[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.7471/ikeee.2020.24.4.1011

Detecting Anomalies in Time-Series Data using Unsupervised Learning and Analysis on Infrequent Signatures

Bian, Xingchao (Department of Software, College of Computing, Sungkyunkwan University)

Publication Information

Journal of IKEEE / v.24, no.4, 2020 , pp. 1011-1016 More about this Journal

Abstract

We propose a framework called Stacked Gated Recurrent Unit - Infrequent Residual Analysis (SG-IRA) that detects anomalies in time-series data that can be trained on streams of raw sensor data without any pre-labeled dataset. To enable such unsupervised learning, SG-IRA includes an estimation model that uses a stacked Gated Recurrent Unit (GRU) structure and an analysis method that detects anomalies based on the difference between the estimated value and the actual measurement (residual). SG-IRA's residual analysis method dynamically adapts the detection threshold from the population using frequency analysis, unlike the baseline model that relies on a constant threshold. In this paper, SG-IRA is evaluated using the industrial control systems (ICS) datasets. SG-IRA improves the detection performance (F1 score) by 5.9% compared to the baseline model.

Keywords

Industrial Control System Security Threat Detection; Anomaly Detection; Time-series data; Stackd-GRU; Frequency Analysis; Unsupervised learning; TaPR;

Citations & Related Records

Reference

1	J. Chung, C. Gulcehre, K. Cho, Y. Bengio, "Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling," In NIPS 2014 Workshop on Deep Learning, 2014.
2	DACON, Industrial Control Systems Security Threat Detection AI Competition https://dacon.io/ompetitions/official/235624/overview/
3	H. Shin, W. Lee, J. H. Yun, H. Kim, "HAI 1.0: HIL-based Augmented ICS Security Dataset," 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET), 2020.
4	TaPR: W.-Hwang et al. "Time-Series Aware Precision and Recall for Anomaly Detection: Considering Variety of Detection Result and Addressing Ambiguous Labeling," In Proc. of CIKM, pp.2241-2244, 2019.
5	eTaPR, https://www2.slideshare.net/daconist/etapr-237428659?ref=https://dacon.io/
6	X. Chen, Y. Zhan, "Multi-scale anomaly detection algorithm based on infrequent pattern of time series," Computational and Applied Mathematics, VOL.214, pp.227-237, 2008. DOI: 10.1016/j.cam.2007.02.027 DOI