基于自编码器和隔离森林的水处理系统递进式异常检测方法
A Progressive Abnormal Detection Method for Water Treatment System Based on Autoencoder and Isolation Forest
- 电子学报 2024年52卷第11期 页码:3823-3834
- 作者机构:
1.重庆邮电大学现代邮政学院,重庆 400065
2.重庆邮电大学自动化学院/工业互联网学院,重庆 400065
- 作者简介:
[ "胡向东 男,1971年生,四川广安人.博士,重庆邮电大学教授,博士生导师.主要研究方向为智能感知、网络化测量与工业互联网安全等. E-mail: huxd@cqupt.edu.cn" ]
[ "刘 浪 男,1999年生,重庆江津人.重庆邮电大学硕士研究生.主要研究方向为工业互联网安全. E-mail: liul1652725@163.com" ]
- 基金信息:重庆市高校创新研究群体(CXQT20016)
DOI:10.12263/DZXB.20230704
中图分类号: TN918.91;TP183收稿:2023-07-26,
修回:2024-02-02,
纸质出版:2024-11-25
- 稿件说明:
移动端阅览
胡向东, 刘浪. 基于自编码器和隔离森林的水处理系统递进式异常检测方法[J]. 电子学报, 2024, 52(11): 3823-3834.
HU Xiang-dong, LIU Lang. A Progressive Abnormal Detection Method for Water Treatment System Based on Autoencoder and Isolation Forest[J]. Acta Electronica Sinica, 2024, 52(11): 3823-3834.
胡向东, 刘浪. 基于自编码器和隔离森林的水处理系统递进式异常检测方法[J]. 电子学报, 2024, 52(11): 3823-3834. DOI:10.12263/DZXB.20230704
HU Xiang-dong, LIU Lang. A Progressive Abnormal Detection Method for Water Treatment System Based on Autoencoder and Isolation Forest[J]. Acta Electronica Sinica, 2024, 52(11): 3823-3834. DOI:10.12263/DZXB.20230704
摘要
集成了工业互联网技术的水处理系统随着信息化程度的加深而面临着愈加严峻的异常行为入侵挑战.针对传统异常检测方法常用单一阈值检测、检测准确率低、误报率高等问题,提出一种融合自编码器和隔离森林的水处理系统递进式异常检测方法.首先,通过降采样过滤重复数据,加快递进式异常检测模型的训练和测试效率;其次,构建自编码器隐含层神经元捕捉数据关键
特征,优化自编码器的权重和偏置,设定重构误差阈值作为输入与重构之间的差异度量进行基础性检测;最后,构建以平均路径长度为异常度量阈值的隔离树并生成隔离森林,针对基础性检测发现的异常数据进一步遍历隔离树完成高级检测;基于两阶段递进式异常检测提升检测效果.实验结果表明,本文方法在安全水处理系统数据集下的异常检测准确率、
F
1
值均超过95%,准确率相比于传统方法平均提升31.86个百分点,特别是异常检测误报率被较大幅度降至0.30%.对配水系统数据集进行泛化性分析取得的精确率、召回率等指标均超过94%.模型的训练和测试时间相较于对比方法具有综合性能上的突出优势.
Abstract
With the deepening of informatization of water treatment systems integrated industrial internet technology are facing increasingly severe challenges of abnormal behavior intrusion. Aiming at such problems as single threshold detection
low detection accuracy
high false alarm rate and so on in traditional anomaly detection methods
a progressive anomaly detection method for water treatment systems that integrates autoencoders and isolation forests is proposed. Firstly
by downsampling to filter duplicate data
the training and testing efficiency of the progressive anomaly detection model is accelerated; Secondly
the hidden layer neurons of the autoencoder are constructed to capture the key features of the data
optimize the weight and bias of the autoencoder
and set the reconstruction error threshold as the difference measurement between input and reconstruction for basic detection; Finally
construct an isolation tree with the average path length as the anomaly measurement threshold to form an isolation forest
and further traverse the isolation tree to complete advanced detection based on the anomaly data discovered by basic detection; Improving detection performance based on two-stage progressive anomaly detection. The experimental results show that the accuracy and
F
1
score of the proposed method in the secure water treatment dataset exceeds 95%
compared with the traditional method
the accuracy is improved by 31.86 percentage points on average
especially
the false positive rate of anomaly detection is significantly reduced to 0.30%. The precision rate
recall rate and other indicators obtained by the
generalization analysis of the water distribution dataset are all over 94%. The training and testing time of the model has outstanding advantages in terms of comprehensive performance compared to comparative methods.
关键词
Keywords
references
ALIMI O A , OUAHADA K , ABU-MAHFOUZ A M , et al . A review of research works on supervised learning algorithms for SCADA intrusion detection and classification [J ] . Sustainability , 2021 , 13 ( 17 ): 9597 .
孙海丽 , 龙翔 , 韩兰胜 , 等 . 工业物联网异常检测技术综述 [J ] . 通信学报 , 2022 , 43 ( 3 ): 196 - 210 .
SUN H L , LONG X , HAN L S , et al . Overview of anomaly detection techniques for industrial Internet of Things [J ] . Journal on Communications , 2022 , 43 ( 3 ): 196 - 210 . (in Chinese)
BHAMARE D , ZOLANVARI M , ERBAD A , et al . Cybersecurity for industrial control systems: A survey [J ] . Computers & Security , 2020 , 89 : 101677 .
