While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),...While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),given that these techniques are increasingly being used by malicious actors to compromise IoT systems.Although an ample body of research focusing on conventional AI methods exists,there is a paucity of studies related to advanced statistical and optimization approaches aimed at enhancing security measures.To contribute to this nascent research stream,a novel AI-driven security system denoted as“AI2AI”is presented in this work.AI2AI employs AI techniques to enhance the performance and optimize security mechanisms within the IoT framework.We also introduce the Genetic Algorithm Anomaly Detection and Prevention Deep Neural Networks(GAADPSDNN)sys-tem that can be implemented to effectively identify,detect,and prevent cyberattacks targeting IoT devices.Notably,this system demonstrates adaptability to both federated and centralized learning environments,accommodating a wide array of IoT devices.Our evaluation of the GAADPSDNN system using the recently complied WUSTL-IIoT and Edge-IIoT datasets underscores its efficacy.Achieving an impressive overall accuracy of 98.18%on the Edge-IIoT dataset,the GAADPSDNN outperforms the standard deep neural network(DNN)classifier with 94.11%accuracy.Furthermore,with the proposed enhancements,the accuracy of the unoptimized random forest classifier(80.89%)is improved to 93.51%,while the overall accuracy(98.18%)surpasses the results(93.91%,94.67%,94.94%,and 94.96%)achieved when alternative systems based on diverse optimization techniques and the same dataset are employed.The proposed optimization techniques increase the effectiveness of the anomaly detection system by efficiently achieving high accuracy and reducing the computational load on IoT devices through the adaptive selection of active features.展开更多
In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower s...In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower substations to construct multidimensional time series. These time series are subsequently transformed intograph structures, and corresponding adjacency matrices are obtained. By incorporating the adjacency matricesand additional weights associated with the graph structure, an aggregation matrix is derived. The aggregationmatrix is then fed into a pre-trained graph convolutional neural network (GCN) to extract graph structure features.Moreover, both themultidimensional time series segments and the graph structure features are inputted into a pretrainedanomaly detectionmodel, resulting in corresponding anomaly detection results that help identify abnormaldata. The anomaly detection model consists of a multi-level encoder-decoder module, wherein each level includesa transformer encoder and decoder based on correlation differences. The attention module in the encoding layeradopts an abnormal attention module with a dual-branch structure. Experimental results demonstrate that ourproposed method significantly improves the accuracy and stability of anomaly detection.展开更多
Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible...Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.展开更多
In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.A...In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.Although many anomaly detection methods have been proposed,the temporal correlation of the time series over the same sensor and the state(spatial)correlation between different sensors are rarely considered simultaneously in these methods.Owing to the superior capability of Transformer in learning time series features.This paper proposes a time series anomaly detection method based on a spatial-temporal network and an improved Transformer.Additionally,the methods based on graph neural networks typically include a graph structure learning module and an anomaly detection module,which are interdependent.However,in the initial phase of training,since neither of the modules has reached an optimal state,their performance may influence each other.This scenario makes the end-to-end training approach hard to effectively direct the learning trajectory of each module.This interdependence between the modules,coupled with the initial instability,may cause the model to find it hard to find the optimal solution during the training process,resulting in unsatisfactory results.We introduce an adaptive graph structure learning method to obtain the optimal model parameters and graph structure.Experiments on two publicly available datasets demonstrate that the proposed method attains higher anomaly detection results than other methods.展开更多
Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of t...Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of the general population,even when the various types are combined.Coronary anomalies are practically challenging when the left and right coronary ostium are not found around their normal positions during coronary angiography with a catheter.If there is atherosclerotic stenosis of the coronary artery with an anomaly and percutaneous coronary intervention(PCI)is required,the suitability of the guiding catheter at the entrance and the adequate back up force of the guiding catheter are issues.The level of PCI risk itself should also be considered on a caseby-case basis.In this case,emission computed tomography in the R-1 subtype single coronary artery proved that ischemia occurred in an area where the coronary artery was not visible to the naked eye.Meticulous follow-up would be crucial,because sudden death may occur in single coronary arteries.To prevent atherosclerosis with full efforts is also important,as the authors indicated admirably.展开更多
