Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconst...Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconstruction has become a prevalent approach for unsupervised anomaly detection.However,effectively learning representations and achieving accurate detection results remain challenging due to the intricate temporal patterns and dependencies in real-world time series.In this paper,we propose a cross-dimension attentive feature fusion network for time series anomaly detection,referred to as CAFFN.Specifically,a series and feature mixing block is introduced to learn representations in 1D space.Additionally,a fast Fourier transform is employed to convert the time series into 2D space,providing the capability for 2D feature extraction.Finally,a cross-dimension attentive feature fusion mechanism is designed that adaptively integrates features across different dimensions for anomaly detection.Experimental results on real-world time series datasets demonstrate that CAFFN performs better than other competing methods in time series anomaly detection.展开更多
A dandelion algorithm(DA) is a recently developed intelligent optimization algorithm for function optimization problems. Many of its parameters need to be set by experience in DA,which might not be appropriate for all...A dandelion algorithm(DA) is a recently developed intelligent optimization algorithm for function optimization problems. Many of its parameters need to be set by experience in DA,which might not be appropriate for all optimization problems. A self-adapting and efficient dandelion algorithm is proposed in this work to lower the number of DA's parameters and simplify DA's structure. Only the normal sowing operator is retained;while the other operators are discarded. An adaptive seeding radius strategy is designed for the core dandelion. The results show that the proposed algorithm achieves better performance on the standard test functions with less time consumption than its competitive peers. In addition, the proposed algorithm is applied to feature selection for credit card fraud detection(CCFD), and the results indicate that it can obtain higher classification and detection performance than the-state-of-the-art methods.展开更多
Log anomaly detection is an important paradigm for system troubleshooting.Existing log anomaly detection based on Long Short-Term Memory(LSTM)networks is time-consuming to handle long sequences.Transformer model is in...Log anomaly detection is an important paradigm for system troubleshooting.Existing log anomaly detection based on Long Short-Term Memory(LSTM)networks is time-consuming to handle long sequences.Transformer model is introduced to promote efficiency.However,most existing Transformer-based log anomaly detection methods convert unstructured log messages into structured templates by log parsing,which introduces parsing errors.They only extract simple semantic feature,which ignores other features,and are generally supervised,relying on the amount of labeled data.To overcome the limitations of existing methods,this paper proposes a novel unsupervised log anomaly detection method based on multi-feature(UMFLog).UMFLog includes two sub-models to consider two kinds of features:semantic feature and statistical feature,respectively.UMFLog applies the log original content with detailed parameters instead of templates or template IDs to avoid log parsing errors.In the first sub-model,UMFLog uses Bidirectional Encoder Representations from Transformers(BERT)instead of random initialization to extract effective semantic feature,and an unsupervised hypersphere-based Transformer model to learn compact log sequence representations and obtain anomaly candidates.In the second sub-model,UMFLog exploits a statistical feature-based Variational Autoencoder(VAE)about word occurrence times to identify the final anomaly from anomaly candidates.Extensive experiments and evaluations are conducted on three real public log datasets.The results show that UMFLog significantly improves F1-scores compared to the state-of-the-art(SOTA)methods because of the multi-feature.展开更多
Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attac...Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks.展开更多
The continuously booming of information technology has shed light on developing a variety of communication networks,multimedia,social networks and Internet of Things applications.However,users inevitably suffer from t...The continuously booming of information technology has shed light on developing a variety of communication networks,multimedia,social networks and Internet of Things applications.However,users inevitably suffer from the intrusion of malicious users.Some studies focus on static characteristics of malicious users,which is easy to be bypassed by camouflaged malicious users.In this paper,we present a malicious user detection method based on ensemble feature selection and adversarial training.Firstly,the feature selection alleviates the dimension disaster problem and achieves more accurate classification performance.Secondly,we embed features into the multidimensional space and aggregate it into a feature map to encode the explicit content preference and implicit interaction preference.Thirdly,we use an effective ensemble learning which could avoid over-fitting and has good noise resistance.Finally,we propose a datadriven neural network detection model with the regularization technique adversarial training to deeply analyze the characteristics.It simplifies the parameters,obtaining more robust interaction features and pattern features.We demonstrate the effectiveness of our approach with numerical simulation results for malicious user detection,where the robustness issues are notable concerns.展开更多
