通信学报 ›› 2022, Vol. 43 ›› Issue (3): 196-210.doi: 10.11959/j.issn.1000-436x.2022032
孙海丽1, 龙翔1,2, 韩兰胜1,3, 黄炎4, 李清波1
修回日期:
2022-01-24
出版日期:
2022-03-25
发布日期:
2022-03-01
作者简介:
孙海丽(1991- ),女,湖北武汉人,华中科技大学博士生,主要研究方向为工业物联网安全、入侵检测与预防、隐私保护、恶意行为识别等基金资助:
Haili SUN1, Xiang LONG1,2, Lansheng HAN1,3, Yan HUANG4, Qingbo LI1
Revised:
2022-01-24
Online:
2022-03-25
Published:
2022-03-01
Supported by:
摘要:
针对不同的异常检测方法的差异及应用于工业物联网(IIoT)安全防护的适用性问题,从技术原理出发,调研分析2000—2021年发表的关于网络异常检测的论文,总结了工业物联网面临的安全威胁,归纳了9种网络异常检测方法及其特点,通过纵向对比梳理了不同方法的优缺点和适用工业物联网场景。另外,对常用数据集做了统计分析和对比,并从4个方向对未来发展趋势进行展望。分析结果可以指导按应用场景选择适配方法,发现待解决关键问题并为后续研究指明方向。
中图分类号:
孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210.
Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things[J]. Journal on Communications, 2022, 43(3): 196-210.
表1
基于统计学习方法的异常检测在工业物联网中的应用"
方法 | 数据性质 | 异常类型 | 可用的数据 | 传感器类型 | 应用领域 | 评价标准 | 被引用数 |
统计学习 | 连续型数据 | 点异常 | 温度、湿度、光照强度等数据 | 温度、湿度传感器等 | 野外监测 | 准确率和误报率 | 17 |
时序逻辑 | 连续型数据 | 点异常 | 在50个轨迹集合上进行监督学习 | 空压机电机转速 | 燃料电池车辆 | 误分类率 | 18 |
关联性分析 | 连续型数据 | 上下文异常 | 在 5 个机器数据上进行监督学习 | 发动机上的传感器 | 工厂里的发电机 | 相关性系数 | 36 |
密度函数模型 | 连续型数据 | 点异常 | 在24个太阳能面板数据上进行监督学习 | 电流数据 | 太阳能发电系统 | ROC曲线 | 6 |
马尔可夫链 | 连续型数据 | 点异常 | 在压力传感器数据上进行监督学习 | 压力传感器 | 石油管道 | 准确率 | 14 |
表2
工业系统中基于特征选择的异常检测方法"
方法 | 文献 | 使用的数据集 | 性能指标 | 被引次数 |
PCA-神经网络 | 文献[ | NSL-KDD数据集 | 训练时间、检测时间、检测到的记录数 | 126 |
KPCA+ELM | 文献[ | KDD Cup 99数据集 | 准确率为0.98,误报率为0.02,检测时间为0.75 ms | 2 |
IELM+APCA | 文献[ | NSL-KDD数据集 | 准确率为0.81,检测时间为19.97,误报率为0.30 | 20 |
UNSW-NB15数据集 | 准确率为0.70,检测时间为476.19,误报率为0.35 | 20 | ||
元启发式算法+k-means | 文献[ | NSL-KDD数据集 | 准确率为0.97,检测率为0.96,误报率为0.02 | 60 |
TSA+KNN | 文献[ | KDD Cup 99数据集 | 准确率为0.873 4 | 16 |
MRMR + SVM | 文献[ | UNSW-NB15数据集MSU数据集 | 准确率为0.699 6准确率为0.956 7 | 00 |
QBSO-FS+机器学习 | 文献[ | NSL-KDD数据集 | 准确率、召回率 | 0 |
表3
工业系统中基于机器学习的异常检测方法"
方法 | 异常类型 | 实验数据 | 传感器类型 | 评价标准 |
ELM | 点异常 | 燃烧室排气数据 | 温度传感器 | ROC曲线 |
多元聚类 | 上下文异常 | 真实的感知数据 | 来自电力、水和天然气系统的传感器数据 | 误分类率 |
聚类 | 上下文异常 | 在五层建筑物的非监督学习 | 温度传感器 | 错误警报 |
GBDT | 上下文异常 | 风力涡轮机数据的监督学习 | 150个风力涡轮机的测量参数 | 准确率 |
双重孤立森林+主成分分析 | 集合异常 | 安全水处理实验台和水分配试验 | 压力传感器、红外传感器等 | 分类精度、召回率 |
台数据 | ||||
OCSTuM+GA-OCSTuM | 点异常 | 蒙特斯传感器数据集等 | 54个不同种类的传感器 | 准确率 |
表4
工业系统中的基于深度学习的异常检测研究成果"
方法 | 文献 | 使用的数据集 | 性能指标 | 被引用数 |
CNN | 文献[ | SWAT数据集 | 精确率为0.95,召回率为0.79,F1得分为0.87 | 132 |
RNN+LSTM | 文献[ | 网络流量包 | 均方差为265.65,平均绝对误差为3.23,R2为0.97 | 3 |
包签名+LSTM | 文献[ | Gas pipeline system数据集 | 准确率为0.92,精确率为0.94,召回率为0.78,F1得分为0.85 | 134 |
向量卷积深度学习 | 文献[ | UNSW Bot-IoT 数据集 | 准确率为0.99,精确率为0.99,召回率为0.99 | 11 |
LSTM | 文献[ | Modbus/TCP网络流量数据集 | 准确率为0.99,精确率为0.99,召回率为0.98,F1得分为0.99 | 16 |
CNN cuDNNLSTM | 文献[ | Bot-IoT数据集 | 准确率为0.99,精确率为0.99,召回率为0.99,F1得分为0.99,假阳率为0.059 | 8 |
k-means + 卷积自动编码器 | 文献[ | Gas pipeline system数据集 | 准确率为0.95,精确率为0.95,召回率为0.83,F1得分为0.89 | 5 |
Water storage tank 数据集 | 准确率为0.96,精确率为0.93,召回率为0.94,F1得分为0.93 | 5 | ||
堆叠变分神经网络 | 文献[ | Windows勒索软件数据集 | 准确率为0.92,检测率为0.99,假阳率为0.139 | 7 |
自动编码器+极限学习机 | 文献[ | Gas pipeline数据集 | 准确率为0.97,假阳率为0.0035,ROC为曲线 | 1 |
GRU+多头注意力 | 文献[ | Bot-IoT数据集 | 准确率为0.98,F1得分为0.97,AUC 为0.99 | 2 |
UNSW_NB15数据集 | 准确率为0.99, F1得分为0.98,AUC为0.99 | 2 | ||
双向LSTM | 文献[ | CTU-13数据集 | 准确率为0.95,检测率为0.67,假阳率为0.53,假阴率为0.21 | 6 |
AWID 数据集 | 准确率为0.97,检测率为0.83,假阳率为0.20,假阴率为0.602 | 6 | ||
深度随机神经网络 | 文献[ | UNSW_NB15数据集 | 准确率为0.9954 | 4 |
孪生卷积神经网络 | 文献[ | UNSW_NB15数据集 | 精确率为0.90,召回率为0.96,F1得分为0.93,误报率为0.047 | 21 |
表5
联邦学习在工业异常检测中的研究成果"
方法 | 文献 | 使用的数据集 | 性能指标 | 被引次数 |
联邦学习+CNN-LSTM | 文献[ | Power demand数据集 | 准确率:约0.94,均方根误差:约3.8 | 6 |
Statlog数据集 | 准确率:约0.93,均方根误差:约4 | 6 | ||
联邦学习+注意力机制+CNN-LSTM | 文献[ | Power demand数据集 | 准确率:约0.97,均方根误差:约3.7 | 32 |
Statlog数据集 | 准确率:约0.95,均方根误差:约3.75 | 32 | ||
联邦学习+CNN-GRU | 文献[ | Gas pipeline数据集 | 精确率,召回率,F1得分 | 26 |
联邦学习+深度强化学习 | 文献[ | — | 系统吞吐量,平均时延,准确率 | 4 |
表6
工业物联网中基于云计算、边缘计算和雾计算的异常检测方法"
方法 | 文献 | 使用的数据集 | 性能指标 | 被引次数 |
