288 research outputs found
RESAM: Requirements Elicitation and Specification for Deep-Learning Anomaly Models with Applications to UAV Flight Controllers
CyberPhysical systems (CPS) must be closely monitored to identify and
potentially mitigate emergent problems that arise during their routine
operations. However, the multivariate time-series data which they typically
produce can be complex to understand and analyze. While formal product
documentation often provides example data plots with diagnostic suggestions,
the sheer diversity of attributes, critical thresholds, and data interactions
can be overwhelming to non-experts who subsequently seek help from discussion
forums to interpret their data logs. Deep learning models, such as Long
Short-term memory (LSTM) networks can be used to automate these tasks and to
provide clear explanations of diverse anomalies detected in real-time
multivariate data-streams. In this paper we present RESAM, a requirements
process that integrates knowledge from domain experts, discussion forums, and
formal product documentation, to discover and specify requirements and design
definitions in the form of time-series attributes that contribute to the
construction of effective deep learning anomaly detectors. We present a
case-study based on a flight control system for small Uncrewed Aerial Systems
and demonstrate that its use guides the construction of effective anomaly
detection models whilst also providing underlying support for explainability.
RESAM is relevant to domains in which open or closed online forums provide
discussion support for log analysis
Recent Advances in Anomaly Detection Methods Applied to Aviation
International audienceAnomaly detection is an active area of research with numerous methods and applications. This survey reviews the state-of-the-art of data-driven anomaly detection techniques and their application to the aviation domain. After a brief introduction to the main traditional data-driven methods for anomaly detection, we review the recent advances in the area of neural networks, deep learning and temporal-logic based learning. In particular, we cover unsupervised techniques applicable to time series data because of their relevance to the aviation domain, where the lack of labeled data is the most usual case, and the nature of flight trajectories and sensor data is sequential, or temporal. The advantages and disadvantages of each method are presented in terms of computational efficiency and detection efficacy. The second part of the survey explores the application of anomaly detection techniques to aviation and their contributions to the improvement of the safety and performance of flight operations and aviation systems. As far as we know, some of the presented methods have not yet found an application in the aviation domain. We review applications ranging from the identification of significant operational events in air traffic operations to the prediction of potential aviation system failures for predictive maintenance
Machine Learning for Intrusion Detection into Unmanned Aerial System 6G Networks
Progress in the development of wireless network technology has played a crucial role in the evolution of societies and provided remarkable services over the past decades. It remotely offers the ability to execute critical missions and effective services that meet the user\u27s needs. This advanced technology integrates cyber and physical layers to form cyber-physical systems (CPS), such as the Unmanned Aerial System (UAS), which consists of an Unmanned Aerial Vehicle (UAV), ground network infrastructure, communication link, etc. Furthermore, it plays a crucial role in connecting objects to create and develop the Internet of Things (IoT) technology. Therefore, the emergence of the CPS and IoT technologies provided many connected devices, generating an enormous amount of data. Consequently, the innovation of 6G technology is an urgent issue in the coming years. The 6G network architecture is an integration of the satellite network, aerial networks, terrestrial networks, and marine networks. These integrated network layers will provide new enabling technologies, for example, air interfaces and transmission technology. Therefore, integrating heterogeneous network layers guarantees an expansion strategy in the capacity that leads to low latency, ultra-high throughput, and high data rates. In the 6G network, Unmanned Aerial Vehicles (UAVs) are expected to densely occupy aerial spaces as UAV flying base stations (UAV-FBS) that comprise the aerial network layer to offer ubiquitous connectivity and enhance the terrestrial network in remote areas where it is challenging to deploy traditional infrastructure, for example, mountain, ocean deserts, and forest. Although the aerial network layer offers benefits to facilitate governmental and commercial missions, adversaries exploit network vulnerabilities to block intercommunication among nodes by jamming attacks and violating integrity through executing spoofing attacks. This work offers a practical IDS onboard UAV intrusion detection system to detect unintentional interference, intentional interference jamming, and spoofing attacks. Integrating time series data with machine learning models is the main part of the suggested IDF to detect anomalies accurately. This integration will improve the accuracy and effectiveness of the model. The 6G network is expected to handle a high volume of data where non-malicious