Pavement crack detection plays a crucial role in ensuring road safety and reducing maintenance expenses.Recent advancements in deep learning(DL)techniques have shown promising results in detecting pavement cracks;howe...Pavement crack detection plays a crucial role in ensuring road safety and reducing maintenance expenses.Recent advancements in deep learning(DL)techniques have shown promising results in detecting pavement cracks;however,the selection of relevant features for classification remains challenging.In this study,we propose a new approach for pavement crack detection that integrates deep learning for feature extraction,the whale optimization algorithm(WOA)for feature selection,and random forest(RF)for classification.The performance of the models was evaluated using accuracy,recall,precision,F1 score,and area under the receiver operating characteristic curve(AUC).Our findings reveal that Model 2,which incorporates RF into the ResNet-18 architecture,outperforms baseline Model 1 across all evaluation metrics.Nevertheless,our proposed model,which combines ResNet-18 with both WOA and RF,achieves significantly higher accuracy,recall,precision,and F1 score compared to the other two models.These results underscore the effectiveness of integrating RF and WOA into ResNet-18 for pavement crack detection applications.We applied the proposed approach to a dataset of pavement images,achieving an accuracy of 97.16%and an AUC of 0.984.Our results demonstrate that the proposed approach surpasses existing methods for pavement crack detection,offering a promising solution for the automatic identification of pavement cracks.By leveraging this approach,potential safety hazards can be identified more effectively,enabling timely repairs and maintenance measures.Lastly,the findings of this study also emphasize the potential of integrating RF and WOA with deep learning for pavement crack detection,providing road authorities with the necessary tools to make informed decisions regarding road infrastructure maintenance.展开更多
Applications of internet-of-things(IoT)are increasingly being used in many facets of our daily life,which results in an enormous volume of data.Cloud computing and fog computing,two of the most common technologies use...Applications of internet-of-things(IoT)are increasingly being used in many facets of our daily life,which results in an enormous volume of data.Cloud computing and fog computing,two of the most common technologies used in IoT applications,have led to major security concerns.Cyberattacks are on the rise as a result of the usage of these technologies since present security measures are insufficient.Several artificial intelligence(AI)based security solutions,such as intrusion detection systems(IDS),have been proposed in recent years.Intelligent technologies that require data preprocessing and machine learning algorithm-performance augmentation require the use of feature selection(FS)techniques to increase classification accuracy by minimizing the number of features selected.On the other hand,metaheuristic optimization algorithms have been widely used in feature selection in recent decades.In this paper,we proposed a hybrid optimization algorithm for feature selection in IDS.The proposed algorithm is based on grey wolf(GW),and dipper throated optimization(DTO)algorithms and is referred to as GWDTO.The proposed algorithm has a better balance between the exploration and exploitation steps of the optimization process and thus could achieve better performance.On the employed IoT-IDS dataset,the performance of the proposed GWDTO algorithm was assessed using a set of evaluation metrics and compared to other optimization approaches in 2678 CMC,2023,vol.74,no.2 the literature to validate its superiority.In addition,a statistical analysis is performed to assess the stability and effectiveness of the proposed approach.Experimental results confirmed the superiority of the proposed approach in boosting the classification accuracy of the intrusion in IoT-based networks.展开更多
The increasing number of security holes in the Internet of Things(IoT)networks creates a question about the reliability of existing network intrusion detection systems.This problem has led to the developing of a resea...The increasing number of security holes in the Internet of Things(IoT)networks creates a question about the reliability of existing network intrusion detection systems.This problem has led to the developing of a research area focused on improving network-based intrusion detection system(NIDS)technologies.According to the analysis of different businesses,most researchers focus on improving the classification results of NIDS datasets by combining machine learning and feature reduction techniques.However,these techniques are not suitable for every type of network.In light of this,whether the optimal algorithm and feature reduction techniques can be generalized across various datasets for IoT networks remains.The paper aims to analyze the methods used in this research and whether they can be generalized to other datasets.Six ML models were used in this study,namely,logistic regression(LR),decision trees(DT),Naive Bayes(NB),random forest(RF),K-nearest neighbors(KNN),and linear SVM.The primary detection algorithms used in this study,Principal Component(PCA)and Gini Impurity-Based Weighted Forest(GIWRF)evaluated against three global ToN-IoT datasets,UNSW-NB15,and Bot-IoT datasets.The optimal number of dimensions for each dataset was not studied by applying the PCA algorithm.It is stated in the paper that the selection of datasets affects the performance of the FE techniques and detection algorithms used.Increasing the efficiency of this research area requires a comprehensive standard feature set that can be used to improve quality over time.展开更多
