- 中国精品科技期刊
- CCF推荐A类中文期刊
- 计算领域高质量科技期刊T1类
| Citation: |
Wang Zepeng, Ma Chao, Zhang Zhuangzhuang, Wu Libing, Shi Xiaochuan. Dynamic Decision-Driven Threat Detection Method for Data Elements in Industrial Control Networks[J]. Journal of Computer Research and Development, 2024, 61(10): 2404-2416. DOI: 10.7544/issn1000-1239.202440387
|
Wang Zepeng: born in 1999. PhD candidate. Student member of CCF. His main research interests include reinforcement learning, anomaly detection, and big data analysis
Ma Chao: born in 1982. PhD, lecturer. Member of CCF. His main research interests include time series analytics, generative AI, explainable AI, and reinforcement learning
Zhang Zhuangzhuang: born in 1994. PhD. Student member of CCF. His main research interests include federated learning security and IoV security
Wu Libing: born in 1972. PhD, professor, PhD supervisor. Distinguished member of CCF. His main research interests include network security, Internet of things, machine learning, and data security
Shi Xiaochuan: born in 1984. PhD, associate professor, PhD supervisor. Member of CCF. His main research interests include big data analysis, reinforcement learning, deep learning, and wireless sensor networks
In recent years, the industrial control network has been developing rapidly. The advantages of digitization, intelligence, and automation have brought significant benefits to the industry while also introducing increasingly complex and variable attack threats. In the context of data element security, timely detection and response to industrial control network threats have become an urgent task to be solved. By continuously monitoring and analyzing the data flow in industrial control networks, the problem of industrial control network threat detection can be transformed into a time series anomaly detection problem. However, the existing time-series anomaly detection methods are limited by the quality of industrial control network datasets and are often sensitive to only a single type of anomaly while ignoring other anomalies. Therefore, in this paper, we propose a deep reinforcement learning and data augmentation based threat detection method in industrial control networks (DELTA). DELTA introduces a novel data augmentation selection technique for time series datasets, which allows for the selection of appropriate data augmentation operations sets tailored to different baseline models to enhance the quality of the industrial control network time series datasets. Simultaneously, deep reinforcement learning algorithms (A2C/PPO) dynamically select candidate models from the baseline models at different time points, leveraging multiple types of anomaly detection models to address the issue of sensitivity to single-type anomalies. The experimental results compared with the existing time series anomaly detection models show that DELTA has a significant improvement in accuracy and F1 value over all baseline models at an acceptable cost of additional time consumption, which verifies the effectiveness and practicality of the method.
| [1] |
Wu H S. A survey of research on anomaly detection for time series[C]//Proc of 2016 13th Int Computer Conf on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). Piscataway, NJ: IEEE, 2016: 426−431
|
| [2] |
Chalapathy R, Chawla S. Deep learning for anomaly detection: A survey[J]. arXiv preprint, arXiv: 1901.03407, 2019
|
| [3] |
徐丽娟,王佰玲,杨美红,等. 工业控制网络多模式攻击检测及异常状态评估方法[J]. 计算机研究与发展,2021,58(11):2333−2349 doi: 10.7544/issn1000-1239.2021.20210598
