model checking for data anomaly detection

Abstract Data tipically evolve according to specific processes, with the consequent possibility to identify a profile of evolution: the values it may assume, the frequencies at which it changes, the temporal variation in relation to other data, or other constraints that are directly connected to the reference domain. A violation of these conditions could be the signal of different menaces that threat the system, as well as: attempts of a tampering or a cyber attack, a failure in the system operation, a bug in the applications which manage the life cycle of data. To detect such violations is not straightforward as processes could be unknown or hard to extract. In this paper we propose an approach to detect data anomalies. We represent data user behaviours in terms of labelled transition systems and through the model checking techniques we demonstrate the proposed modeling can be exploited to successfully detect data anomalies

Cyber Data Anomaly Detection Using Autoencoder Neural Networks

The Department of Defense requires a secure presence in the cyber domain to successfully execute its stated mission of deterring war and protecting the security of the United States. With potentially millions of logged network events occurring on defended networks daily, a limited staff of cyber analysts require the capability to identify novel network actions for security adjudication. The detection methodology proposed uses an autoencoder neural network optimized via design of experiments for the identification of anomalous network events. Once trained, each logged network event is analyzed by the neural network and assigned an outlier score. The network events with the largest outlier scores are anomalous and worthy of further review by cyber analysts. This neural network approach can operate in conjunction with alternate tools for outlier detection, enhancing the overall anomaly detection capability of cyber analysts

Combined network intrusion and phasor data anomaly detection for secure dynamic control centers

The dynamic operation of power transmission systems requires the acquisition of reliable and accurate measurement and state information. The use of TCP/IP-based communication protocols such as IEEE C37.118 or IEC 61850 introduces different gateways to launch cyber-attacks and to compromise major system operation functionalities. Within this study, a combined network intrusion and phasor data anomaly detection system is proposed to enable a secure system operation in the presence of cyber-attacks for dynamic control centers. This includes the utilization of expert-rules, one-class classifiers, as well as recurrent neural networks to monitor different network packet and measurement information. The effectiveness of the proposed network intrusion and phasor data anomaly detection system is shown within a real-time simulation testbed considering multiple operation and cyber-attack conditions

Anomaly detection in Multivariate Temporal Data for Vessels Abnormal Behaviour Detection

The growing number of deployed data mining systems leverage the interest in temporal data anomaly detection. From cyber-security or finance to heart-diseases detection, unexpected data often incorporate critical information that must be analysed. Data anomalies have long been studied from an univariate perspective where only one data dimension changes over time. Few works have been dedicated to multivariate anomaly detection. In this work we provide a comprehensive and structured analysis of the main definitions, state-of-art methods and approaches focusing multivariate temporal data anomaly detection. Our research focus on dealing with variable length data series with millions of samples and multiple feature categories, either static or dynamic, real or categorical valued. We describe a case-study in the maritime domain investigating the unusual spatio-temporal behaviour of commercial vessels and experiment over two open datasets and one got from the MARISA H2020 Project1

Synchrophasor Data Anomaly Detection on Grid Edge by 5G Communication and Adjacent Compute

The fifth-generation mobile communication (5G) technology offers opportunities to enhance the real-time monitoring of grids. The 5G-enabled phasor measurement units (PMUs) feature flexible positioning and cost-effective long-term maintenance without the constraints of fixing wires. This paper is the first to demonstrate the applicability of 5G in PMU communication, and the experiment was carried out at Verizon non-standalone test-bed at Pacific Northwest National Laboratory (PNNL) Advanced Wireless Communication lab. The performance of the 5G-enabled PMU communication setup is reviewed and discussed in this paper, and a generalized dynamic linear model (GDLM) based real-time synchrophasor data anomaly detection use-case is presented. Last but not least, the practicability of implementing 5G for wide-area protection strategies is explored and discussed by analyzing the experimental results.Comment: 5 pages, 4 figure