Image-anomaly detection, which is widely used in industrial fields. Previous studies that attempted to address this problem often trained convolutional neural network-based models(e.g., autoencoders and generative adv...Image-anomaly detection, which is widely used in industrial fields. Previous studies that attempted to address this problem often trained convolutional neural network-based models(e.g., autoencoders and generative adversarial networks) to reconstruct covered parts of input images and calculate the difference between the input and reconstructed images. However, convolutional operations are effective at extracting local features, making it difficult to identify larger image anomalies. Method To this end, we propose a transformer architecture based on mutual attention for image-anomaly separation. This architecture can capture long-term dependencies and fuse local and global features to facilitate better image-anomaly detection. Result Our method was extensively evaluated on several benchmarks, and experimental results showed that it improved the detection capability by 3.1% and localization capability by 1.0% compared with state-of-the-art reconstruction-based methods.展开更多
Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to succes...Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.展开更多
In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detec...In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detection.From this perspective,this paper proposes a novel state-based control feature extraction approach,which regards the finite control operations as different states.Furthermore,the procedure of state transition can adequately express the change of successive control operations,and the statistical information between different states can be used to calculate the feature values.Additionally,OCSVM(One Class Support Vector Machine)and BPNN(BP Neural Network),which are optimized by PSO(Particle Swarm Optimization)and GA(Genetic Algorithm)respectively,are introduced as alternative detection engines to match with our feature extraction approach.All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms,and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSO-OCSVM classifier.展开更多
Industrial Control Systems (ICS) or SCADA networks are increasingly targeted by cyber-attacks as their architectures shifted from proprietary hardware, software and protocols to standard and open sources ones. Further...Industrial Control Systems (ICS) or SCADA networks are increasingly targeted by cyber-attacks as their architectures shifted from proprietary hardware, software and protocols to standard and open sources ones. Furthermore, these systems which used to be isolated are now interconnected to corporate networks and to the Internet. Among the countermeasures to mitigate the threats, anomaly detection systems play an important role as they can help detect even unknown attacks. Deep learning which has gained a great attention in the last few years due to excellent results in image, video and natural language processing is being used for anomaly detection in information security, particularly in SCADA networks. The salient features of the data from SCADA networks are learnt as hierarchical representation using deep architectures, and those learnt features are used to classify the data into normal or anomalous ones. This article is a review of various architectures such as Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Stacked Autoencoder (SAE), Long Short Term Memory (LSTM), or a combination of those architectures, for anomaly detection purpose in SCADA networks.展开更多
Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub ...Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.展开更多
As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of a...As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of applying Machine Learning-based cybersecurity in IoT devices is feature selection as most IoT devices are resource-constrained. This paper studies two feature selection algorithms: Information Gain and PSO-based, to select a minimum number of attack features, and Decision Tree and SVM are utilized for performance comparison. The consistent use of the same metrics in feature selection and detection algorithms substantially enhances the classification accuracy compared to the non-consistent use in feature selection by Information Gain (entropy) and Tree detection algorithm by classification. Furthermore, the Tree with consistent feature selection is comparable to the ensemble that provides excellent performance at the cost of computation complexity.展开更多
System logs record detailed information about system operation and areimportant for analyzing the system's operational status and performance. Rapidand accurate detection of system anomalies is of great significan...System logs record detailed information about system operation and areimportant for analyzing the system's operational status and performance. Rapidand accurate detection of system anomalies is of great significance to ensure system stability. However, large-scale distributed systems are becoming more andmore complex, and the number of system logs gradually increases, which bringschallenges to analyze system logs. Some recent studies show that logs can beunstable due to the evolution of log statements and noise introduced by log collection and parsing. Moreover, deep learning-based detection methods take a longtime to train models. Therefore, to reduce the computational cost and avoid loginstability we propose a new Word2Vec-based log unsupervised anomaly detection method (LogUAD). LogUAD does not require a log parsing step and takesoriginal log messages as input to avoid the noise. LogUAD uses Word2Vec togenerate word vectors and generates weighted log sequence feature vectors withTF-IDF to handle the evolution of log statements. At last, a computationally effi-cient unsupervised clustering is exploited to detect the anomaly. We conductedextensive experiments on the public dataset from Blue Gene/L (BGL). Experimental results show that the F1-score of LogUAD can be improved by 67.25%compared to LogCluster.展开更多