System logs,serving as a pivotal data source for performance monitoring and anomaly detection,play an indispensable role in assuring service stability and reliability.Despite this,the majority of existing log-based an...System logs,serving as a pivotal data source for performance monitoring and anomaly detection,play an indispensable role in assuring service stability and reliability.Despite this,the majority of existing log-based anomaly detection methodologies predominantly depend on the sequence or quantity attributes of logs,utilizing solely a single Recurrent Neural Network(RNN)and its variant sequence models for detection.These approaches have not thoroughly exploited the semantic information embedded in logs,exhibit limited adaptability to novel logs,and a single model struggles to fully unearth the potential features within the log sequence.Addressing these challenges,this article proposes a hybrid architecture based on amultiscale convolutional neural network,efficient channel attention and mogrifier gated recurrent unit networks(LogCEM),which amalgamates multiple neural network technologies.Capitalizing on the superior performance of robustly optimized BERT approach(RoBERTa)in the realm of natural language processing,we employ RoBERTa to extract the original word vectors from each word in the log template.In conjunction with the enhanced Smooth Inverse Frequency(SIF)algorithm,we generate more precise log sentence vectors,thereby achieving an in-depth representation of log semantics.Subsequently,these log vector sequences are fed into a hybrid neural network,which fuses 1D Multi-Scale Convolutional Neural Network(MSCNN),Efficient Channel Attention Mechanism(ECA),and Mogrifier Gated Recurrent Unit(GRU).This amalgamation enables themodel to concurrently capture the local and global dependencies of the log sequence and autonomously learn the significance of different log sequences,thereby markedly enhancing the efficacy of log anomaly detection.To validate the effectiveness of the LogCEM model,we conducted evaluations on two authoritative open-source datasets.The experimental results demonstrate that LogCEM not only exhibits excellent accuracy and robustness,but also outperforms the current mainstream log anomaly detection methods.展开更多
Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misr...Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.展开更多
Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mo...Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mode Decomposition(EMD),an adaptive multiscale analysis method for nonlinear and non-stationary signals,is widely used in geophysical and geodetic data processing.Compared with traditional EMD,Improved Complete Ensemble EMD with Adaptive Noise(ICEEMDAN)is more effective in addressing the problem of mode mixing.Based on the principles of 1D ICEEMDAN,this paper presents an alternative algorithm for 2D ICEEMDAN,extending its application to two-dimensional scenarios.The effectiveness of the proposed approach is demonstrated through synthetic signal experiments,which show that the 2D ICEEMDAN exhibits a weaker mode mixing effect compared to the traditional bidimensional EMD(BEMD)method.Furthermore,to improve the performance of the denoising method based on 2D ICEEMDAN and preserve useful signals in high-frequency components,an improved soft thresholding technique is introduced.Synthetic magnetic anomaly data testing indicates that our denoising method effectively preserves signal continuity and outperforms traditional soft thresholding methods.To validate the practical application of this improved threshold denoising method based on 2D ICEEMDAN,it is applied to ground magnetic survey data in the Yandun area of Xinjiang.The results demonstrate the effectiveness of the method in removing noise while retaining essential information from practical magnetic anomaly data.In particular,practical applications suggest that 2D ICEEMDAN can extract trend signals more accurately than the BEMD.In conclusion,as a potential tool for multi-scale decomposition,the 2D ICEEMDAN is versatile in processing and analyzing 2D geophysical and geodetic data.展开更多