尚文利 , 石贺 , 赵剑明 , 等 . 基于SAE-LSTM的工艺数据异常检测方法 [J ] . 电子学报 , 2021 , 49 ( 8 ): 1561 - 1568 .
SHANG W L , SHI H , ZHAO J M , et al . An anomaly detection method of process data based on SAE-LSTM [J ] . Acta Electronica Sinica , 2021 , 49 ( 8 ): 1561 - 1568 . (in Chinese)
席亮 , 王瑞东 , 樊好义 , 等 . 基于样本关联感知的无监督深度异常检测模型 [J ] . 计算机学报 , 2021 , 44 ( 11 ): 2317 - 2331 .
XI L , WANG R D , FAN H Y , et al . Sample-correlation-aware unsupervised deep anomaly detection model [J ] . Chinese Journal of Computers , 2021 , 44 ( 11 ): 2317 - 2331 . (in Chinese)
施媛波 . 变分自编码器和注意力机制的异常入侵检测方法 [J ] . 重庆邮电大学学报(自然科学版) , 2022 , 34 ( 6 ): 1071 - 1078 .
SHI Y B . Anomaly intrusion detection method based on variational autoencoder and attention mechanism [J ] . Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition) , 2022 , 34 ( 6 ): 1071 - 1078 . (in Chinese)
ELNOUR M , MESKIN N , KHAN K M . Hybrid attack detection framework for industrial control systems using 1D-convolutional neural network and isolation forest [C ] // 2020 IEEE Conference on Control Technology and Applicati-ons (CCTA) . Piscataway : IEEE , 2020 : 877 - 884 .
ELNOUR M , MESKIN N , KHAN K , et al . A dual-isolation-forests-based attack detection framework for industrial control systems [J ] . IEEE Access , 2020 , 8 : 36639 - 36651 .
XIONG Z M , ZHU D F , LIU D F , et al . Anomaly detection of metallurgical energy data based on iForest-AE [J ] . Applied Sciences , 2022 , 12 ( 19 ): 9977 .
胡向东 , 李之涵 . 基于胶囊网络的工业互联网入侵检测方法 [J ] . 电子学报 , 2022 , 50 ( 6 ): 1457 - 1465 .
HU X D , LI Z H . Intrusion detection method based on capsule network for industrial Internet [J ] . Acta Electronica Sinica , 2022 , 50 ( 6 ): 1457 - 1465 . (in Chinese)
胡向东 , 吕高飞 , 白银 . 基于优化支持向量回归的工业互联网安全态势预测方法 [J ] . 电子学报 , 2023 , 51 ( 2 ): 446 - 454 .
HU X D , LÜ G F , BAI Y . A method of security situation prediction for industrial Internet based on optimized support vector regression [J ] . Acta Electronica Sinica , 2023 , 51 ( 2 ): 446 - 454 . (in Chinese)
杨晓晖 , 张圣昌 . 基于多粒度级联孤立森林算法的异常检测模型 [J ] . 通信学报 , 2019 , 40 ( 8 ): 133 - 142 .
YANG X H , ZHANG S C . Anomaly detection model based on multi-grained cascade isolation forest algorithm [J ] . Journal on Communications , 2019 , 40 ( 8 ): 133 - 142 . (in Chinese)
TSAI D M , JEN P H . Autoencoder-based anomaly detection for surface defect inspection [J ] . Advanced Engineering Informatics , 2021 , 48 : 101272 .
袁非牛 , 章琳 , 史劲亭 , 等 . 自编码神经网络理论及应用综述 [J ] . 计算机学报 , 2019 , 42 ( 1 ): 203 - 230 .
YUAN F N , ZHANG L , SHI J T , et al . Theories and applications of auto-encoder neural networks: A literature survey [J ] . Chinese Journal of Computers , 2019 , 42 ( 1 ): 203 - 230 . (in Chinese)
GOH J , ADEPU S , JUNEJO K N , et al . A dataset to support research in the design of secure water treatment Systems [M ] // Lecture Notes in Computer Science . Cham : Springer International Publishing , 2017 : 88 - 99 .
AHMED C M , PALLETI V R , MATHUR A P . WADI: A water distribution testbed for research in the design of secure cyber physical systems [C ] // Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks . New York : ACM , 2017 : 25 - 28 .
MACAS M , WU C M . An unsupervised framework for anomaly detection in a water treatment system [C ] // 2019 18th IEEE International Conference on Machine Learning and Applications (ICMLA) . Piscataway : IEEE , 2019 : 1298 - 1305 .
PRIYANGA S , KRITHIVASAN K , PRAVINRAJ S , et al . Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph- based convolution neural network (EPCA-HG-CNN) [J ] . IEEE Transactions on Industry Applications , 2020 , 56 ( 4 ): 4394 - 4404 .
XIE X , WANG B , WAN T C , et al . Multivariate abnormal detection for industrial control systems using 1D CNN and GRU [J ] . IEEE Access , 2020 , 8 : 88348 - 88359 .
PANG G S , SHEN C H , CAO L B , et al . Deep learning for anomaly detection: A review [J ] . ACM Computing Surveys , 2022 , 54 ( 2 ): 1 - 38 .
LI D , CHEN D C , JIN B H , et al . MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks [M ] // Lecture Notes in Computer Science . Cham : Springer International Publishing , 2019 : 703 - 716 .
0
浏览量
16
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies