Revitalizing Self-Organizing Map: Anomaly Detection Using Forecasting Error Patterns
| Autor: | HyoungChun Kim, Young Geun Kim, Simon S. Woo, Jeong-Han Yun, Siho Han |
|---|---|
| Rok vydání: | 2021 |
| Předmět: | |
| Zdroj: | ICT Systems Security and Privacy Protection ISBN: 9783030781194 SEC |
| DOI: | 10.1007/978-3-030-78120-0_25 |
| Popis: | Detecting rare cases of anomalies in Cyber-Physical Systems (CPSs) is an extremely challenging task. It is especially difficult to accurately model various instances of CPS measurements due to the dearth of anomaly samples and the subtlety of how their patterns appear. Moreover, the detection performance may be severely limited owing to mediocre or inaccurate forecasting by the underlying prediction models. In this work, we focus on improving the anomaly detection performance by leveraging the forecasting error patterns generated from prediction models, such as Sequence-to-Sequence (seq2seq), Mixture Density Networks (MDNs), and Recurrent Neural Networks (RNNs). To this end, we introduce Self-Organizing Map-based Anomaly Detector (SOMAD), an anomaly detection framework based on a novel test statistic, SomAnomaly, for Cyber-Physical System (CPS) security. Upon evaluation on two popular CPS datasets, we demonstrate that SOMAD outperforms baseline approaches through online multiple testing, using Time-Series Aware Precision and Recall (TaPR) metrics. Accordingly, we empirically demonstrate that forecasting error patterns of raw CPS data can be useful when detecting anomalies through a fast, statistical multiple testing approach such as ours. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|