In video surveillance,anomaly detection requires training machine learning models on spatio-temporal video sequences.However,sometimes the video-only data is not sufficient to accurately detect all the abnormal activi...In video surveillance,anomaly detection requires training machine learning models on spatio-temporal video sequences.However,sometimes the video-only data is not sufficient to accurately detect all the abnormal activities.Therefore,we propose a novel audio-visual spatiotemporal autoencoder specifically designed to detect anomalies for video surveillance by utilizing audio data along with video data.This paper presents a competitive approach to a multi-modal recurrent neural network for anomaly detection that combines separate spatial and temporal autoencoders to leverage both spatial and temporal features in audio-visual data.The proposed model is trained to produce low reconstruction error for normal data and high error for abnormal data,effectively distinguishing between the two and assigning an anomaly score.Training is conducted on normal datasets,while testing is performed on both normal and anomalous datasets.The anomaly scores from the models are combined using a late fusion technique,and a deep dense layer model is trained to produce decisive scores indicating whether a sequence is normal or anomalous.The model’s performance is evaluated on the University of California,San Diego Pedestrian 2(UCSD PED 2),University of Minnesota(UMN),and Tampere University of Technology(TUT)Rare Sound Events datasets using six evaluation metrics.It is compared with state-of-the-art methods depicting a high Area Under Curve(AUC)and a low Equal Error Rate(EER),achieving an(AUC)of 93.1 and an(EER)of 8.1 for the(UCSD)dataset,and an(AUC)of 94.9 and an(EER)of 5.9 for the UMN dataset.The evaluations demonstrate that the joint results from the combined audio-visual model outperform those from separate models,highlighting the competitive advantage of the proposed multi-modal approach.展开更多
The Internet of Medical Things(IoMT)is an emerging technology that combines the Internet of Things(IoT)into the healthcare sector,which brings remarkable benefits to facilitate remote patient monitoring and reduce tre...The Internet of Medical Things(IoMT)is an emerging technology that combines the Internet of Things(IoT)into the healthcare sector,which brings remarkable benefits to facilitate remote patient monitoring and reduce treatment costs.As IoMT devices become more scalable,Smart Healthcare Systems(SHS)have become increasingly vulnerable to cyberattacks.Intrusion Detection Systems(IDS)play a crucial role in maintaining network security.An IDS monitors systems or networks for suspicious activities or potential threats,safeguarding internal networks.This paper presents the development of an IDS based on deep learning techniques utilizing benchmark datasets.We propose a multilayer perceptron-based framework for intrusion detection within the smart healthcare domain.The primary objective of our work is to protect smart healthcare devices and networks from malicious attacks and security risks.We employ the NSL-KDD and UNSW-NB15 intrusion detection datasets to evaluate our proposed security framework.The proposed framework achieved an accuracy of 95.0674%,surpassing that of comparable deep learning models in smart healthcare while also reducing the false positive rate.Experimental results indicate the feasibility of using a multilayer perceptron,achieving superior performance against cybersecurity threats in the smart healthcare domain.展开更多
With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasin...With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasing complexity of IoT systems,the stability and security issues of IoT systems have become increasingly prominent.Thus,it is crucial to detect anomalies in the collected IoT time series from various sensors.Recently,deep learning models have been leveraged for IoT anomaly detection.However,owing to the challenges associated with data labeling,most IoT anomaly detection methods resort to unsupervised learning techniques.Nevertheless,the absence of accurate abnormal information in unsupervised learning methods limits their performance.To address these problems,we propose AS-GCN-MTM,an adaptive structural Graph Convolutional Networks(GCN)-based framework using a mean-teacher mechanism(AS-GCN-MTM)for anomaly identification.It performs better than unsupervised methods using only a small amount of labeled data.Mean Teachers is an effective semi-supervised learning method that utilizes unlabeled data for training to improve the generalization ability and performance of the model.However,the dependencies between data are often unknown in time series data.To solve this problem,we designed a graph structure adaptive learning layer based on neural networks,which can automatically learn the graph structure from time series data.It not only better captures the relationships between nodes but also enhances the model’s performance by augmenting key data.Experiments have demonstrated that our method improves the baseline model with the highest F1 value by 10.4%,36.1%,and 5.6%,respectively,on three real datasets with a 10%data labeling rate.展开更多
Due to their simple hardware,sensor nodes in IoT are vulnerable to attack,leading to data routing blockages or malicious tampering,which significantly disrupts secure data collection.An Intelligent Active Probing and ...Due to their simple hardware,sensor nodes in IoT are vulnerable to attack,leading to data routing blockages or malicious tampering,which significantly disrupts secure data collection.An Intelligent Active Probing and Trace-back Scheme for IoT Anomaly Detection(APTAD)is proposed to collect integrated IoT data by recruiting Mobile Edge Users(MEUs).(a)An intelligent unsupervised learning approach is used to identify anomalous data from the collected data by MEUs and help to identify anomalous nodes.(b)Recruit MEUs to trace back and propose a series of trust calculation methods to determine the trust of nodes.(c)The last,the number of active detection packets and detection paths are designed,so as to accurately identify the trust of nodes in IoT at the minimum cost of the network.A large number of experimental results show that the recruiting cost and average anomaly detection time are reduced by 6.5 times and 34.33%respectively,while the accuracy of trust identification is improved by 20%.展开更多
