- 个人中心
- 退出登录
浏览全部资源
扫码关注微信
- HOME
- ABOUT
- Acta Electronica Sinic About JournalPeer Review ProcessPublication EthicsContactSubscription
- Editorial Board Editorial Board
- Acta Electronica Sinic
- CONTENTS
- Issues Online FirstCurrent IssuePast Issues
- Articles Articles with DataMost Cited ArticlesMost Downloaded Articles
- Special Issues Special IssuesVirtual IssuesCall for Papers
- Issues
- RESOURCES
- Author Guide Manuscript SubmissionPeer Review ProcessProduction ProcessCopyright and LicensingAppeal & Withdraw
- For Guest Editors Proposing Special IssueManaging Special Issue
- Download Center
- Author Guide
An Anomaly Detection Method of Process Data Based on SAE-LSTM
- ACTA ELECTRONICA SINICA Vol. 49, Issue 8, Pages: 1561-1568(2021)
- 作者机构:
1.广州大学电子与通信工程学院,广东广州 510006
2.中国科学院沈阳自动化研究所,辽宁沈阳 110016
3.中国科学院大学,北京 100039
4.中科院网络化控制系统重点实验室,辽宁沈阳 110016
- 作者简介:
- 基金信息:
DOI:10.12263/DZXB.20180015
CLC: TP393.08;TP39Received:29 December 2018,
Revised:2021-05-31,
Published:25 August 2021
- 稿件说明:
移动端阅览
尚文利,石贺,赵剑明等.基于SAE-LSTM的工艺数据异常检测方法[J].电子学报,2021,49(08):1561-1568.
SHANG Wen-li,SHI He,ZHAO Jian-ming,et al.An Anomaly Detection Method of Process Data Based on SAE-LSTM[J].ACTA ELECTRONICA SINICA,2021,49(08):1561-1568.
尚文利,石贺,赵剑明等.基于SAE-LSTM的工艺数据异常检测方法[J].电子学报,2021,49(08):1561-1568. DOI: 10.12263/DZXB.20180015.
SHANG Wen-li,SHI He,ZHAO Jian-ming,et al.An Anomaly Detection Method of Process Data Based on SAE-LSTM[J].ACTA ELECTRONICA SINICA,2021,49(08):1561-1568. DOI: 10.12263/DZXB.20180015.
摘要
为解决工业网络安全防护中工艺数据异常检测误报率较高的问题,本文提出一种基于时间序列的异常检测方法.该方法对工艺数据进行相关性分析、向量映射等处理,再采用堆叠自编码神经网络(SAE)对工艺数据特征进行降维,根据工艺数据在传输序列间的相互关联性,设计基于长短期记忆神经网络(LSTM)的异常检测模型,最后进行工艺数据异常检测仿真实验验证分析.实验结果表明,基于时间序列的异常检测模型能有效提高工艺数据异常检测准确率,并且误报率要低于传统隐马尔可夫异常检测模型,同时获得较好的异常检测实时性.
Abstract
In order to solve the problem of high false alarm rate of abnormal detection of process data in industrial network security protection
this paper proposes an anomaly detection method based on time series. In this method
the process data is analyzed by association analysis and vector mapping
and the stacked auto-encoder neural network (SAE) is used to reduce the dimension of process data features. According to the correlation of process data in the transmission sequence
an anomaly detection model based on long and short term memory neural network (LSTM) is designed. Finally
the simulation analysis of abnormal detection of process data is carried out. The experimental results show that the anomaly detection model based on time series can greatly improve the accuracy of process data anomaly detection
and the false positive rate is lower than the traditional hidden Markov anomaly detection model
and at the same time get better real-time performance of anomaly detection.
关键词
Keywords
references
赖英旭 , 刘增辉 , 蔡晓田 , 等 . 工业控制系统入侵检测研究综述 [J]. 通信学报 , 2017 , 38 ( 2 ): 143 - 156 .
