foundation for realizing predictive maintenance in a healthy stage by improving condition awareness in safe regions.
基金This study was funded by the Chongqing Normal University Startup Foundation for PhD(22XLB021)was also supported by the Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT2023B40).
文摘Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2024R 343),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.The authors extend their appreciation to the Deanship of Scientific Research at Northern Border University,Arar,KSA for funding this research work through the Project Number“NBU-FFR-2024-1092-04”.
文摘This study introduces a long-short-term memory(LSTM)-based neural network model developed for detecting anomaly events in care-independent smart homes,focusing on the critical application of elderly fall detection.It balances the dataset using the Synthetic Minority Over-sampling Technique(SMOTE),effectively neutralizing bias to address the challenge of unbalanced datasets prevalent in time-series classification tasks.The proposed LSTM model is trained on the enriched dataset,capturing the temporal dependencies essential for anomaly recognition.The model demonstrated a significant improvement in anomaly detection,with an accuracy of 84%.The results,detailed in the comprehensive classification and confusion matrices,showed the model’s proficiency in distinguishing between normal activities and falls.This study contributes to the advancement of smart home safety,presenting a robust framework for real-time anomaly monitoring.
基金supported by the National Natural Science Foundation of China grant(U2244220)China Geological Survey Project grant(DD20190551,DD20230351)。
文摘The Qilian Orogenic belt is one of the typical orogenic belts globally and a natural laboratory for studying plate tectonics.Many researchers have studied the ophiolite and high pressure and ultra-high pressure metamorphic rocks in the Qilian orogen and obtained valuable achievements.However,a hot debate exists on the basement property,the distribution of ophiolite,and the boundaries of tectonic units.Large-scale high-precision aeromagnetic surveys have recently been conducted in the Qilian Orogenic belt and adjacent areas.In this study,we are trying to analysis the tectonic framework of the Qilian Orogen using 1:500,000 aeromagnetic data.The results provide geophysical perspectives for studying the structural framework and deformation of this area.According to the aeromagnetic∆T anomaly map,the central and Southern Qilian have the same magnetic anomaly feature that noticeably differs from the North Qilian Orogenic belt and the Qaidam Block.This result indicates that the central and Southern Qilian have a unified magnetic basement and differ from the North Qilian orogenic belt and Qaidam Block.The map shows the distribution of ophiolite in the North Qilian orogenic belt.Linear magnetic anomalies represent the ophiolites because the mafic–ultramafic rocks usually have high magnetic susceptibility.The ophiolite belts are continuously distributed in the western part of North Qilian orogenic belt and have a large scale.However,the scale of the ophiolite belt and the outcropping of mafic–ultramafic rocks reduces when they pass through Qilian County to the east.The results indicate differences in the evolution process between the eastern and western parts of North Qilian,with Qilian County as the transition zone.This study also systematically defines the geophysical boundaries of the Qaidam Block,Qilian Block,North Qilian Orogenic belt,and Alxa block.It is proposed that the sinistral displacement of the Altun Fault is adjusted and absorbed by the series of NE-trending faults in the Qilian orogen and merge into the Longshoushan–Gushi Fault.The extension of the North Qilian Orogenic belt is strengthened by the neotectonics movement along the shearing direction,which separated the North Qilian Orogenic belt into several segments and formed a series of northeast-trending faults.
文摘With the popularisation of intelligent power,power devices have different shapes,numbers and specifications.This means that the power data has distributional variability,the model learning process cannot achieve sufficient extraction of data features,which seriously affects the accuracy and performance of anomaly detection.Therefore,this paper proposes a deep learning-based anomaly detection model for power data,which integrates a data alignment enhancement technique based on random sampling and an adaptive feature fusion method leveraging dimension reduction.Aiming at the distribution variability of power data,this paper developed a sliding window-based data adjustment method for this model,which solves the problem of high-dimensional feature noise and low-dimensional missing data.To address the problem of insufficient feature fusion,an adaptive feature fusion method based on feature dimension reduction and dictionary learning is proposed to improve the anomaly data detection accuracy of the model.In order to verify the effectiveness of the proposed method,we conducted effectiveness comparisons through elimination experiments.The experimental results show that compared with the traditional anomaly detection methods,the method proposed in this paper not only has an advantage in model accuracy,but also reduces the amount of parameter calculation of the model in the process of feature matching and improves the detection speed.
基金supported by the Research and Development Center of Transport Industry of New Generation of Artificial Intelligence Technology(Grant No.202202H)the National Key R&D Program of China(Grant No.2019YFB1600702)the National Natural Science Foundation of China(Grant Nos.51978600&51808336).
文摘Structural Health Monitoring(SHM)systems have become a crucial tool for the operational management of long tunnels.For immersed tunnels exposed to both traffic loads and the effects of the marine environment,efficiently identifying abnormal conditions from the extensive unannotated SHM data presents a significant challenge.This study proposed amodel-based approach for anomaly detection and conducted validation and comparative analysis of two distinct temporal predictive models using SHM data from a real immersed tunnel.Firstly,a dynamic predictive model-based anomaly detectionmethod is proposed,which utilizes a rolling time window for modeling to achieve dynamic prediction.Leveraging the assumption of temporal data similarity,an interval prediction value deviation was employed to determine the abnormality of the data.Subsequently,dynamic predictive models were constructed based on the Autoregressive Integrated Moving Average(ARIMA)and Long Short-Term Memory(LSTM)models.The hyperparameters of these models were optimized and selected using monitoring data from the immersed tunnel,yielding viable static and dynamic predictive models.Finally,the models were applied within the same segment of SHM data,to validate the effectiveness of the anomaly detection approach based on dynamic predictive modeling.A detailed comparative analysis discusses the discrepancies in temporal anomaly detection between the ARIMA-and LSTM-based models.The results demonstrated that the dynamic predictive modelbased anomaly detection approach was effective for dealing with unannotated SHM data.In a comparison between ARIMA and LSTM,it was found that ARIMA demonstrated higher modeling efficiency,rendering it suitable for short-term predictions.In contrast,the LSTM model exhibited greater capacity to capture long-term performance trends and enhanced early warning capabilities,thereby resulting in superior overall performance.
基金Researchers Supporting Project Number(RSP2024R206),King Saud University,Riyadh,Saudi Arabia.
文摘The rapid growth of Internet of Things(IoT)devices has brought numerous benefits to the interconnected world.However,the ubiquitous nature of IoT networks exposes them to various security threats,including anomaly intrusion attacks.In addition,IoT devices generate a high volume of unstructured data.Traditional intrusion detection systems often struggle to cope with the unique characteristics of IoT networks,such as resource constraints and heterogeneous data sources.Given the unpredictable nature of network technologies and diverse intrusion methods,conventional machine-learning approaches seem to lack efficiency.Across numerous research domains,deep learning techniques have demonstrated their capability to precisely detect anomalies.This study designs and enhances a novel anomaly-based intrusion detection system(AIDS)for IoT networks.Firstly,a Sparse Autoencoder(SAE)is applied to reduce the high dimension and get a significant data representation by calculating the reconstructed error.Secondly,the Convolutional Neural Network(CNN)technique is employed to create a binary classification approach.The proposed SAE-CNN approach is validated using the Bot-IoT dataset.The proposed models exceed the performance of the existing deep learning approach in the literature with an accuracy of 99.9%,precision of 99.9%,recall of 100%,F1 of 99.9%,False Positive Rate(FPR)of 0.0003,and True Positive Rate(TPR)of 0.9992.In addition,alternative metrics,such as training and testing durations,indicated that SAE-CNN performs better.
基金This research is partially supported by the National Natural Science Foundation of China under Grant No.62376043Science and Technology Program of Sichuan Province under Grant Nos.2020JDRC0067,2023JDRC0087,and 24NSFTD0025.
文摘With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasing complexity of IoT systems,the stability and security issues of IoT systems have become increasingly prominent.Thus,it is crucial to detect anomalies in the collected IoT time series from various sensors.Recently,deep learning models have been leveraged for IoT anomaly detection.However,owing to the challenges associated with data labeling,most IoT anomaly detection methods resort to unsupervised learning techniques.Nevertheless,the absence of accurate abnormal information in unsupervised learning methods limits their performance.To address these problems,we propose AS-GCN-MTM,an adaptive structural Graph Convolutional Networks(GCN)-based framework using a mean-teacher mechanism(AS-GCN-MTM)for anomaly identification.It performs better than unsupervised methods using only a small amount of labeled data.Mean Teachers is an effective semi-supervised learning method that utilizes unlabeled data for training to improve the generalization ability and performance of the model.However,the dependencies between data are often unknown in time series data.To solve this problem,we designed a graph structure adaptive learning layer based on neural networks,which can automatically learn the graph structure from time series data.It not only better captures the relationships between nodes but also enhances the model’s performance by augmenting key data.Experiments have demonstrated that our method improves the baseline model with the highest F1 value by 10.4%,36.1%,and 5.6%,respectively,on three real datasets with a 10%data labeling rate.
基金supported in part by the National Natural Science Foundation of China(Grants 62376172,62006163,62376043)in part by the National Postdoctoral Program for Innovative Talents(Grant BX20200226)in part by Sichuan Science and Technology Planning Project(Grants 2022YFSY0047,2022YFQ0014,2023ZYD0143,2022YFH0021,2023YFQ0020,24QYCX0354,24NSFTD0025).
文摘Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconstruction has become a prevalent approach for unsupervised anomaly detection.However,effectively learning representations and achieving accurate detection results remain challenging due to the intricate temporal patterns and dependencies in real-world time series.In this paper,we propose a cross-dimension attentive feature fusion network for time series anomaly detection,referred to as CAFFN.Specifically,a series and feature mixing block is introduced to learn representations in 1D space.Additionally,a fast Fourier transform is employed to convert the time series into 2D space,providing the capability for 2D feature extraction.Finally,a cross-dimension attentive feature fusion mechanism is designed that adaptively integrates features across different dimensions for anomaly detection.Experimental results on real-world time series datasets demonstrate that CAFFN performs better than other competing methods in time series anomaly detection.
文摘While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),given that these techniques are increasingly being used by malicious actors to compromise IoT systems.Although an ample body of research focusing on conventional AI methods exists,there is a paucity of studies related to advanced statistical and optimization approaches aimed at enhancing security measures.To contribute to this nascent research stream,a novel AI-driven security system denoted as“AI2AI”is presented in this work.AI2AI employs AI techniques to enhance the performance and optimize security mechanisms within the IoT framework.We also introduce the Genetic Algorithm Anomaly Detection and Prevention Deep Neural Networks(GAADPSDNN)sys-tem that can be implemented to effectively identify,detect,and prevent cyberattacks targeting IoT devices.Notably,this system demonstrates adaptability to both federated and centralized learning environments,accommodating a wide array of IoT devices.Our evaluation of the GAADPSDNN system using the recently complied WUSTL-IIoT and Edge-IIoT datasets underscores its efficacy.Achieving an impressive overall accuracy of 98.18%on the Edge-IIoT dataset,the GAADPSDNN outperforms the standard deep neural network(DNN)classifier with 94.11%accuracy.Furthermore,with the proposed enhancements,the accuracy of the unoptimized random forest classifier(80.89%)is improved to 93.51%,while the overall accuracy(98.18%)surpasses the results(93.91%,94.67%,94.94%,and 94.96%)achieved when alternative systems based on diverse optimization techniques and the same dataset are employed.The proposed optimization techniques increase the effectiveness of the anomaly detection system by efficiently achieving high accuracy and reducing the computational load on IoT devices through the adaptive selection of active features.