With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althou...With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althoughthis approach can achieve higher detection performance,it requires huge human labor and resources to maintainthe feature library.In contrast,semantic feature engineering can dynamically discover new semantic featuresand optimize feature selection by automatically analyzing the semantic information contained in the data itself,thus reducing dependence on prior knowledge.However,current semantic features still have the problem ofsemantic expression singularity,as they are extracted from a single semantic mode such as word segmentation,character segmentation,or arbitrary semantic feature extraction.This paper extracts features of web requestsfrom dual semantic granularity,and proposes a semantic feature fusion method to solve the above problems.Themethod first preprocesses web requests,and extracts word-level and character-level semantic features of URLs viaconvolutional neural network(CNN),respectively.By constructing three loss functions to reduce losses betweenfeatures,labels and categories.Experiments on the HTTP CSIC 2010,Malicious URLs and HttpParams datasetsverify the proposedmethod.Results show that compared withmachine learning,deep learningmethods and BERTmodel,the proposed method has better detection performance.And it achieved the best detection rate of 99.16%in the dataset HttpParams.展开更多
This paper investigates the anomaly-resistant decentralized state estimation(SE) problem for a class of wide-area power systems which are divided into several non-overlapping areas connected through transmission lines...This paper investigates the anomaly-resistant decentralized state estimation(SE) problem for a class of wide-area power systems which are divided into several non-overlapping areas connected through transmission lines. Two classes of measurements(i.e., local measurements and edge measurements) are obtained, respectively, from the individual area and the transmission lines. A decentralized state estimator, whose performance is resistant against measurement with anomalies, is designed based on the minimum error entropy with fiducial points(MEEF) criterion. Specifically, 1) An augmented model, which incorporates the local prediction and local measurement, is developed by resorting to the unscented transformation approach and the statistical linearization approach;2) Using the augmented model, an MEEF-based cost function is designed that reflects the local prediction errors of the state and the measurement;and 3) The local estimate is first obtained by minimizing the MEEF-based cost function through a fixed-point iteration and then updated by using the edge measuring information. Finally, simulation experiments with three scenarios are carried out on the IEEE 14-bus system to illustrate the validity of the proposed anomaly-resistant decentralized SE scheme.展开更多
文摘While emerging technologies such as the Internet of Things(IoT)have many benefits,they also pose considerable security challenges that require innovative solutions,including those based on artificial intelligence(AI),given that these techniques are increasingly being used by malicious actors to compromise IoT systems.Although an ample body of research focusing on conventional AI methods exists,there is a paucity of studies related to advanced statistical and optimization approaches aimed at enhancing security measures.To contribute to this nascent research stream,a novel AI-driven security system denoted as“AI2AI”is presented in this work.AI2AI employs AI techniques to enhance the performance and optimize security mechanisms within the IoT framework.We also introduce the Genetic Algorithm Anomaly Detection and Prevention Deep Neural Networks(GAADPSDNN)sys-tem that can be implemented to effectively identify,detect,and prevent cyberattacks targeting IoT devices.Notably,this system demonstrates adaptability to both federated and centralized learning environments,accommodating a wide array of IoT devices.Our evaluation of the GAADPSDNN system using the recently complied WUSTL-IIoT and Edge-IIoT datasets underscores its efficacy.Achieving an impressive overall accuracy of 98.18%on the Edge-IIoT dataset,the GAADPSDNN outperforms the standard deep neural network(DNN)classifier with 94.11%accuracy.Furthermore,with the proposed enhancements,the accuracy of the unoptimized random forest classifier(80.89%)is improved to 93.51%,while the overall accuracy(98.18%)surpasses the results(93.91%,94.67%,94.94%,and 94.96%)achieved when alternative systems based on diverse optimization techniques and the same dataset are employed.The proposed optimization techniques increase the effectiveness of the anomaly detection system by efficiently achieving high accuracy and reducing the computational load on IoT devices through the adaptive selection of active features.