The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains...The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.展开更多
With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althou...With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althoughthis approach can achieve higher detection performance,it requires huge human labor and resources to maintainthe feature library.In contrast,semantic feature engineering can dynamically discover new semantic featuresand optimize feature selection by automatically analyzing the semantic information contained in the data itself,thus reducing dependence on prior knowledge.However,current semantic features still have the problem ofsemantic expression singularity,as they are extracted from a single semantic mode such as word segmentation,character segmentation,or arbitrary semantic feature extraction.This paper extracts features of web requestsfrom dual semantic granularity,and proposes a semantic feature fusion method to solve the above problems.Themethod first preprocesses web requests,and extracts word-level and character-level semantic features of URLs viaconvolutional neural network(CNN),respectively.By constructing three loss functions to reduce losses betweenfeatures,labels and categories.Experiments on the HTTP CSIC 2010,Malicious URLs and HttpParams datasetsverify the proposedmethod.Results show that compared withmachine learning,deep learningmethods and BERTmodel,the proposed method has better detection performance.And it achieved the best detection rate of 99.16%in the dataset HttpParams.展开更多
Undoubtedly,spam is a serious problem,and the number of spam emails is increased rapidly.Besides,the massive number of spam emails prompts the need for spam detection techniques.Several methods and algorithms are used...Undoubtedly,spam is a serious problem,and the number of spam emails is increased rapidly.Besides,the massive number of spam emails prompts the need for spam detection techniques.Several methods and algorithms are used for spam filtering.Also,some emergent spam detection techniques use machine learning methods and feature extraction.Some methods and algorithms have been introduced for spam detecting and filtering.This research proposes two models for spam detection and feature selection.The first model is evaluated with the email spam classification dataset,which is based on reducing the number of keywords to its minimum.The results of this model are promising and highly acceptable.The second proposed model is based on creating features for spam detection as a first stage.Then,the number of features is reduced using three well-known metaheuristic algorithms at the second stage.The algorithms used in the second model are Artificial Bee Colony(ABC),Ant Colony Optimization(ACO),and Particle Swarm Optimization(PSO),and these three algorithms are adapted to fit the proposed model.Also,the authors give it the names AABC,AACO,and APSO,respectively.The dataset used for the evaluation of this model is Enron.Finally,well-known criteria are used for the evaluation purposes of this model,such as true positive,false positive,false negative,precision,recall,and F-Measure.The outcomes of the second proposed model are highly significant compared to the first one.展开更多
To address the problem of using fixed feature and single apparent model which is difficult to adapt to the complex scenarios, a Kernelized correlation filter target tracking algorithm based on online saliency feature ...To address the problem of using fixed feature and single apparent model which is difficult to adapt to the complex scenarios, a Kernelized correlation filter target tracking algorithm based on online saliency feature selection and fusion is proposed. It combined the correlation filter tracking framework and the salient feature model of the target. In the tracking process, the maximum Kernel correlation filter response values of different feature models were calculated respectively, and the response weights were dynamically set according to the saliency of different features. According to the filter response value, the final target position was obtained, which improves the target positioning accuracy. The target model was dynamically updated in an online manner based on the feature saliency measurement results. The experimental results show that the proposed method can effectively utilize the distinctive feature fusion to improve the tracking effect in complex environments.展开更多
基金supported in part by the National Natural Science Foundation of China(Grants 62376172,62006163,62376043)in part by the National Postdoctoral Program for Innovative Talents(Grant BX20200226)in part by Sichuan Science and Technology Planning Project(Grants 2022YFSY0047,2022YFQ0014,2023ZYD0143,2022YFH0021,2023YFQ0020,24QYCX0354,24NSFTD0025).
文摘Time series anomaly detection is crucial in various industrial applications to identify unusual behaviors within the time series data.Due to the challenges associated with annotating anomaly events,time series reconstruction has become a prevalent approach for unsupervised anomaly detection.However,effectively learning representations and achieving accurate detection results remain challenging due to the intricate temporal patterns and dependencies in real-world time series.In this paper,we propose a cross-dimension attentive feature fusion network for time series anomaly detection,referred to as CAFFN.Specifically,a series and feature mixing block is introduced to learn representations in 1D space.Additionally,a fast Fourier transform is employed to convert the time series into 2D space,providing the capability for 2D feature extraction.Finally,a cross-dimension attentive feature fusion mechanism is designed that adaptively integrates features across different dimensions for anomaly detection.Experimental results on real-world time series datasets demonstrate that CAFFN performs better than other competing methods in time series anomaly detection.
基金supported by the Institutional Fund Projects(IFPIP-1481-611-1443)the Key Projects of Natural Science Research in Anhui Higher Education Institutions(2022AH051909)+1 种基金the Provincial Quality Project of Colleges and Universities in Anhui Province(2022sdxx020,2022xqhz044)Bengbu University 2021 High-Level Scientific Research and Cultivation Project(2021pyxm04)。
文摘A dandelion algorithm(DA) is a recently developed intelligent optimization algorithm for function optimization problems. Many of its parameters need to be set by experience in DA,which might not be appropriate for all optimization problems. A self-adapting and efficient dandelion algorithm is proposed in this work to lower the number of DA's parameters and simplify DA's structure. Only the normal sowing operator is retained;while the other operators are discarded. An adaptive seeding radius strategy is designed for the core dandelion. The results show that the proposed algorithm achieves better performance on the standard test functions with less time consumption than its competitive peers. In addition, the proposed algorithm is applied to feature selection for credit card fraud detection(CCFD), and the results indicate that it can obtain higher classification and detection performance than the-state-of-the-art methods.
基金supported in part by the National Natural Science Foundation of China under Grant 62272062the Scientific Research Fund of Hunan Provincial Transportation Department(No.202143)the Open Fund ofKey Laboratory of Safety Control of Bridge Engineering,Ministry of Education(Changsha University of Science Technology)under Grant 21KB07.
文摘Log anomaly detection is an important paradigm for system troubleshooting.Existing log anomaly detection based on Long Short-Term Memory(LSTM)networks is time-consuming to handle long sequences.Transformer model is introduced to promote efficiency.However,most existing Transformer-based log anomaly detection methods convert unstructured log messages into structured templates by log parsing,which introduces parsing errors.They only extract simple semantic feature,which ignores other features,and are generally supervised,relying on the amount of labeled data.To overcome the limitations of existing methods,this paper proposes a novel unsupervised log anomaly detection method based on multi-feature(UMFLog).UMFLog includes two sub-models to consider two kinds of features:semantic feature and statistical feature,respectively.UMFLog applies the log original content with detailed parameters instead of templates or template IDs to avoid log parsing errors.In the first sub-model,UMFLog uses Bidirectional Encoder Representations from Transformers(BERT)instead of random initialization to extract effective semantic feature,and an unsupervised hypersphere-based Transformer model to learn compact log sequence representations and obtain anomaly candidates.In the second sub-model,UMFLog exploits a statistical feature-based Variational Autoencoder(VAE)about word occurrence times to identify the final anomaly from anomaly candidates.Extensive experiments and evaluations are conducted on three real public log datasets.The results show that UMFLog significantly improves F1-scores compared to the state-of-the-art(SOTA)methods because of the multi-feature.
基金The authors gratefully acknowledge the approval and the support of this research study by the Grant No.SCIA-2022-11-1545the Deanship of Scientific Research at Northern Border University,Arar,K.S.A.
文摘Intrusion Detection System(IDS)in the cloud Computing(CC)environment has received paramount interest over the last few years.Among the latest approaches,Deep Learning(DL)-based IDS methods allow the discovery of attacks with the highest performance.In the CC environment,Distributed Denial of Service(DDoS)attacks are widespread.The cloud services will be rendered unavailable to legitimate end-users as a consequence of the overwhelming network traffic,resulting in financial losses.Although various researchers have proposed many detection techniques,there are possible obstacles in terms of detection performance due to the use of insignificant traffic features.Therefore,in this paper,a hybrid deep learning mode based on hybridizing Convolutional Neural Network(CNN)with Long-Short-Term Memory(LSTM)is used due to its robustness and efficiency in detecting normal and attack traffic.Besides,the ensemble feature selection,mutualization aggregation between Particle Swarm Optimizer(PSO),Grey Wolf Optimizer(PSO),Krill Hird(KH),andWhale Optimization Algorithm(WOA),is used to select the most important features that would influence the detection performance in detecting DDoS attack in CC.A benchmark dataset proposed by the Canadian Institute of Cybersecurity(CIC),called CICIDS 2017 is used to evaluate the proposed IDS.The results revealed that the proposed IDS outperforms the state-of-the-art IDSs,as it achieved 97.9%,98.3%,97.9%,98.1%,respectively.As a result,the proposed IDS achieves the requirements of getting high security,automatic,efficient,and self-decision detection of DDoS attacks.
基金supported in part by projects of National Natural Science Foundation of China under Grant 61772406 and Grant 61941105supported in part by projects of the Fundamental Research Funds for the Central Universitiesthe Innovation Fund of Xidian University under Grant 500120109215456.
文摘The continuously booming of information technology has shed light on developing a variety of communication networks,multimedia,social networks and Internet of Things applications.However,users inevitably suffer from the intrusion of malicious users.Some studies focus on static characteristics of malicious users,which is easy to be bypassed by camouflaged malicious users.In this paper,we present a malicious user detection method based on ensemble feature selection and adversarial training.Firstly,the feature selection alleviates the dimension disaster problem and achieves more accurate classification performance.Secondly,we embed features into the multidimensional space and aggregate it into a feature map to encode the explicit content preference and implicit interaction preference.Thirdly,we use an effective ensemble learning which could avoid over-fitting and has good noise resistance.Finally,we propose a datadriven neural network detection model with the regularization technique adversarial training to deeply analyze the characteristics.It simplifies the parameters,obtaining more robust interaction features and pattern features.We demonstrate the effectiveness of our approach with numerical simulation results for malicious user detection,where the robustness issues are notable concerns.
文摘Pavement crack detection plays a crucial role in ensuring road safety and reducing maintenance expenses.Recent advancements in deep learning(DL)techniques have shown promising results in detecting pavement cracks;however,the selection of relevant features for classification remains challenging.In this study,we propose a new approach for pavement crack detection that integrates deep learning for feature extraction,the whale optimization algorithm(WOA)for feature selection,and random forest(RF)for classification.The performance of the models was evaluated using accuracy,recall,precision,F1 score,and area under the receiver operating characteristic curve(AUC).Our findings reveal that Model 2,which incorporates RF into the ResNet-18 architecture,outperforms baseline Model 1 across all evaluation metrics.Nevertheless,our proposed model,which combines ResNet-18 with both WOA and RF,achieves significantly higher accuracy,recall,precision,and F1 score compared to the other two models.These results underscore the effectiveness of integrating RF and WOA into ResNet-18 for pavement crack detection applications.We applied the proposed approach to a dataset of pavement images,achieving an accuracy of 97.16%and an AUC of 0.984.Our results demonstrate that the proposed approach surpasses existing methods for pavement crack detection,offering a promising solution for the automatic identification of pavement cracks.By leveraging this approach,potential safety hazards can be identified more effectively,enabling timely repairs and maintenance measures.Lastly,the findings of this study also emphasize the potential of integrating RF and WOA with deep learning for pavement crack detection,providing road authorities with the necessary tools to make informed decisions regarding road infrastructure maintenance.
文摘Applications of internet-of-things(IoT)are increasingly being used in many facets of our daily life,which results in an enormous volume of data.Cloud computing and fog computing,two of the most common technologies used in IoT applications,have led to major security concerns.Cyberattacks are on the rise as a result of the usage of these technologies since present security measures are insufficient.Several artificial intelligence(AI)based security solutions,such as intrusion detection systems(IDS),have been proposed in recent years.Intelligent technologies that require data preprocessing and machine learning algorithm-performance augmentation require the use of feature selection(FS)techniques to increase classification accuracy by minimizing the number of features selected.On the other hand,metaheuristic optimization algorithms have been widely used in feature selection in recent decades.In this paper,we proposed a hybrid optimization algorithm for feature selection in IDS.The proposed algorithm is based on grey wolf(GW),and dipper throated optimization(DTO)algorithms and is referred to as GWDTO.The proposed algorithm has a better balance between the exploration and exploitation steps of the optimization process and thus could achieve better performance.On the employed IoT-IDS dataset,the performance of the proposed GWDTO algorithm was assessed using a set of evaluation metrics and compared to other optimization approaches in 2678 CMC,2023,vol.74,no.2 the literature to validate its superiority.In addition,a statistical analysis is performed to assess the stability and effectiveness of the proposed approach.Experimental results confirmed the superiority of the proposed approach in boosting the classification accuracy of the intrusion in IoT-based networks.
文摘The increasing number of security holes in the Internet of Things(IoT)networks creates a question about the reliability of existing network intrusion detection systems.This problem has led to the developing of a research area focused on improving network-based intrusion detection system(NIDS)technologies.According to the analysis of different businesses,most researchers focus on improving the classification results of NIDS datasets by combining machine learning and feature reduction techniques.However,these techniques are not suitable for every type of network.In light of this,whether the optimal algorithm and feature reduction techniques can be generalized across various datasets for IoT networks remains.The paper aims to analyze the methods used in this research and whether they can be generalized to other datasets.Six ML models were used in this study,namely,logistic regression(LR),decision trees(DT),Naive Bayes(NB),random forest(RF),K-nearest neighbors(KNN),and linear SVM.The primary detection algorithms used in this study,Principal Component(PCA)and Gini Impurity-Based Weighted Forest(GIWRF)evaluated against three global ToN-IoT datasets,UNSW-NB15,and Bot-IoT datasets.The optimal number of dimensions for each dataset was not studied by applying the PCA algorithm.It is stated in the paper that the selection of datasets affects the performance of the FE techniques and detection algorithms used.Increasing the efficiency of this research area requires a comprehensive standard feature set that can be used to improve quality over time.