HEC-自动编码器+LSTM | 文献[ | Power consumption数据集 | 准确率为0.99,F1得分为0.87,时延为144.5 ms | 2 |
mHealth数据集 | 准确率为0.98,F1得分为0.97,时延为674.87 ms | 2 | ||
HEC-深度神经网络 | 文献[ | Power consumption数据集 | 准确率为0.98,F1得分为0.83,时延为16.28 ms | 9 |
HEC-模糊理论 | 文献[ | 单个/多个传感器数据 | 准确率,算法执行时间,平均时延 | 11 |
边缘计算-深度学习 | 文献[ | BaIoT、EI Nino数据集 | 真阳率,假阳率,时耗 | 0 |
表9
每种检测方法的优缺点以及现有研究成果"
方法 | 优点 | 缺点 | 研究成果 |
系统不变性 | 一旦挖掘出系统不变性,只要是违反这些不变性的动作,都被认为是异常的;能够应对工业系统数据的动态性 | 不能发掘系统所有的不变性;适用性较差;不适合处理高维传感器数据 | 文献[ |
物理状态建模 | 一旦完成物理模型的构建,只要是偏离物理模型的操作,都被识别为异常;计算量小,时间复杂度低;为特定系统量身定做 | 不适合处理高维传感器数据;网络攻击者可以躲避控制理论建模方法的检测;构建模型需要专家知识;适用性较差 | 文献[ |
统计学习 | 一旦获得合适的概率分布模型,就能够有效识别异常;利用时间相关性可以检测出传感器的故障和异常值 | 由于通常没有以前的传感器数据分布知识,参数统计方法是没有好处的,而非参数统计模型不适用于数据密集的物联网在实时环境下的工作。通常,管理产生的多变量数据的计算成本很高 | 文献[ |
特征选择 | 筛选出强相关性的特征,降低数据的噪声和冗余性;能够处理高维传感器数据 | 需要通过人工选择或自动提取方式找到合适的特征,人工特征选择依赖专家经验,自动提取方式模型可解释性较差 | 文献[ |
机器学习 | 适用于物联网系统中不同传感器产生的各种类型的数据,有监督、半监督和无监督等多种学习方式 | 性能很大程度上依赖所采用的特征工程技术的稳健性;应用于大规模高维数据时,性能会严重恶化;学习能力不够强,无法应对工业物联网环境中数据(网络攻击)的动态性 | 文献[ |
深度学习 | 具有自动学习能力,且学习能力强大,可处理高维传感器数据;可应对物联网环境中数据(网络攻击)的动态性;不需要特征工程;实时检测异常 | 模型需要进行多次微调和模拟,才能在现实生活中投入使用;模型计算成本高,不适合资源不足的传感器;依赖大量标注数据 | 文献[ |
联邦学习 | 在多方数据源聚合的场景下协同训练全局最优模型,同时能够保护数据隐私,支持样本数量不足的情况 | 通信效率短板明显、隐私安全仍有缺陷、缺乏信任与激励机制 | 文献[ |
边缘/雾计算 | 减轻云和核心网络的网络负担;能够处理对时间要求严格的物联网的能源效率和时延敏感型应用 | 依赖网络传输、存在通信时延和隐私问题 | 文献[ |
图 | 能够学习多传感器数据之间的相互依赖;检测并发攻击 | 依赖图结构数据,需要构建数据之间的复杂关联,并且可能存在数据稀疏情况下的学习不平衡问题 | 文献[ |
指纹 | 通过建模ICS网络的静态和低时延特征或者信号传输的模式来建立设备的指纹,不符合该指纹模式的数据皆被识别为异常 | 不能应对工业网络数据的动态性;若系统特征少,则无法建立指纹 | 文献[ |
生物免疫 | 建立在精确数据模型或进化计算的基础上;数学模型简单,易于实现 | 功能不强,容易失真 | 文献[ |
表10
工业物联网中用于异常检测的公共数据集"
数据集 | 数据类型 | 正常实例数 | 异常实例数 | 特征数 | 通信协议 | 详情 | 被引次数 |
Bot-IoT数据集 | 物联网网络流量 | 9 543 | 73 360 900 | — | — | 文献[ | 284 |
Smart grid数据集 | 网络流量 | 470 | 391 | 14 | DNP3 | 文献[ | 22 |
UNSW_NB15数据集 | 网络流量 | 2 218 761 | 321 283 | 49 | TCP,UDP,ICMP | 文献[ | 992 |
SWAT数据集 | CPS网络流量 | 15 000 000(未区分) | 19 | MODBUS | 文献[ | 193 | |
物理属性 | 946 722(未区分) | 51 | — | — | — | ||
NSL-KDD数据集 | 网络流量 | 训练集:125 973,测试集:22 544(未区分) | 41 | TCP/IP | 文献[ | 3 085 | |
KDD Cup 99数据集 | 网络流量 | 训练集:4 900 000,测试集:2 000 000(未区分) | 41 | TCP/IP | 文献[ | 3 085 | |
CTU-13数据集 | 网络流量 | 59 190 | 21 760 | 11 | HTTP | 文献[ | 493 |
mHealth数据集 | 多元时间序列 | 120(未区分) | 23 | — | 文献[ | 227 |
[1] | DAUGHERTY P , BERTHON B . Winning with the industrial Internet of things:how to accelerate the journey to productivity and growth[R]. 2015. |
[2] | TANGE K , DONNO M D , FAFOUTIS X ,et al. A systematic survey of industrial Internet of things security:requirements and fog computing opportunities[J]. IEEE Communications Surveys & Tutorials, 2020,22(4): 2489-2520. |
[3] | SPOGNARDI A , DONNO M D , DRAGONI N ,et al. Analysis of DDoS-capable IoT malwares[C]// Proceedings of the 2017 Federated Conference on Computer Science and Information Systems,Annals of Computer Science and Information Systems. Piscataway:IEEE Press, 2017: 807-816. |
[4] | ZHOU L Y , GUO H Q . Anomaly detection methods for IIoT networks[C]// Proceedings of 2018 IEEE International Conference on Service Operations and Logistics,and Informatics. Piscataway:IEEE Press, 2018: 214-219. |
[5] | LANGNER R . Stuxnet:dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011,9(3): 49-51. |
[6] | LEE R . CRASHOVERRIDE:analysis of the threat to electric grid operations[R]. 2017. |
[7] | BUCZAK A L , GUVEN E . A survey of data mining and machine learning methods for cyber security intrusion detection[J]. IEEE Communications Surveys & Tutorials, 2016,18(2): 1153-1176. |
[8] | CHANDOLA V , BANERJEE A , KUMAR V . Anomaly detection[J]. ACM Computing Surveys, 2009,41(3): 1-58. |
[9] | BHUYAN M H , BHATTACHARYYA D K , KALITA J K . Network anomaly detection:methods,systems and tools[J]. IEEE Communications Surveys & Tutorials, 2014,16(1): 303-336. |