基金the Science and Technology Project of China Southern Power Grid Company,Ltd.(031200KK52200003)the National Natural Science Foundation of China(Nos.62371253,52278119).
文摘In this paper, we propose a novel anomaly detection method for data centers based on a combination of graphstructure and abnormal attention mechanism. The method leverages the sensor monitoring data from targetpower substations to construct multidimensional time series. These time series are subsequently transformed intograph structures, and corresponding adjacency matrices are obtained. By incorporating the adjacency matricesand additional weights associated with the graph structure, an aggregation matrix is derived. The aggregationmatrix is then fed into a pre-trained graph convolutional neural network (GCN) to extract graph structure features.Moreover, both themultidimensional time series segments and the graph structure features are inputted into a pretrainedanomaly detectionmodel, resulting in corresponding anomaly detection results that help identify abnormaldata. The anomaly detection model consists of a multi-level encoder-decoder module, wherein each level includesa transformer encoder and decoder based on correlation differences. The attention module in the encoding layeradopts an abnormal attention module with a dual-branch structure. Experimental results demonstrate that ourproposed method significantly improves the accuracy and stability of anomaly detection.
文摘Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.
基金This work is partly supported by the National Key Research and Development Program of China(Grant No.2020YFB1805403)the National Natural Science Foundation of China(Grant No.62032002)the 111 Project(Grant No.B21049).
文摘In the Industrial Internet of Things(IIoT),sensors generate time series data to reflect the working state.When the systems are attacked,timely identification of outliers in time series is critical to ensure security.Although many anomaly detection methods have been proposed,the temporal correlation of the time series over the same sensor and the state(spatial)correlation between different sensors are rarely considered simultaneously in these methods.Owing to the superior capability of Transformer in learning time series features.This paper proposes a time series anomaly detection method based on a spatial-temporal network and an improved Transformer.Additionally,the methods based on graph neural networks typically include a graph structure learning module and an anomaly detection module,which are interdependent.However,in the initial phase of training,since neither of the modules has reached an optimal state,their performance may influence each other.This scenario makes the end-to-end training approach hard to effectively direct the learning trajectory of each module.This interdependence between the modules,coupled with the initial instability,may cause the model to find it hard to find the optimal solution during the training process,resulting in unsatisfactory results.We introduce an adaptive graph structure learning method to obtain the optimal model parameters and graph structure.Experiments on two publicly available datasets demonstrate that the proposed method attains higher anomaly detection results than other methods.
文摘Coronary artery anomaly is known as one of the causes of angina pectoris and sudden death and is an important clinical entity that cannot be overlooked.The incidence of coronary artery anomalies is as low as 1%-2%of the general population,even when the various types are combined.Coronary anomalies are practically challenging when the left and right coronary ostium are not found around their normal positions during coronary angiography with a catheter.If there is atherosclerotic stenosis of the coronary artery with an anomaly and percutaneous coronary intervention(PCI)is required,the suitability of the guiding catheter at the entrance and the adequate back up force of the guiding catheter are issues.The level of PCI risk itself should also be considered on a caseby-case basis.In this case,emission computed tomography in the R-1 subtype single coronary artery proved that ischemia occurred in an area where the coronary artery was not visible to the naked eye.Meticulous follow-up would be crucial,because sudden death may occur in single coronary arteries.To prevent atherosclerosis with full efforts is also important,as the authors indicated admirably.