基金Supported by the National Natural Science Foundation of China (No. 61772327)State Grid Gansu Electric Power Company(No. H2019-275)Shanghai Engineering Research Center on Big Data Management System (No.H2020-216)。
文摘Image-anomaly detection, which is widely used in industrial fields. Previous studies that attempted to address this problem often trained convolutional neural network-based models(e.g., autoencoders and generative adversarial networks) to reconstruct covered parts of input images and calculate the difference between the input and reconstructed images. However, convolutional operations are effective at extracting local features, making it difficult to identify larger image anomalies. Method To this end, we propose a transformer architecture based on mutual attention for image-anomaly separation. This architecture can capture long-term dependencies and fuse local and global features to facilitate better image-anomaly detection. Result Our method was extensively evaluated on several benchmarks, and experimental results showed that it improved the detection capability by 3.1% and localization capability by 1.0% compared with state-of-the-art reconstruction-based methods.
基金This work is supported by the Scientific Research Project of Educational Department of Liaoning Province(Grant No.LJKZ0082)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(Grant No.QCXM201910)+2 种基金the National Natural Science Foundation of China(Grant Nos.61802092 and 92067110)the Hainan Provincial Natural Science Foundation of China(Grant No.620RC562)2020 Industrial Internet Innovation and Development Project-Industrial Internet Identification Data Interaction Middleware and Resource Pool Service Platform Project,Ministry of Industry and Information Technology of the People’s Republic of China.
文摘Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.
基金This work is supported by the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(Grant No.QCXM201910)the Natural Science Foundation of Liaoning Province(Grant No.2019-MS-149),the Social Science Planning Foundation of Liaoning Province(Grant No.L18AGL007)+1 种基金the National Natural Science Foundation of China(Grant Nos.61802092,51704138 and 61501447)the Scientific Research Setup Fund of Hainan University(Grant No.KYQD(ZR)1837).
文摘In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detection.From this perspective,this paper proposes a novel state-based control feature extraction approach,which regards the finite control operations as different states.Furthermore,the procedure of state transition can adequately express the change of successive control operations,and the statistical information between different states can be used to calculate the feature values.Additionally,OCSVM(One Class Support Vector Machine)and BPNN(BP Neural Network),which are optimized by PSO(Particle Swarm Optimization)and GA(Genetic Algorithm)respectively,are introduced as alternative detection engines to match with our feature extraction approach.All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms,and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSO-OCSVM classifier.
文摘Industrial Control Systems (ICS) or SCADA networks are increasingly targeted by cyber-attacks as their architectures shifted from proprietary hardware, software and protocols to standard and open sources ones. Furthermore, these systems which used to be isolated are now interconnected to corporate networks and to the Internet. Among the countermeasures to mitigate the threats, anomaly detection systems play an important role as they can help detect even unknown attacks. Deep learning which has gained a great attention in the last few years due to excellent results in image, video and natural language processing is being used for anomaly detection in information security, particularly in SCADA networks. The salient features of the data from SCADA networks are learnt as hierarchical representation using deep architectures, and those learnt features are used to classify the data into normal or anomalous ones. This article is a review of various architectures such as Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Stacked Autoencoder (SAE), Long Short Term Memory (LSTM), or a combination of those architectures, for anomaly detection purpose in SCADA networks.
文摘Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.
文摘As IoT devices become more ubiquitous, the security of IoT-based networks becomes paramount. Machine Learning-based cybersecurity enables autonomous threat detection and prevention. However, one of the challenges of applying Machine Learning-based cybersecurity in IoT devices is feature selection as most IoT devices are resource-constrained. This paper studies two feature selection algorithms: Information Gain and PSO-based, to select a minimum number of attack features, and Decision Tree and SVM are utilized for performance comparison. The consistent use of the same metrics in feature selection and detection algorithms substantially enhances the classification accuracy compared to the non-consistent use in feature selection by Information Gain (entropy) and Tree detection algorithm by classification. Furthermore, the Tree with consistent feature selection is comparable to the ensemble that provides excellent performance at the cost of computation complexity.