[10] | GARCíA-TEODORO P , DíAZ-VERDEJO J , MACIá-FERNáNDEZ G ,et al. Anomaly-based network intrusion detection:techniques,systems and challenges[J]. Computers & Security, 2009,28(1/2): 18-28. |
[11] | CHOUDHARI A , RAMAPRASAD H , PAUL T ,et al. Stability of a cyber-physical smart grid system using cooperating invariants[C]// Proceedings of 2013 IEEE 37th Annual Computer Software and Applications Conference. Piscataway:IEEE Press, 2013: 760-769. |
[12] | PAUL T , KIMBALL J W , ZAWODNIOK M ,et al. Unified invariants for cyber-physical switched system stability[J]. IEEE Transactions on Smart Grid, 2014,5(1): 112-120. |
[13] | PAL K , ADEPU S , GOH J . Effectiveness of association rules mining for invariants generation in cyber-physical systems[C]// Proceedings of 2017 IEEE 18th International Symposium on High Assurance Systems Engineering. Piscataway:IEEE Press, 2017: 124-127. |
[14] | MOMTAZPOUR M , ZHANG J H , RAHMAN S ,et al. Analyzing invariants in cyber-physical systems using latent factor regression[C]// Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York:ACM Press, 2015: 2009-2018. |
[15] | CHEN Y Q , POSKITT C M , SUN J . Learning from mutants:using code mutation to learn and monitor invariants of a cyber-physical system[C]// Proceedings of 2018 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2018: 648-660. |
[16] | FENG C , PALLETI V R , MATHUR A ,et al. A systematic framework to generate invariants for anomaly detection in industrial control systems[C]// Proceedings of 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 1-15. |
[17] | ASHOK A , GOVINDARASU M , WANG J H . Cyber-physical attack-resilient wide-area monitoring,protection,and control for the power grid[J]. Proceedings of the IEEE, 2017,105(7): 1389-1407. |
[18] | AMIN S , LITRICO X , SASTRY S S ,et al. Cyber security of water SCADA systems—part II:attack detection using enhanced hydrodynamic models[J]. IEEE Transactions on Control Systems Technology, 2013,21(5): 1679-1693. |
[19] | LIN H , SLAGELL A , KALBARCZYK Z ,et al. Semantic security analysis of SCADA networks to detect malicious control commands in power grids[C]// Proceedings of the First ACM Workshop on Smart Energy Grid Security. New York:ACM Press, 2013: 29-34. |
[20] | SRIDHAR S , GOVINDARASU M . Model-based attack detection and mitigation for automatic generation control[J]. IEEE Transactions on Smart Grid, 2014,5(2): 580-591. |
[21] | MO Y L , KIM T H J , BRANCIK K ,et al. Cyber–physical security of a smart grid infrastructure[J]. Proceedings of the IEEE, 2012,100(1): 195-209. |
[22] | ETCHEVéS M E , SETOLA R , BERNIERI G ,et al. Fault diagnosis and network anomaly detection in water infrastructures[J]. IEEE Design & Test, 2017,34(4): 44-51. |
[23] | RAJASEGARAR S , LECKIE C , PALANISWAMI M . Anomaly detection in wireless sensor networks[J]. IEEE Wireless Communications, 2008,15(4): 34-40. |
[24] | RAJASEGARAR S , LECKIE C , PALANISWAMI M . Detecting data anomalies in wireless sensor networks[M]. Singapore: World Scientific, 2009. |
[25] | 费欢, 肖甫, 李光辉 ,等. 基于多模态数据流的无线传感器网络异常检测方法[J]. 计算机学报, 2017,40(8): 1829-1842. |
FEI H , XIAO F , LI G H ,et al. An anomaly detection method of wireless sensor network based on multi-modals data stream[J]. Chinese Journal of Computers, 2017,40(8): 1829-1842. | |
[26] | AKIYAMA Y , KASAI Y J , IWATA M ,et al. Anomaly detection of solar power generation systems based on the normalization of the amount of generated electricity[C]// Proceedings of 2015 IEEE 29th International Conference on Advanced Information Networking and Applications. Piscataway:IEEE Press, 2015: 294-301. |
[27] | NGUYEN L V , KAPINSKI J , JIN X Q ,et al. Abnormal data classification using time-frequency temporal logic[C]// Proceedings of the 20th International Conference on Hybrid Systems:Computation and Control. New York:ACM Press, 2017: 237-242. |
[28] | ZHAO P S , KURIHARA M , TANAKA J ,et al. Advanced correlation-based anomaly detection method for predictive maintenance[C]// Proceedings of 2017 IEEE International Conference on Prognostics and Health Management. Piscataway:IEEE Press, 2017: 78-83. |
[29] | ZANG D , LIU J H , WANG H Z . Markov chain-based feature extraction for anomaly detection in time series and its industrial application[C]// Proceedings of 2018 Chinese Control and Decision Conference (CCDC). Piscataway:IEEE Press, 2018: 1059-1063. |
[30] | LAKHINA M , SINI J , BHUPENDRA V . Feature reduction using principal component analysis for effective anomaly–based intrusion detection on NSL-KDD[J]. International Journal of Engineering Science and Technology, 2010,2(6): 1790-1799. |
[31] | ZHOU Y , YU L , LIU M S ,et al. Network intrusion detection based on Kernel principal component analysis and extreme learning machine[C]// Proceedings of 2018 IEEE 18th International Conference on Communication Technology. Piscataway:IEEE Press, 2018: 860-864. |
[32] | GAO J L , CHAI S C , ZHANG B H ,et al. Research on network intrusion detection based on incremental extreme learning machine and adaptive principal component analysis[J]. Energies, 2019,12(7): 1223. |
[33] | KANG S H , . A feature selection algorithm to find optimal feature subsets for detecting DoS attacks[C]// Proceedings of 2015 5th International Conference on IT Convergence and Security (ICITCS). Piscataway:IEEE Press, 2015: 1-3. |
[34] | KANG S H , KIM K J . A feature selection approach to find optimal feature subsets for the network intrusion detection system[J]. Cluster Computing, 2016,19(1): 325-333. |
[35] | FERRIYAN A , THAMRIN A H , TAKEDA K ,et al. Feature selection using genetic algorithm to improve classification in network intrusion detection system[C]// Proceedings of 2017 International Electronics Symposium on Knowledge Creation and Intelligent Computing (IES-KCIC). Piscataway:IEEE Press, 2017: 46-49. |
[36] | CHEN F , YE Z W , WANG C Z ,et al. A feature selection approach for network intrusion detection based on tree-seed algorithm and K-nearest neighbor[C]// Proceedings of 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems. Piscataway:IEEE Press, 2018: 68-72. |
[37] | ZHANG X Y , LI J , ZHANG D J ,et al. Research on feature selection for cyber attack detection in industrial Internet of things[C]// Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies. New York:ACM Press, 2020: 256-262. |
[38] | CHENG X X , LI W , XIAO Z ,et al. Intrusion detection system based on QBSO-FS[C]// Proceedings of 2020 International Conference on Artificial Intelligence and Computer Engineering (ICAICE). Piscataway:IEEE Press, 2020: 372-377. |
[39] | YAN W Z , . One-class extreme learning machines for gas turbine combustor anomaly detection[C]// Proceedings of 2016 International Joint Conference on Neural Networks (IJCNN). Piscataway:IEEE Press, 2016: 2909-2914. |
[40] | NARAYANASWAMY B , BALAJI B , GUPTA R ,et al. Data driven investigation of faults in HVAC systems with model,cluster and compare (MCC)[C]// Proceedings of the 1st ACM Conference on Embedded Systems for Energy-Efficient Buildings. New York:ACM Press, 2014: 50-59. |
[41] | HAYES M A , CAPRETZ M A M . Contextual anomaly detection in big sensor data[C]// Proceedings of 2014 IEEE International Congress on Big Data. Piscataway:IEEE Press, 2014: 64-71. |
[42] | FU L D , ZHANG W B , TAN X B ,et al. An algorithm for detection of traffic attribute exceptions based on cluster algorithm in industrial Internet of things[J]. IEEE Access, 2021,9: 53370-53378. |