基金supported by the Science and Technology Program State Grid Corporation of China,Grant SGSXDK00DJJS2250061.
文摘System logs,serving as a pivotal data source for performance monitoring and anomaly detection,play an indispensable role in assuring service stability and reliability.Despite this,the majority of existing log-based anomaly detection methodologies predominantly depend on the sequence or quantity attributes of logs,utilizing solely a single Recurrent Neural Network(RNN)and its variant sequence models for detection.These approaches have not thoroughly exploited the semantic information embedded in logs,exhibit limited adaptability to novel logs,and a single model struggles to fully unearth the potential features within the log sequence.Addressing these challenges,this article proposes a hybrid architecture based on amultiscale convolutional neural network,efficient channel attention and mogrifier gated recurrent unit networks(LogCEM),which amalgamates multiple neural network technologies.Capitalizing on the superior performance of robustly optimized BERT approach(RoBERTa)in the realm of natural language processing,we employ RoBERTa to extract the original word vectors from each word in the log template.In conjunction with the enhanced Smooth Inverse Frequency(SIF)algorithm,we generate more precise log sentence vectors,thereby achieving an in-depth representation of log semantics.Subsequently,these log vector sequences are fed into a hybrid neural network,which fuses 1D Multi-Scale Convolutional Neural Network(MSCNN),Efficient Channel Attention Mechanism(ECA),and Mogrifier Gated Recurrent Unit(GRU).This amalgamation enables themodel to concurrently capture the local and global dependencies of the log sequence and autonomously learn the significance of different log sequences,thereby markedly enhancing the efficacy of log anomaly detection.To validate the effectiveness of the LogCEM model,we conducted evaluations on two authoritative open-source datasets.The experimental results demonstrate that LogCEM not only exhibits excellent accuracy and robustness,but also outperforms the current mainstream log anomaly detection methods.
基金This study was funded by the Chongqing Normal University Startup Foundation for PhD(22XLB021)was also supported by the Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT2023B40).
文摘Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.
基金supported by the National Natural Science Foundation of China(No.42174090 and No.42250103)the MOST Special Fund from the State Key Laboratory of Geological Processes and Mineral Resources(No.MSFGPMR2022-4)+1 种基金the Opening Fund of Key Laboratory of Geological Survey and Evaluation of Ministry of Education(No.GLAB2023ZR02)the Fundamental Research Funds for the Central Universities。
文摘Due to environmental noise and human factors,magnetic data collected in the field often contain various noises and interferences that significantly affect the subsequent data processing and interpretation.Empirical Mode Decomposition(EMD),an adaptive multiscale analysis method for nonlinear and non-stationary signals,is widely used in geophysical and geodetic data processing.Compared with traditional EMD,Improved Complete Ensemble EMD with Adaptive Noise(ICEEMDAN)is more effective in addressing the problem of mode mixing.Based on the principles of 1D ICEEMDAN,this paper presents an alternative algorithm for 2D ICEEMDAN,extending its application to two-dimensional scenarios.The effectiveness of the proposed approach is demonstrated through synthetic signal experiments,which show that the 2D ICEEMDAN exhibits a weaker mode mixing effect compared to the traditional bidimensional EMD(BEMD)method.Furthermore,to improve the performance of the denoising method based on 2D ICEEMDAN and preserve useful signals in high-frequency components,an improved soft thresholding technique is introduced.Synthetic magnetic anomaly data testing indicates that our denoising method effectively preserves signal continuity and outperforms traditional soft thresholding methods.To validate the practical application of this improved threshold denoising method based on 2D ICEEMDAN,it is applied to ground magnetic survey data in the Yandun area of Xinjiang.The results demonstrate the effectiveness of the method in removing noise while retaining essential information from practical magnetic anomaly data.In particular,practical applications suggest that 2D ICEEMDAN can extract trend signals more accurately than the BEMD.In conclusion,as a potential tool for multi-scale decomposition,the 2D ICEEMDAN is versatile in processing and analyzing 2D geophysical and geodetic data.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-RG23148).