Lai Y X , Liu Z H , Cai X T , et al . Research on intrusion detection of industrial control system [J]. Journal on Communications , 2017 , 38 ( 2 ): 143 - 156 . (in Chinese)
张凯一 , 陈铁明 , 严春 . 工业控制系统安全及异常检测研究进展 [J]. 信息安全研究 , 2017 , 3 ( 7 ): 624 - 632 .
Zhang K Y , Chen T M , Yan C . Research survey on industrial control systems security and intrusion detection [J]. Journal of Information Security Research , 2017 , 3 ( 7 ): 624 - 632 . (in Chinese)
毕战科 , 许胜礼 . 入侵检测技术的研究现状及其发展 [J]. 软件导刊 , 2010 , 9 ( 11 ): 152 - 154 .
Bi Z K , Xu S L . Actuality and development trend of intrusion detection technology [J]. Software Guide , 2010 , 9 ( 11 ): 152 - 154 . (in Chinese)
Yim K , Castiglione A , Yi J H , et al . Cyber threats to industrial control systems [A]. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats [C]. New York, NY, USA : ACM , 2015 . 79 - 81 .
Cheminod M , Durante L , Valenzano A . Review of security issues in industrial networks [J]. IEEE Transactions on Industrial Informatics , 2013 , 9 ( 1 ): 277 - 293 .
尚文利 , 张盛山 , 万明 , 等 . 基于PSO-SVM的Modbus TCP通讯的异常检测方法 [J]. 电子学报 , 2014 , 42 ( 11 ): 2314 - 2320 .
Shang W L , Zhang S S , Wan M , et al . Modbus/TCP communication anomaly detection algorithm based on PSO-SVM [J]. Acta Electronica Sinica , 2014 , 42 ( 11 ): 2314 - 2320 . (in Chinese)
张响亮 , 王伟 , 管晓宏 . 基于隐马尔可夫模型的程序行为异常检测 [J]. 西安交通大学学报 , 2005 , 39 ( 10 ): 1056 - 1059 .
Zhang X L , Wang W , Guan X H . Detection of anomalous program behaviors based on hidden Markov models [J]. Journal of Xi'an Jiaotong University , 2005 , 39 ( 10 ): 1056 - 1059 . (in Chinese)
谢柏林 , 余顺争 . 基于关键事件序列的应用层异常检测机制 [J]. 小型微型计算机系统 , 2010 , 31 ( 2 ): 249 - 253 .
Xie B L , Yu S Z . Application level anomaly detection based on series of events [J]. Journal of Chinese Computer Systems , 2010 , 31 ( 2 ): 249 - 253 . (in Chinese)
张云贵 , 赵华 , 王丽娜 . 基于工业控制模型的非参数CUSUM入侵检测方法 [J]. 东南大学学报(自然科学版) , 2012 , 42 ( S1 ): 55 - 59 .
Zhang Y G , Zhao H , Wang L N . A non-parametric CUSUM intrusion detection method based on industrial control model [J]. Journal of Southeast University (Natural Science Edition) , 2012 , 42 ( S1 ): 55 - 59 . (in Chinese)
钱叶魁 , 陈鸣 , 叶立新 , 等 . 基于多尺度主成分分析的全网络异常检测方法 [J]. 软件学报 , 2012 , 23 ( 2 ): 361 - 377 .
Qian Y K , Chen M , Ye L X , et al . Network-wide anomaly detection method based on multiscale principal component analysis [J]. Journal of Software , 2012 , 23 ( 2 ): 361 - 377 . (in Chinese)
Hinton G E . Reducing the dimensionality of data with neural networks [J]. Science , 2006 , 313 ( 5786 ): 504 - 507 .
Vincent P , Larochelle H , Bengio Y , et al . Extracting and composing robust features with denoising autoencoders [A]. Proceedings of the 25th International Conference on Machine Learning(ICML'08) [C]. New York, NY, USA : ACM , 2008 . 1096 - 1103 .
Vincent P , Larochelle H , Lajoie I , et al . Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion [J]. Journal of Machine Learning Research , 2010 , 11 : 3371 - 3408 .