[43] | TAMY S , BELHADAOUI H , RABBAH M A ,et al. An evaluation of machine learning algorithms to detect attacks in SCADA network[C]// Proceedings of 2019 7th Mediterranean Congress of Telecommunications (CMT). Piscataway:IEEE Press, 2019: 1-5. |
[44] | ELNOUR M , MESKIN N , KHAN K ,et al. A dual-isolation- forests-based attack detection framework for industrial control systems[J]. IEEE Access, 2020,8: 36639-36651. |
[45] | ALSHAMMARI A , ZOHDY M A . Internet of things attacks detection and classification using tiered hidden Markov model[C]// Proceedings of the 2019 8th International Conference on Software and Computer Applications. New York:ACM Press, 2019: 550-554. |
[46] | CARINO J A , ZURITA D , PICOT A ,et al. Novelty detection methodology based on multi-modal one-class support vector machine[C]// Proceedings of 2015 IEEE 10th International Symposium on Diagnostics for Electrical Machines,Power Electronics and Drives. Piscataway:IEEE Press, 2015: 184-190. |
[47] | LEE S , YOO H , SEO J ,et al. Packet diversity-based anomaly detection system with OCSVM and representative model[C]// Proceedings of 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data. Piscataway:IEEE Press, 2016: 498-503. |
[48] | YANG H H , ZHOU Z P . A novel intrusion detection scheme using cloud grey wolf optimizer[C]// Proceedings of 2018 37th Chinese Control Conference (CCC). Piscataway:IEEE Press, 2018: 8297-8302. |
[49] | DENG X W , JIANG P , PENG X N ,et al. An intelligent outlier detection method with one class support tucker machine and genetic algorithm toward big sensor data in Internet of things[J]. IEEE Transactions on Industrial Electronics, 2019,66(6): 4672-4683. |
[50] | WU C W , CHEN M . Early anomaly detection in wind turbine bolts breaking problem—methodology and application[C]// Proceedings of 2018 IEEE 3rd International Conference on Big Data Analysis. Piscataway:IEEE Press, 2018: 402-406. |
[51] | WANG B , LI M X , SHU F ,et al. Bayesian-based industrial Internet service abnormal detection algorithm[C]// Proceedings of the 2nd International Conference on Information Technologies and Electrical Engineering. New York:ACM Press, 2019: 1-4. |
[52] | KRAVCHIK M , SHABTAI A . Detecting cyber attacks in industrial control systems using convolutional neural networks[C]// Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy. New York:ACM Press, 2018: 72-83. |
[53] | FERRAG M A , MAGLARAS L , MOSCHOYIANNIS S ,et al. Deep learning for cyber security intrusion detection:approaches,datasets,and comparative study[J]. Journal of Information Security and Applications, 2020,50:102419. |
[54] | PARK S H , PARK H J , CHOI Y J . RNN-based prediction for network intrusion detection[C]// Proceedings of 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC). Piscataway:IEEE Press, 2020: 572-574. |
[55] | GOH J , ADEPU S , TAN M ,et al. Anomaly detection in cyber physical systems using recurrent neural networks[C]// Proceedings of 2017 IEEE 18th International Symposium on High Assurance Systems Engineering. Piscataway:IEEE Press, 2017: 140-145. |
[56] | KORONIOTIS N , MOUSTAFA N , SITNIKOVA E ,et al. Towards the development of realistic botnet dataset in the Internet of things for network forensic analytics:Bot-IoT dataset[J]. Future Generation Computer Systems, 2019,100: 779-796. |
[57] | FREITAS D A P , KADDOUM G , CAMPELO D R ,et al. Intrusion detection for cyber–physical systems using generative adversarial networks in fog environment[J]. IEEE Internet of Things Journal, 2021,8(8): 6247-6256. |
[58] | ZHOU P , . Payload-based anomaly detection for industrial Internet using encoder assisted GAN[C]// Proceedings of 2020 IEEE 6th International Conference on Computer and Communications. Piscataway:IEEE Press, 2020: 669-673. |
[59] | LIU H P , ZHOU Z P , ZHANG M . Application of optimized bidirectional generative adversarial network in ICS intrusion detection[C]// Proceedings of 2020 Chinese Control and Decision Conference (CCDC). Piscataway:IEEE Press, 2020: 3009-3014. |
[60] | IBITOYE O , SHAFIQ O , MATRAWY A . Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks[C]// Proceedings of 2019 IEEE Global Communications Conference. Piscataway:IEEE Press, 2019: 1-6. |
[61] | KORONIOTIS N , MOUSTAFA N , SITNIKOVA E . A new network forensic framework based on deep learning for Internet of things networks:a particle deep framework[J]. Future Generation Computer Systems, 2020,110: 91-106. |
[62] | ZHOU X K , HU Y Y , LIANG W ,et al. Variational LSTM enhanced anomaly detection for industrial big data[J]. IEEE Transactions on Industrial Informatics, 2020,17(5): 3469-3477. |
[63] | KONG F H , LI J Q , JIANG B ,et al. Integrated generative model for industrial anomaly detection via Bi-directional LSTM and attention mechanism[J]. IEEE Transactions on Industrial Informatics, 2021,PP(99): 1. |
[64] | WU D , JIANG Z K , XIE X F ,et al. LSTM learning with Bayesian and Gaussian processing for anomaly detection in industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2020,16(8): 5244-5253. |
[65] | ROY B , CHEUNG H . A deep learning approach for intrusion detection in Internet of things using Bi-directional long short-term memory recurrent neural network[C]// Proceedings of 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). Piscataway:IEEE Press, 2018: 1-6. |
[66] | FENG C , LI T T , CHANA D . Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks[C]// Proceedings of 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Piscataway:IEEE Press, 2017: 261-272. |
[67] | BHUVANESWARI A , SELVAKUMAR S . Anomaly detection framework for Internet of things traffic using vector convolutional deep learning approach in fog environment[J]. Future Generation Computer Systems, 2020,113: 255-265. |
[68] | SAHARKHIZAN M , AZMOODEH A , DEHGHANTANHA A ,et al. An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic[J]. IEEE Internet of Things Journal, 2020,7(9): 8852-8859. |
[69] | LIAQAT S , AKHUNZADA A , SHAIKH F S ,et al. SDN orchestration to combat evolving cyber threats in Internet of medical things (IoMT)[J]. Computer Communications, 2020,160: 697-705. |
[70] | KIM D , YANG H , CHUNG M ,et al. Squeezed convolutional variational autoencoder for unsupervised anomaly detection in edge device industrial Internet of things[C]// Proceedings of 2018 International Conference on Information and Computer Technologies (ICICT). Piscataway:IEEE Press, 2018: 67-71. |
[71] | CHANG C P , HSU W C , LIAO I . Anomaly detection for industrial control systems using k-means and convolutional autoencoder[C]// Proceedings of 2019 International Conference on Software,Telecommunications and Computer Networks (SoftCOM). Piscataway:IEEE Press, 2019: 1-6. |
[72] | AL-HAWAWREH M , SITNIKOVA E . Industrial Internet of things based ransomware detection using stacked variational neural network[C]// Proceedings of the 3rd International Conference on Big Data and Internet of Things. New York:ACM Press, 2019: 126-130. |
[73] | LI Y Z , LI Y , ZHANG S P . Intrusion detection algorithm based on deep learning for industrial control networks[C]// Proceedings of the 2019 2nd International Conference on Robotics,Control and Automation Engineering. New York:ACM Press, 2019: 40-44. |
[74] | ABDEL-BASSET M , CHANG V , HAWASH H ,et al. Deep-IFS:intrusion detection approach for industrial Internet of things traffic in fog environment[J]. IEEE Transactions on Industrial Informatics, 2021,17(11): 7704-7715. |
[75] | LI X H , XU M F , VIJAYAKUMAR P ,et al. Detection of low-frequency and multi-stage attacks in industrial Internet of things[J]. IEEE Transactions on Vehicular Technology, 2020,69(8): 8820-8831. |
[76] | LATIF S , IDREES Z , ZOU Z ,et al. DRaNN:a deep random neural network model for intrusion detection in industrial IoT[C]// Proceedings of 2020 International Conference on UK-China Emerging Technologies (UCET). Piscataway:IEEE Press, 2020: 1-4. |
[77] | ZHOU X K , LIANG W , SHIMIZU S ,et al. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems[J]. IEEE Transactions on Industrial Informatics, 2020,17(8): 5790-5798. |
[78] | LIU Y , KUMAR N , XIONG Z H ,et al. Communication-efficient federated learning for anomaly detection in industrial Internet of things[C]// Proceedings of 2020 IEEE Global Communications Conference. Piscataway:IEEE Press, 2020: 1-6. |
[79] | LIU Y , GARG S , NIE J T ,et al. Deep anomaly detection for time-series data in industrial IoT:a communication-efficient on-device federated learning approach[J]. IEEE Internet of Things Journal, 2021,8(8): 6348-6358. |
[80] | LI B B , WU Y H , SONG J R ,et al. DeepFed:federated deep learning for intrusion detection in industrial cyber–physical systems[J]. IEEE Transactions on Industrial Informatics, 2021,17(8): 5615-5624. |
[81] | WANG X D , GARG S , LIN H ,et al. Towards accurate anomaly detection in industrial Internet-of-things using hierarchical federated learning[J]. IEEE Internet of Things Journal, 2021,PP(99): 1. |
[82] | LA Q D , NGO M V , DINH T Q ,et al. Enabling intelligence in fog computing to achieve energy and latency reduction[J]. Digital Communications and Networks, 2019,5(1): 3-9. |
[83] | CHEN Z , HU W L , WANG J J ,et al. An empirical study of latency in an emerging class of edge computing applications for wearable cognitive assistance[C]// Proceedings of the Second ACM/IEEE Symposium on Edge Computing. New York:ACM Press, 2017: 1-14. |
[84] | NGO M V , LUO T , CHAOUCHI H ,et al. Contextual-bandit anomaly detection for IoT data in distributed hierarchical edge computing[C]// Proceedings of 2020 IEEE 40th International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2020: 1227-1230. |
[85] | PENG Y H , TAN A P , WU J J ,et al. Hierarchical edge computing:a novel multi-source multi-dimensional data anomaly detection scheme for industrial Internet of things[J]. IEEE Access, 2019,7: 111257-111270. |
[86] | KONG D Q , LIU D S , ZHANG L ,et al. Sensor anomaly detection in the industrial Internet of things based on edge computing[J]. Turkish Journal of Electrical Engineering & Computer Sciences, 2020,28(1): 331-346. |
[87] | NGO M V , CHAOUCHI H , LUO T ,et al. Adaptive anomaly detection for IoT data in hierarchical edge computing[J]. arXiv Preprint,arXiv:2001.03314, 2020. |
[88] | YU X , SHAN C , BIAN J L ,et al. AdaGUM:an adaptive graph updating model-based anomaly detection method for edge computing environment[J]. Security and Communication Networks,2021, 2021:9954951. |
[89] | MA G , GU W X , HUANG Q Y ,et al. Anomaly detection for mobile devices in industrial Internet[C]// Proceedings of the 2020 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2020 ACM International Symposium on Wearable Computers. New York:ACM Press, 2020: 75-77. |
[90] | VELAMPALLI S , EBERLE W . Novel graph based anomaly detection using background knowledge[C]// Proceedings of the Thirtieth International Florida Artificial Intelligence Research Society Conference(FLAIRS). New York:ACM Press, 2017: 538-543. |
[91] | LIN Q , ADEPU S , VERWER S ,et al. TABOR:a graphical model-based approach for anomaly detection in industrial control systems[C]// Proceedings of the 2018 on Asia Conference on Computer and Communications Security. New York:ACM Press, 2018: 525-536. |
[92] | FORMBY D , SRINIVASAN P , LEONARD A ,et al. Who’s in control of your control system? device fingerprinting for cyber-physical systems[C]// Proceedings of 2016 Network and Distributed System Security Symposium. Reston:Internet Society, 2016: 1-15. |
[93] | SHEN C , LIU C , TAN H L ,et al. Hybrid-augmented device fingerprinting for intrusion detection in industrial control system networks[J]. IEEE Wireless Communications, 2018,25(6): 26-31. |
[94] | CHEN Y F , HU W T , ALAM M ,et al. Fiden:intelligent fingerprint learning for attacker identification in the industrial Internet of things[J]. IEEE Transactions on Industrial Informatics, 2021,17(2): 882-890. |
[95] | AHMED C M , PRAKASH J , QADEER R ,et al. Process skew:fingerprinting the process for anomaly detection in industrial control systems[C]// Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York:ACM Press, 2020: 219-230. |
[96] | BENYETTOU N , BENYETTOU A , RODIN V . The cooperation of immune agents for intrusion detection system[C]// Proceedings of the 2017 International Conference on Industrial Design Engineering. New York:ACM Press, 2017: 133-137. |
[97] | PINTO R , GONCALVES G , TOVAR E ,et al. Attack detection in cyber-physical production systems using the deterministic dendritic cell algorithm[C]// Proceedings of 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). Piscataway:IEEE Press, 2020: 1-8. |
[98] | AHMAD S , LAVIN A , PURDY S ,et al. Unsupervised real-time anomaly detection for streaming data[J]. Neurocomputing, 2017,262: 134-147. |
[99] | IGBE O , DARWISH I , SAADAWI T . Deterministic dendritic cell algorithm application to smart grid cyber-attack detection[C]// Proceedings of 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). Piscataway:IEEE Press, 2017: 199-204. |
[100] | MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway:IEEE Press, 2015: 1-6. |
[101] | GOH J , ADEPU S , JUNEJO K N ,et al. A dataset to support research in the design of secure water treatment systems[C]// International Conference on Critical Information Infrastructures Security. Berlin:Springer, 2016: 88-99. |
[102] | TAVALLAEE M , BAGHERI E , LU W ,et al. A detailed analysis of the KDD Cup 99 data set[C]// Proceedings of 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Piscataway:IEEE Press, 2009: 1-6. |
[103] | GARCíA S , GRILL M , STIBOREK J ,et al. An empirical comparison of botnet detection methods[J]. Computers & Security, 2014,45: 100-123. |
[104] | BANOS O , GARCIA R , HOLGADO-TERRIZA J A ,et al. mHealthDroid:a novel framework for agile development of mobile health applications[C]// International Workshop on Ambient Assisted Living. Berlin:Springer, 2014: 91-98. |
[1] | 霍纬纲, 梁锐, 李永华. 基于随机Transformer的多维时间序列异常检测模型[J]. 通信学报, 2023, 44(2): 94-103. |
[2] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[3] | 廖建新, 付霄元, 戚琦, 王敬宇, 孙海峰. 6G-ADM:基于知识空间的6G网络管控体系[J]. 通信学报, 2022, 43(6): 3-15. |
[4] | 杨小东, 田甜, 王嘉琪, 李梅娟, 王彩芬. 基于云边协同的无证书多用户多关键字密文检索方案[J]. 通信学报, 2022, 43(5): 144-154. |
[5] | 段雪源, 付钰, 王坤. 基于VAE-WGAN的多维时间序列异常检测方法[J]. 通信学报, 2022, 43(3): 1-13. |
[6] | 吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100. |
[7] | 陈卓, 朱淼, 杜军威. 基于多视角图神经网络的欺诈检测算法[J]. 通信学报, 2022, 43(11): 225-232. |
[8] | 段雪源, 付钰, 王坤, 刘涛涛, 李彬. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022, 43(10): 65-76. |
[9] | 朱会娟, 陈锦富, 李致远, 殷尚男. 基于多特征自适应融合的区块链异常交易检测方法[J]. 通信学报, 2021, 42(5): 41-50. |
[10] | 田辉, 伍浩, 田洋, 任建阳, 崔亚娟, 艾文宝, 袁健华. 工业物联网中大规模受损边缘计算网络修复机制[J]. 通信学报, 2021, 42(4): 89-99. |
[11] | 周由胜,谭畅,唐飞. 面向雾增强型工业物联网的多维安全查询方案[J]. 通信学报, 2020, 41(8): 175-186. |
[12] | 陈铁明,金成强,吕明琪,朱添田. 基于样本增强的网络恶意流量智能检测方法[J]. 通信学报, 2020, 41(6): 128-138. |
[13] | 戚琦,申润业,王敬宇. GAD:基于拓扑感知的时间序列异常检测[J]. 通信学报, 2020, 41(6): 152-160. |
[14] | 杨晓晖,张圣昌. 基于多粒度级联孤立森林算法的异常检测模型[J]. 通信学报, 2019, 40(8): 133-142. |
[15] | 李佳,云晓春,李书豪,张永铮,谢江,方方. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1): 24-33. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|