文摘In video surveillance,anomaly detection requires training machine learning models on spatio-temporal video sequences.However,sometimes the video-only data is not sufficient to accurately detect all the abnormal activities.Therefore,we propose a novel audio-visual spatiotemporal autoencoder specifically designed to detect anomalies for video surveillance by utilizing audio data along with video data.This paper presents a competitive approach to a multi-modal recurrent neural network for anomaly detection that combines separate spatial and temporal autoencoders to leverage both spatial and temporal features in audio-visual data.The proposed model is trained to produce low reconstruction error for normal data and high error for abnormal data,effectively distinguishing between the two and assigning an anomaly score.Training is conducted on normal datasets,while testing is performed on both normal and anomalous datasets.The anomaly scores from the models are combined using a late fusion technique,and a deep dense layer model is trained to produce decisive scores indicating whether a sequence is normal or anomalous.The model’s performance is evaluated on the University of California,San Diego Pedestrian 2(UCSD PED 2),University of Minnesota(UMN),and Tampere University of Technology(TUT)Rare Sound Events datasets using six evaluation metrics.It is compared with state-of-the-art methods depicting a high Area Under Curve(AUC)and a low Equal Error Rate(EER),achieving an(AUC)of 93.1 and an(EER)of 8.1 for the(UCSD)dataset,and an(AUC)of 94.9 and an(EER)of 5.9 for the UMN dataset.The evaluations demonstrate that the joint results from the combined audio-visual model outperform those from separate models,highlighting the competitive advantage of the proposed multi-modal approach.
基金the Deanship of Graduate Studies and Scientific Research at Qassim University for financial support (QU-APC-2024-9/1).
文摘The Internet of Medical Things(IoMT)is an emerging technology that combines the Internet of Things(IoT)into the healthcare sector,which brings remarkable benefits to facilitate remote patient monitoring and reduce treatment costs.As IoMT devices become more scalable,Smart Healthcare Systems(SHS)have become increasingly vulnerable to cyberattacks.Intrusion Detection Systems(IDS)play a crucial role in maintaining network security.An IDS monitors systems or networks for suspicious activities or potential threats,safeguarding internal networks.This paper presents the development of an IDS based on deep learning techniques utilizing benchmark datasets.We propose a multilayer perceptron-based framework for intrusion detection within the smart healthcare domain.The primary objective of our work is to protect smart healthcare devices and networks from malicious attacks and security risks.We employ the NSL-KDD and UNSW-NB15 intrusion detection datasets to evaluate our proposed security framework.The proposed framework achieved an accuracy of 95.0674%,surpassing that of comparable deep learning models in smart healthcare while also reducing the false positive rate.Experimental results indicate the feasibility of using a multilayer perceptron,achieving superior performance against cybersecurity threats in the smart healthcare domain.
基金This research is partially supported by the National Natural Science Foundation of China under Grant No.62376043Science and Technology Program of Sichuan Province under Grant Nos.2020JDRC0067,2023JDRC0087,and 24NSFTD0025.
文摘With the rapid development of Internet of Things(IoT)technology,IoT systems have been widely applied in health-care,transportation,home,and other fields.However,with the continuous expansion of the scale and increasing complexity of IoT systems,the stability and security issues of IoT systems have become increasingly prominent.Thus,it is crucial to detect anomalies in the collected IoT time series from various sensors.Recently,deep learning models have been leveraged for IoT anomaly detection.However,owing to the challenges associated with data labeling,most IoT anomaly detection methods resort to unsupervised learning techniques.Nevertheless,the absence of accurate abnormal information in unsupervised learning methods limits their performance.To address these problems,we propose AS-GCN-MTM,an adaptive structural Graph Convolutional Networks(GCN)-based framework using a mean-teacher mechanism(AS-GCN-MTM)for anomaly identification.It performs better than unsupervised methods using only a small amount of labeled data.Mean Teachers is an effective semi-supervised learning method that utilizes unlabeled data for training to improve the generalization ability and performance of the model.However,the dependencies between data are often unknown in time series data.To solve this problem,we designed a graph structure adaptive learning layer based on neural networks,which can automatically learn the graph structure from time series data.It not only better captures the relationships between nodes but also enhances the model’s performance by augmenting key data.Experiments have demonstrated that our method improves the baseline model with the highest F1 value by 10.4%,36.1%,and 5.6%,respectively,on three real datasets with a 10%data labeling rate.