Rifai S , Vincent P , Muller X , et al . Contractive auto-encoders: Explicit invariance during feature extraction [A]. Proceedings of the 28th International Conference on International Conference on Machine Learning(ICML'11) [C]. New York, NY, USA : ACM , 2011 . 833 - 840
Chen M M , Xu Z X , Weinberger K Q , et al . Marginalized denoising autoencoders for domain adaptation [A]. Proceedings of the 29th International Coference on International Conference on Machine Learning(ICML'12) [C]. New York, NY, USA : ACM , 2012 . 1627 - 1634 .
Bengio Y . Learning deep architectures for AI [J]. Foundations and Trends ® in Machine Learning , 2009 , 2 ( 1 ): 1 - 127 .
Liu S J , Yang N , Li M , et al . A recursive recurrent neural network for statistical machine translation [A]. Proceedings of the 52nd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) [C]. Stroudsburg, PA, USA : Association for Computational Linguistics , 2014 . 1491 - 1500 .
Biswas A , Karunakaran S . Cybernetic modeling of industrial control systems: Towards threat analysis of critical infrastructure [EB/OL]. https://www.researchgate.net/publication/282652007_Cybernetic_modeling_of_Industrial_Control_Systems_Towards_threat_analysis_of_critical_infrastructure https://www.researchgate.net/publication/282652007_Cybernetic_modeling_of_Industrial_Control_Systems_Towards_threat_analysis_of_critical_infrastructure , 2021 .
Soelaiman R , Martoyo A , Purwananto Y , et al . Implementation of recurrent neural network and boosting method for time-series forecasting [A]. International Conference on Instrumentation, Communication, Information Technology, and Biomedical Engineering[C] . Bandung , Indonesia : IEEE , 2009 . 1 - 8 .
Ren H R , Ye Z X , Li Z W . Anomaly detection based on a dynamic Markov model [J]. Information Sciences , 2017 , 411 : 52 - 65 .
Tsai C L , Chang A Y , Chen C J , et al . Dynamic intrusion detection system based on feature extraction and multidimensional hidden Markov model analysis [A]. International Carnahan Conference on Security Technology [C]. Zurich, Switzerland : IEEE , 2009 . 85 - 88 .
Marchi E , Vesperini F , Eyben F , et al . A novel approach for automatic acoustic novelty detection using a denoising autoencoder with bidirectional LSTM neural networks [A]. IEEE International Conference on Acoustics, Speech and Signal Processing [C]. South Brisbane, QLD, Australia : IEEE , 2015 . 1996 - 2000 .
Marchi E , Ferroni G , Eyben F , et al . Multi-resolution linear prediction based features for audio onset detection with bidirectional LSTM neural networks [A]. IEEE International Conference on Acoustics, Speech and Signal Processing [C]. Florence, Italy : IEEE , 2014 . 2164 - 2168 .
梁辰 , 李成海 , 周来恩 . PCA-BP神经网络入侵检测方法 [J]. 空军工程大学学报(自然科学版) , 2016 , 17 ( 6 ): 93 - 98 .
Liang C , Li C H , Zhou L E . A PCA-BP neural network-based intrusion detection method [J]. Journal of Air Force Engineering University (Natural Science Edition) , 2016 , 17 ( 6 ): 93 - 98 . (in Chinese)
杨雅辉 , 黄海珍 , 沈晴霓 , 等 . 基于增量式GHSOM神经网络模型的入侵检测研究 [J]. 计算机学报 , 2014 , 37 ( 5 ): 1216 - 1224 .
Yang Y H , Huang H Z , Shen Q N , et al . Research on intrusion detection based on incremental GHSOM [J]. Chinese Journal of Computers , 2014 , 37 ( 5 ): 1216 - 1224 . (in Chinese)
0
Views
12
下载量
7
CSCD
- L-PDFDownload
- Meta-XMLDownload
- BibTeXDownload
- EndnoteDownload
- RefMan Download
- NoteExpressDownload
- NoteFirstDownload
Publicity Resources
Related Articles
Related Author
Related Institution
- Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09064830号-19
京公网安备11010802024621 - It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
- Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.