Robust Anomaly Detection in Dynamic Networks

We propose two robust methods for anomaly detection in dynamic networks in which the properties of normal traffic are time-varying. We formulate the robust anomaly detection problem as a binary composite hypothesis testing problem and propose two methods: a model-free and a model-based one, leveraging techniques from the theory of large deviations. Both methods require a family of Probability Laws (PLs) that represent normal properties of traffic. We devise a two-step procedure to estimate this family of PLs. We compare the performance of our robust methods and their vanilla counterparts, which assume that normal traffic is stationary, on a network with a diurnal normal pattern and a common anomaly related to data exfiltration. Simulation results show that our robust methods perform better than their vanilla counterparts in dynamic networks.Comment: 6 pages. MED conferenc

An Attack Detection Mechanism Based on a Distributed Hierarchical Multi-agent Architecture for Protecting Databases

This paper presents an innovative approach to detect and classify SQL injection attacks. The existing approaches are centralized while this proposal is based on a distributed hierarchical architecture to provide a robust and dynamic strategy. The strategy for the classification and detection of SQL injection attacks uses a combination based on detection by anomalies and misuses. The detection by anomaly uses a case-based reasoning mechanism incorporating a mixture of neural networks. The approach has been tested and the results are presented in this paper.This paper presents an innovative approach to detect and classify SQL injection attacks. The existing approaches are centralized while this proposal is based on a distributed hierarchical architecture to provide a robust and dynamic strategy. The strategy for the classification and detection of SQL injection attacks uses a combination based on detection by anomalies and misuses. The detection by anomaly uses a case-based reasoning mechanism incorporating a mixture of neural networks. The approach has been tested and the results are presented in this paper

Unsupervised anomaly detection for underwater gliders using generative adversarial networks

An effective anomaly detection system is critical for marine autonomous systems operating in complex and dynamic marine environments to reduce operational costs and achieve concurrent large-scale fleet deployments. However, developing an automated fault detection system remains challenging for several reasons including limited data transmission via satellite services. Currently, most anomaly detection for marine autonomous systems, such as underwater gliders, rely on intensive analysis by pilots. This study proposes an unsupervised anomaly detection system using bidirectional generative adversarial networks guided by assistive hints for marine autonomous systems with time series data collected by multiple sensors. In this study, the anomaly detection system for a fleet of underwater gliders is trained on two healthy deployment datasets and tested on other nine deployment datasets collected by a selection of vehicles operating in a range of locations and environmental conditions. The system is successfully applied to detect anomalies in the nine test deployments, which include several different types of anomalies as well as healthy behaviour. Also, a sensitivity study of the data decimation settings suggests the proposed system is robust for Near Real-Time anomaly detection for underwater gliders

Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids

Smart grid is a large complex network with a myriad of vulnerabilities, usually operated in adversarial settings and regulated based on estimated system states. In this study, we propose a novel highly secure distributed dynamic state estimation mechanism for wide-area (multi-area) smart grids, composed of geographically separated subregions, each supervised by a local control center. We firstly propose a distributed state estimator assuming regular system operation, that achieves near-optimal performance based on the local Kalman filters and with the exchange of necessary information between local centers. To enhance the security, we further propose to (i) protect the network database and the network communication channels against attacks and data manipulations via a blockchain (BC)-based system design, where the BC operates on the peer-to-peer network of local centers, (ii) locally detect the measurement anomalies in real-time to eliminate their effects on the state estimation process, and (iii) detect misbehaving (hacked/faulty) local centers in real-time via a distributed trust management scheme over the network. We provide theoretical guarantees regarding the false alarm rates of the proposed detection schemes, where the false alarms can be easily controlled. Numerical studies illustrate that the proposed mechanism offers reliable state estimation under regular system operation, timely and accurate detection of anomalies, and good state recovery performance in case of anomalies

Anomaly Recognition in Wireless Ad-hoc Network by using Ant Colony Optimization and Deep Learning

As a result of lower initial investment, greater portability, and lower operational expenses, wireless networks are rapidly replacing their wired counterparts. The new technology that is on the rise is the Mobile Ad-Hoc Network (MANET), which operates without a fixed network infrastructure, can change its topology on the fly, and requires no centralised administration to manage its individual nodes. As a result, MANETs must focus on network efficiency and safety. It is crucial in MANET to pay attention to outliers that may affect QoS settings. Nonetheless, despite the numerous studies devoted to anomaly detection in MANET, security breaches and performance difficulties keep coming back. There is an increased need to provide strategies and approaches that help networks be more safe and robust due to the wide variety of security and performance challenges in MANET. This study presents outlier detection strategies for addressing security and performance challenges in MANET, with a special focus on network anomaly identification. The suggested work utilises a dynamic threshold and outlier detection to tackle the security and performance challenges in MANETs, taking into account metrics such as end-to-end delay, jitter, throughput, packet drop, and energy usage