基金supported by the National Natural Science Foundation of China(62072475)the Fundamental Research Funds for the Central Universities of Central South University(CX20230356)。
文摘Due to their simple hardware,sensor nodes in IoT are vulnerable to attack,leading to data routing blockages or malicious tampering,which significantly disrupts secure data collection.An Intelligent Active Probing and Trace-back Scheme for IoT Anomaly Detection(APTAD)is proposed to collect integrated IoT data by recruiting Mobile Edge Users(MEUs).(a)An intelligent unsupervised learning approach is used to identify anomalous data from the collected data by MEUs and help to identify anomalous nodes.(b)Recruit MEUs to trace back and propose a series of trust calculation methods to determine the trust of nodes.(c)The last,the number of active detection packets and detection paths are designed,so as to accurately identify the trust of nodes in IoT at the minimum cost of the network.A large number of experimental results show that the recruiting cost and average anomaly detection time are reduced by 6.5 times and 34.33%respectively,while the accuracy of trust identification is improved by 20%.
基金a grant from the National Natural Science Foundation of China(Nos.11905239,12005248 and 12105303).
文摘With the rapid development of the mobile communication and the Internet,the previous web anomaly detectionand identificationmodels were built relying on security experts’empirical knowledge and attack features.Althoughthis approach can achieve higher detection performance,it requires huge human labor and resources to maintainthe feature library.In contrast,semantic feature engineering can dynamically discover new semantic featuresand optimize feature selection by automatically analyzing the semantic information contained in the data itself,thus reducing dependence on prior knowledge.However,current semantic features still have the problem ofsemantic expression singularity,as they are extracted from a single semantic mode such as word segmentation,character segmentation,or arbitrary semantic feature extraction.This paper extracts features of web requestsfrom dual semantic granularity,and proposes a semantic feature fusion method to solve the above problems.Themethod first preprocesses web requests,and extracts word-level and character-level semantic features of URLs viaconvolutional neural network(CNN),respectively.By constructing three loss functions to reduce losses betweenfeatures,labels and categories.Experiments on the HTTP CSIC 2010,Malicious URLs and HttpParams datasetsverify the proposedmethod.Results show that compared withmachine learning,deep learningmethods and BERTmodel,the proposed method has better detection performance.And it achieved the best detection rate of 99.16%in the dataset HttpParams.
基金supported in part by the National Natural Science Foundation of China(61933007, U21A2019, 62273005, 62273088, 62303301)the Program of Shanghai Academic/Technology Research Leader of China (20XD1420100)+2 种基金the Hainan Province Science and Technology Special Fund of China(ZDYF2022SHFZ105)the Natural Science Foundation of Anhui Province of China (2108085MA07)the Alexander von Humboldt Foundation of Germany。
文摘This paper investigates the anomaly-resistant decentralized state estimation(SE) problem for a class of wide-area power systems which are divided into several non-overlapping areas connected through transmission lines. Two classes of measurements(i.e., local measurements and edge measurements) are obtained, respectively, from the individual area and the transmission lines. A decentralized state estimator, whose performance is resistant against measurement with anomalies, is designed based on the minimum error entropy with fiducial points(MEEF) criterion. Specifically, 1) An augmented model, which incorporates the local prediction and local measurement, is developed by resorting to the unscented transformation approach and the statistical linearization approach;2) Using the augmented model, an MEEF-based cost function is designed that reflects the local prediction errors of the state and the measurement;and 3) The local estimate is first obtained by minimizing the MEEF-based cost function through a fixed-point iteration and then updated by using the edge measuring information. Finally, simulation experiments with three scenarios are carried out on the IEEE 14-bus system to illustrate the validity of the proposed anomaly-resistant decentralized SE scheme.