Xu Lijuan, Wang Bailing, Yang Meihong, et al. Multi-mode attack detection and evaluation of abnormal states for industrial control network[J]. Journal of Computer Research and Development, 2021, 58(11): 2333−2349 (in Chinese) doi: 10.7544/issn1000-1239.2021.20210598
|
| [4] |
席亮,王勇,张凤斌. 基于自适应人工鱼群FCM的异常检测算法[J]. 计算机研究与发展,2019,56(5):1048−1059 doi: 10.7544/issn1000-1239.2019.20180099
Xi Liang, Wang Yong, Zhang Fengbin. Anomaly detection algorithm based on FCM with adaptive artificial Fish-Swarm[J]. Journal of Computer Research and Development, 2019, 56(5): 1048−1059 (in Chinese) doi: 10.7544/issn1000-1239.2019.20180099
|
| [5] |
陈波冯,李靖东,卢兴见,等. 基于深度学习的图异常检测技术综述[J]. 计算机研究与发展,2021,58(7):1436−1455 doi: 10.7544/issn1000-1239.2021.20200685
Chen Bofeng, Li Jingdong, Lu Xingjian, et al. Survey of deep learning based graph anomaly detection methods[J]. Journal of Computer Research and Development, 2021, 58(7): 1436−1455 (in Chinese) doi: 10.7544/issn1000-1239.2021.20200685
|
| [6] |
Audibert J, Michiardi P, Guyard F, et al. USAD: Unsupervised anomaly detection on multivariate time series[C]//Proc of the 26th ACM SIGKDD Int Conf on Knowledge Discovery & Data Mining. New York: ACM, 2020: 3395−3404
|
| [7] |
Zhang Chuxu, Song Dongjin, Chen Yuncong, et al. A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data[C]//Proc of the AAAI Conf on Artificial Intelligence. Palo Alto, CA: AAAI, 2019, 33(1): 1409−1416
|
| [8] |
Park D, Hoshi Y, Kemp C C. A multimodal anomaly detector for robot-assisted feeding using an LSTM-based variational autoencoder[J]. IEEE Robotics and Automation Letters, 2018, 3(3): 1544−1551 doi: 10.1109/LRA.2018.2801475
|
| [9] |
Su Ya, Zhao Youjian, Niu Chenhao, et al. Robust anomaly detection for multivariate time series through stochastic recurrent neural network[C]//Proc of the 25th ACM SIGKDD Int Conf on Knowledge Discovery & Data Mining. New York: ACM, 2019: 2828−2837
|
| [10] |
Xin Ruyue, Liu Hongyun, Chen Peng, et al. Robust and accurate performance anomaly detection and prediction for cloud applications: A novel ensemble learning-based framework[J]. Journal of Cloud Computing, 2023, 12(1): 1−16 doi: 10.1186/s13677-022-00383-6
|
| [11] |
Zhao Yubo, Guo Ni, Chen Wei, et al. Multi-step ahead forecasting for electric power load using an ensemble model[J]. Expert Systems with Applications, 2023, 211: 118649 doi: 10.1016/j.eswa.2022.118649
|
| [12] |
Aggarwal C C, Sathe S. Theoretical foundations and algorithms for outlier ensembles[J]. ACM Sigkdd Explorations Newsletter, 2015, 17(1): 24−47 doi: 10.1145/2830544.2830549
|
| [13] |
Tama B A, Nkenyereye L, Islam S M R, et al. An enhanced anomaly detection in web traffic using a stack of classifier ensemble[J]. IEEE Access, 2020, 8: 24120−24134 doi: 10.1109/ACCESS.2020.2969428
|
| [14] |
Adeyemo V E, Abdullah A, JhanJhi N Z, et al. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study[J]. International Journal of Advanced Computer Science and Applications, 2019, 10(9): 520−528
|
| [15] |
Ünlü R, Xanthopoulos P. A weighted framework for unsupervised ensemble learning based on internal quality measures[J]. Annals of Operations Research, 2019, 276: 229−247 doi: 10.1007/s10479-017-2716-8
|
| [16] |
Wen Qingsong, Sun Liang, Yang Fan, et al. Time series data augmentation for deep learning: A survey[C]//Proc of the 30th Int Joint Conf on Artificial Intelligence. Freiburg, German: IJCAI, 2021: 4653−4660
|
| [17] |
Gao Jingkun, Song Xiaomin, Wen Qingsong, et al. Robusttad: Robust time series anomaly detection via decomposition and convolutional neural networks[C]//Proc of ACM SIGKDD Workshop on Mining and Learning from Time Series (KDD-MiLeTS 2020). New York: ACM, 2020: 1−9