基金funded by the Researchers Supporting Project No.(RSP.2021/102)King Saud University,Riyadh,Saudi ArabiaThis work was supported in part by the National Natural Science Foundation of China under Grant 61802030+2 种基金Natural Science Foundation of Hunan Province under Grant 2020JJ5602the Research Foundation of Education Bureau of Hunan Province under Grant 19B005the International Cooperative Project for“Double First-Class”,CSUST under Grant 2018IC24.
文摘System logs record detailed information about system operation and areimportant for analyzing the system's operational status and performance. Rapidand accurate detection of system anomalies is of great significance to ensure system stability. However, large-scale distributed systems are becoming more andmore complex, and the number of system logs gradually increases, which bringschallenges to analyze system logs. Some recent studies show that logs can beunstable due to the evolution of log statements and noise introduced by log collection and parsing. Moreover, deep learning-based detection methods take a longtime to train models. Therefore, to reduce the computational cost and avoid loginstability we propose a new Word2Vec-based log unsupervised anomaly detection method (LogUAD). LogUAD does not require a log parsing step and takesoriginal log messages as input to avoid the noise. LogUAD uses Word2Vec togenerate word vectors and generates weighted log sequence feature vectors withTF-IDF to handle the evolution of log statements. At last, a computationally effi-cient unsupervised clustering is exploited to detect the anomaly. We conductedextensive experiments on the public dataset from Blue Gene/L (BGL). Experimental results show that the F1-score of LogUAD can be improved by 67.25%compared to LogCluster.
文摘The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.
基金a grant from the National Natural Science Foundation of China(Nos.11905239,12005248 and 12105303).
文摘With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althoughthis approach can achieve higher detection performance,it requires huge human labor and resources to maintainthe feature library.In contrast,semantic feature engineering can dynamically discover new semantic featuresand optimize feature selection by automatically analyzing the semantic information contained in the data itself,thus reducing dependence on prior knowledge.However,current semantic features still have the problem ofsemantic expression singularity,as they are extracted from a single semantic mode such as word segmentation,character segmentation,or arbitrary semantic feature extraction.This paper extracts features of web requestsfrom dual semantic granularity,and proposes a semantic feature fusion method to solve the above problems.Themethod first preprocesses web requests,and extracts word-level and character-level semantic features of URLs viaconvolutional neural network(CNN),respectively.By constructing three loss functions to reduce losses betweenfeatures,labels and categories.Experiments on the HTTP CSIC 2010,Malicious URLs and HttpParams datasetsverify the proposedmethod.Results show that compared withmachine learning,deep learningmethods and BERTmodel,the proposed method has better detection performance.And it achieved the best detection rate of 99.16%in the dataset HttpParams.
文摘Undoubtedly,spam is a serious problem,and the number of spam emails is increased rapidly.Besides,the massive number of spam emails prompts the need for spam detection techniques.Several methods and algorithms are used for spam filtering.Also,some emergent spam detection techniques use machine learning methods and feature extraction.Some methods and algorithms have been introduced for spam detecting and filtering.This research proposes two models for spam detection and feature selection.The first model is evaluated with the email spam classification dataset,which is based on reducing the number of keywords to its minimum.The results of this model are promising and highly acceptable.The second proposed model is based on creating features for spam detection as a first stage.Then,the number of features is reduced using three well-known metaheuristic algorithms at the second stage.The algorithms used in the second model are Artificial Bee Colony(ABC),Ant Colony Optimization(ACO),and Particle Swarm Optimization(PSO),and these three algorithms are adapted to fit the proposed model.Also,the authors give it the names AABC,AACO,and APSO,respectively.The dataset used for the evaluation of this model is Enron.Finally,well-known criteria are used for the evaluation purposes of this model,such as true positive,false positive,false negative,precision,recall,and F-Measure.The outcomes of the second proposed model are highly significant compared to the first one.
基金the National Natural Science Foundation (61472196, 61672305)Natural Science Foundation of Shandong Province (BS2015DX010, ZR2015FM012)Key Research and Development Foundation of Shandong Province (2017GGX10133).
文摘To address the problem of using fixed feature and single apparent model which is difficult to adapt to the complex scenarios, a Kernelized correlation filter target tracking algorithm based on online saliency feature selection and fusion is proposed. It combined the correlation filter tracking framework and the salient feature model of the target. In the tracking process, the maximum Kernel correlation filter response values of different feature models were calculated respectively, and the response weights were dynamically set according to the saliency of different features. According to the filter response value, the final target position was obtained, which improves the target positioning accuracy. The target model was dynamically updated in an online manner based on the feature saliency measurement results. The experimental results show that the proposed method can effectively utilize the distinctive feature fusion to improve the tracking effect in complex environments.