interference and congestion in the channel are similar to a jamming attack. Therefore, an efficient anomaly detection technique must distinguish behaviors in the drone\u27s wireless network as normal or abnormal behavior. Our suggested model comprises two layers. The first layer has the algorithm to detect the anomaly during transmission. Then it will send the initial decision to the second layer in the model, including two separated algorithms, confirming the initial decision separately (nonintentional interference such as congestion in the channel, intentional interference jamming attack, and classify the type of jamming attack, and the second algorithm confirms spoofing attack. A jamming attack is a stealthy attack that aims to exhaust battery level or block communication to make wireless UAV networks unavailable. Therefore, the UAV forcibly relies on GPS signals. In this case, the adversary triggers a spoofing attack by manipulating the Global Navigation Satellite System (GNSS) signal and sending a fake signal to make UAVs estimate incorrect positions and deviate from their planning path to malicious zones. Hackers can start their malicious action either from malicious UAV nodes or the terrestrial malicious node; therefore, this work will enhance security and pave the way to start thinking about leveraging the benefit of the 6G network to design robust detection techniques for detecting multiple attacks that happen separately or simultaneously
Low-Power Boards Enabling ML-Based Approaches to FDIR in Space-Based Applications
Modern satellite complexity is increasing, thus requiring bespoke and expensive on-board solutions to provide a Failure Detection, Isolation and Recovery (FDIR) function. Although FDIR is vital in ensuring the safety, autonomy, and availability of satellite systems in flight, there is a clear need in the space industry for a more adaptable, scalable, and cost-effective solution. This paper explores the current state of the art for Machine Learning error detection and prognostic algorithms utilized by both the space sector and the commercial sector. Although work has previously been done in the commercial sector on error detection and prognostics, most commercial applications are not nearly as limited by the power, mass, and radiation tolerance constraints as for operation in a space environment. Therefore, this paper also discusses several Commercial Off-The-Shelf (COTS) multi-core micro-processors, small-footprint boards that will be explored as possible testbeds for future integration into a satellite in-orbit demonstrator
Predicting UAV Type: An Exploration of Sampling and Data Augmentation for Time Series Classification
Unmanned aerial vehicles are becoming common and have many productive uses.
However, their increased prevalence raises safety concerns -- how can we
protect restricted airspace? Knowing the type of unmanned aerial vehicle can go
a long way in determining any potential risks it carries. For instance,
fixed-wing craft can carry more weight over longer distances, thus potentially
posing a more significant threat. This paper presents a machine learning model
for classifying unmanned aerial vehicles as quadrotor, hexarotor, or
fixed-wing. Our approach effectively applies a Long-Short Term Memory (LSTM)
neural network for the purpose of time series classification. We performed
experiments to test the effects of changing the timestamp sampling method and
addressing the imbalance in the class distribution. Through these experiments,
we identified the top-performing sampling and class imbalance fixing methods.
Averaging the macro f-scores across 10 folds of data, we found that the
majority quadrotor class was predicted well (98.16%), and, despite an extreme
class imbalance, the model could also predicted a majority of fixed-wing
flights correctly (73.15%). Hexarotor instances were often misclassified as
quadrotors due to the similarity of multirotors in general (42.15%). However,
results remained relatively stable across certain methods, which prompted us to
analyze and report on their tradeoffs. The supplemental material for this
paper, including the code and data for running all the experiments and
generating the results tables, is available at https://osf.io/mnsgk/.Comment: 12 pages, 3 figures, 4 tables, submitted to IEEE Transactions on
Cybernetic
NetSentry: A deep learning approach to detecting incipient large-scale network attacks
Machine Learning (ML) techniques are increasingly adopted to tackle
ever-evolving high-profile network attacks, including DDoS, botnet, and
ransomware, due to their unique ability to extract complex patterns hidden in
data streams. These approaches are however routinely validated with data
collected in the same environment, and their performance degrades when deployed
in different network topologies and/or applied on previously unseen traffic, as
we uncover. This suggests malicious/benign behaviors are largely learned
superficially and ML-based Network Intrusion Detection System (NIDS) need
revisiting, to be effective in practice. In this paper we dive into the
mechanics of large-scale network attacks, with a view to understanding how to
use ML for Network Intrusion Detection (NID) in a principled way. We reveal
that, although cyberattacks vary significantly in terms of payloads, vectors
and targets, their early stages, which are critical to successful attack
outcomes, share many similarities and exhibit important temporal correlations.
Therefore, we treat NID as a time-sensitive task and propose NetSentry, perhaps
the first of its kind NIDS that builds on Bidirectional Asymmetric LSTM
(Bi-ALSTM), an original ensemble of sequential neural models, to detect network
threats before they spread. We cross-evaluate NetSentry using two practical
datasets, training on one and testing on the other, and demonstrate F1 score
gains above 33% over the state-of-the-art, as well as up to 3 times higher
rates of detecting attacks such as XSS and web bruteforce. Further, we put
forward a novel data augmentation technique that boosts the generalization
abilities of a broad range of supervised deep learning algorithms, leading to
average F1 score gains above 35%
Spatiotemporal anomaly detection: streaming architecture and algorithms
Includes bibliographical references.2020 Summer.Anomaly detection is the science of identifying one or more rare or unexplainable samples or events in a dataset or data stream. The field of anomaly detection has been extensively studied by mathematicians, statisticians, economists, engineers, and computer scientists. One open research question remains the design of distributed cloud-based architectures and algorithms that can accurately identify anomalies in previously unseen, unlabeled streaming, multivariate spatiotemporal data. With streaming data, time is of the essence, and insights are perishable. Real-world streaming spatiotemporal data originate from many sources, including mobile phones, supervisory control and data acquisition enabled (SCADA) devices, the internet-of-things (IoT), distributed sensor networks, and social media. Baseline experiments are performed on four (4) non-streaming, static anomaly detection multivariate datasets using unsupervised offline traditional machine learning (TML), and unsupervised neural network techniques. Multiple architectures, including autoencoders, generative adversarial networks, convolutional networks, and recurrent networks, are adapted for experimentation. Extensive experimentation demonstrates that neural networks produce superior detection accuracy over TML techniques. These same neural network architectures can be extended to process unlabeled spatiotemporal streaming using online learning. Space and time relationships are further exploited to provide additional insights and increased anomaly detection accuracy. A novel domain-independent architecture and set of algorithms called the Spatiotemporal Anomaly Detection Environment (STADE) is formulated. STADE is based on federated learning architecture. STADE streaming algorithms are based on a geographically unique, persistently executing neural networks using online stochastic gradient descent (SGD). STADE is designed to be pluggable, meaning that alternative algorithms may be substituted or combined to form an ensemble. STADE incorporates a Stream Anomaly Detector (SAD) and a Federated Anomaly Detector (FAD). The SAD executes at multiple locations on streaming data, while the FAD executes at a single server and identifies global patterns and relationships among the site anomalies. Each STADE site streams anomaly scores to the centralized FAD server for further spatiotemporal dependency analysis and logging. The FAD is based on recent advances in DNN-based federated learning. A STADE testbed is implemented to facilitate globally distributed experimentation using low-cost, commercial cloud infrastructure provided by Microsoftâ„¢. STADE testbed sites are situated in the cloud within each continent: Africa, Asia, Australia, Europe, North America, and South America. Communication occurs over the commercial internet. Three STADE case studies are investigated. The first case study processes commercial air traffic flows, the second case study processes global earthquake measurements, and the third case study processes social media (i.e., Twitterâ„¢) feeds. These case studies confirm that STADE is a viable architecture for the near real-time identification of anomalies in streaming data originating from (possibly) computationally disadvantaged, geographically dispersed sites. Moreover, the addition of the FAD provides enhanced anomaly detection capability. Since STADE is domain-independent, these findings can be easily extended to additional application domains and use cases
A survey of machine learning methods applied to anomaly detection on drinking-water quality data
Abstract: Traditional machine learning (ML) techniques such as support vector machine, logistic regression, and artificial neural network have been applied most frequently in water quality anomaly detection tasks. This paper presents a review of progress and advances made in detecting anomalies in water quality data using ML techniques. The review encompasses both traditional ML and deep learning (DL) approaches. Our findings indicate that: 1) Generally, DL approaches outperform traditional ML techniques in terms of feature learning accuracy and fewer false positive rates. However, is difficult to make a fair comparison between studies because of different datasets, models and parameters employed. 2) We notice that despite advances made and the advantages of the extreme learning machine (ELM), application of ELM is sparsely exploited in this domain. This study also proposes a hybrid DL-ELM framework as a possible solution that could be investigated further and used to detect anomalies in water quality data
- …