|
| [18] |
Steven Eyobu O, Han D S. Feature representation and data augmentation for human activity classification based on wearable IMU sensor data using a deep LSTM neural network[J]. Sensors, 2018, 18(9): 2892−2917 doi: 10.3390/s18092892
|
| [19] |
Park D S, Chan W, Zhang Yu, et al. SpecAugment: A simple data augmentation method for automatic speech recognition[C]. Proc of. Interspeech New York: ACM, 2019: 2613−2617
|
| [20] |
Park D S, Chan W, Zhang Yu, et al. RobustSTL: A robust seasonal-trend decomposition algorithm for long time series[C]//Proc of the AAAI Conf on Artificial Intelligence. Palo Alto, CA: AAAI, 2019, 33(1): 5409−5416
|
| [21] |
Li Yan, Lu Xinjiang, Wang Yaqing, et al. Generative time series forecasting with diffusion, denoise, and disentanglement[J]. Advances in Neural Information Processing Systems, 2022, 35: 23009−23022
|
| [22] |
Kang Yanfei, Hyndman R J, Li Feng. GRATIS: GeneRAting time series with diverse and controllable characteristics[J]. Statistical Analysis and Data Mining: The ASA Data Science Journal, 2020, 13(4): 354−376 doi: 10.1002/sam.11461
|
| [23] |
Devries T, Taylor G W. Dataset augmentation in feature space[J]. arXiv preprint, arXiv: 1702.05538, 2017
|
| [24] |
Cheung T H, Yeung D Y. Modals: Modality-agnostic automated data augmentation in the latent space[C]//Proc of the 9th Int Conf on Learning Representations. Washington, DC: ICLR, 2021: 1−18
|
| [25] |
Yoon J, Jarrett D, Van der Schaar M. Time-series generative adversarial networks[J]. Advances in Neural Information Processing Systems, 2019, 32: 5508−5518
|
| [26] |
Fons E, Dawson P, Zeng Xiaojun, et al. Adaptive weighting scheme for automatic time-series data augmentation[J]. arXiv preprint, arXiv: 2102.08310, 2021
|
| [27] |
Zhang J E, Wu Di, Boulet B. Time series anomaly detection via reinforcement learning-based model selection[C]//Proc of 2022 IEEE Canadian Conf on Electrical and Computer Engineering (CCECE). Piscataway, NJ: IEEE, 2022: 193−199
|
| [28] |
Sutton R S, Barto A G. Reinforcement Learning: An Introduction[M]. Cambridge, MA: MIT press, 2018
|
| [29] |
Schulman J, Wolski F, Dhariwal P, et al. Proximal policy optimization algorithms[J]. arXiv preprint, arXiv: 1707.06347, 2017
|
| [30] |
Goh J, Adepu S, Junejo K N, et al. A dataset to support research in the design of secure water treatment systems[C]//Proc of the 11th Int Conf on Critical Information Infrastructures Security (CRITIS 2016). Berlin: Springer, 2016: 88−99
|
| [31] |
Liu F T, Ting Kaiming, Zhou Zhihua. Isolation forest[C]//Proc of 2008 8th IEEE Int Conf on Data Mining. Piscataway, NJ: IEEE, 2008: 413−422
|
| [32] |
Xu Hongzuo, Pang Guansong, Wang Yijie, et al. Deep isolation forest for anomaly detection[J]. IEEE Transactions on Knowledge and Data Engineering, 2023: 12591−12604
|
| [33] |
Pevný T. Loda: Lightweight on-line detector of anomalies[J]. Machine Learning, 2016, 102: 275−304 doi: 10.1007/s10994-015-5521-0
|
| [34] |
Kingma D P, Welling M. Auto-encoding variational Bayes[J]. arXiv preprint, arXiv: 1312.6114, 2013
|
| [35] |
Higgins I, Matthey L, Pal A, et al. Beta-vae: Learning basic visual concepts with a constrained variational framework[C]//Proc of the 5th Int Conf on Learning Representations. Washington, DC: ICLR, 2017: 1−22
|
| [36] |
Li Zheng, Zhao Yue, Hu Xiyang, et al. Ecod: Unsupervised outlier detection using empirical cumulative distribution functions[J]. IEEE Transactions on Knowledge and Data Engineering, 2022, 35(12): 12181−12193
|
| [37] |
Li Zheng, Zhao Yue, Botta N, et al. COPOD: Copula-based outlier detection[C]//Proc of 2020 IEEE Int Conf on Data Mining (ICDM). Piscataway, NJ: IEEE, 2020: 1118−1123
|
| [38] |
Scikit-learn. Scikit-Learn[EB/OL]. 2024 [2024-04-02]. https://github. com/scikit-learn/scikit-learn
|
| [39] |
Zhao Yue. PyOD[EB/OL]. 2024 [2024-04-02]. https://github.com/ yzhao062/pyod
|
| [40] |
Zhang J E. RLMSAD[EB/OL]. 2022 [2024-04-02]. https://github. com/elisejiuqizhang/RLMSAD
|
| [41] |
Raffin A, Hill A, Gleave A, et al. Stable-baselines3: Reliable reinforcement learning implementations[J]. Journal of Machine Learning Research, 2021, 22(268): 1−8
|
| [1] | Cao Yiran, Zhu Youwen, He Xingyu, Zhang Yue. Utility-Optimized Local Differential Privacy Set-Valued Data Frequency Estimation Mechanism[J]. Journal of Computer Research and Development, 2022, 59(10): 2261-2274. DOI: 10.7544/issn1000-1239.20220504 |
| [2] | Hong Jinxin, Wu Yingjie, Cai Jianping, Sun Lan. Differentially Private High-Dimensional Binary Data Publication via Attribute Segmentation[J]. Journal of Computer Research and Development, 2022, 59(1): 182-196. DOI: 10.7544/issn1000-1239.20200701 |
| [3] | Wu Wanqing, Zhao Yongxin, Wang Qiao, Di Chaofan. A Safe Storage and Release Method of Trajectory Data Satisfying Differential Privacy[J]. Journal of Computer Research and Development, 2021, 58(11): 2430-2443. DOI: 10.7544/issn1000-1239.2021.20210589 |
| [4] | Zhang Yuxuan, Wei Jianghong, Li Ji, Liu Wenfen, Hu Xuexian. Graph Degree Histogram Publication Method with Node-Differential Privacy[J]. Journal of Computer Research and Development, 2019, 56(3): 508-520. DOI: 10.7544/issn1000-1239.2019.20170886 |
| [5] | Zhu Weijun, You Qingguang, Yang Weidong, Zhou Qinglei. Trajectory Privacy Preserving Based on Statistical Differential Privacy[J]. Journal of Computer Research and Development, 2017, 54(12): 2825-2832. DOI: 10.7544/issn1000-1239.2017.20160647 |
| [6] | Wu Yingjie, Zhang Liqun, Kang Jian, Wang Yilei. An Algorithm for Differential Privacy Streaming Data Adaptive Publication[J]. Journal of Computer Research and Development, 2017, 54(12): 2805-2817. DOI: 10.7544/issn1000-1239.2017.20160555 |
| [7] | Wang Liang, Wang Weiping, Meng Dan. Privacy Preserving Data Publishing via Weighted Bayesian Networks[J]. Journal of Computer Research and Development, 2016, 53(10): 2343-2353. DOI: 10.7544/issn1000-1239.2016.20160465 |
| [8] | Lu Guoqing, Zhang Xiaojian, Ding Liping, Li Yanfeng, Liao Xin. Frequent Sequential Pattern Mining under Differential Privacy[J]. Journal of Computer Research and Development, 2015, 52(12): 2789-2801. DOI: 10.7544/issn1000-1239.2015.20140516 |
| [9] | Ouyang Jia, Yin Jian, Liu Shaopeng, Liu Yubao. An Effective Differential Privacy Transaction Data Publication Strategy[J]. Journal of Computer Research and Development, 2014, 51(10): 2195-2205. DOI: 10.7544/issn1000-1239.2014.20130824 |
| [10] | Ni Weiwei, Chen Geng, Chong Zhihong, Wu Yingjie. Privacy-Preserving Data Publication for Clustering[J]. Journal of Computer Research and Development, 2012, 49(5): 1095-1104. |
| 1. |
张涵,于航,周继威,白云开,赵路坦. 面向隐私计算的可信执行环境综述. 计算机应用. 2025(02): 467-481 .
| |
| 2. |
付裕,林璟锵,冯登国. 虚拟化与密码技术应用:现状与未来. 密码学报(中英文). 2024(01): 3-21 .
| |
| 3. |
徐传康,李忠月,刘天宇,种统洪,杨发雪. 基于可信执行环境的汽车域控系统安全研究. 汽车实用技术. 2024(15): 18-25+73 .
| |
| 4. |
徐文嘉,岑孟杰,陈亮. 隐私保护下单细胞RNA测序数据细胞分类研究. 医学信息学杂志. 2024(10): 86-89 .
| |
| 5. |
孙钰,熊高剑,刘潇,李燕. 基于可信执行环境的安全推理研究进展. 信息网络安全. 2024(12): 1799-1818 .
|
微信订阅号
(实时资讯)
微信服务号
(同步网站)
微信视频号
(视频分享)
CCF
(扫码入会)
Copyright © Editorial Department of Computer Research and Development
Supported by: Beijing Renhe Information Technology Co.,
Ltd. 
DownLoad: