一种ICS异常检测的优化GAN模型

doi:10.19665/j.issn1001-2400.2022.02.020

Abstract

Abstract:

The anomaly detection of most of the industrial control systems (ICS) is faced with the problem of class-imbalance,which leads to a decrease in accuracy and the deterioration of generalization.According to the generative adversarial network (GAN),this paper proposes an anomaly detection model using only normal samples for training——the latent feature reconstruction generative GAN model (LFR-GAN).In the training stage,the model learns to generate the mapping of data to the latent space by a new encoder for realizing latent space feature reconstruction.In addition,an SE Block module is embedded to enhance the effective feature weight and to improve the ability of latent space feature reconstruction.For the discriminator,it identifies three data pairs produced by two encoders and one generator simultaneously,improving the model accuracy and generalization ability.In the detection stage,considering the reconstruction and identification of losses comprehensively,anomaly scoring formula optimization based on the L2 norm is adopted to overcome mode collapse.The validation experiment results on SWaT and WADI datasets show that the LFR-GAN model has obvious advantages over other GAN models in terms of learning ability,stability and detection results.

Key words: industrial control system, unbalanced data set, generative adversarial network, anomaly detection

CLC Number:

TP393

GU Zhaojun,LIU Tingting,SUI He. Latent feature reconstruction generative GAN model for ICS anomaly detection[J].Journal of Xidian University, 2022, 49(2): 173-181.

Figures/Tables 10

References 31

[1]	彭勇, 江常青, 谢丰, 等. 工业控制系统信息安全研究进展[J]. 清华大学学报(自然科学版), 2012, 52(10):1396-1408.
	PENG Yong, JIANG Changqing, XIE Feng, et al. Industrial Control System Cybersecurity Research[J]. Journal of Tsinghua University (Science and Technology), 2012, 52(10):1396-1408.
[2]	杨安, 孙利民, 王小山, 等. 工业控制系统入侵检测技术综述[J]. 计算机研究与发展, 2016, 53(9):2039-2054.
	YANG An, SUN Liming, WANG Xiaoshan, et al. Intrusion Detection Techniques for Industrial Control Systems[J]. Journal of Computer Research and Development, 2016, 53(9):2039-2054
[3]	CARDENAS A A, AMIN S, LIN Z S, et al. Attacks Against Process Control Systems:Risk Assessment,Detection,and Response[C]// Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security. New York: ACM, 2011:355-366.
[4]	VENKATASUBRAMANIAN V, RENGASWAMY R, YIN K, et al. A Review of Process Fault Detection and Diagnosis:Part I:Quantitative Model-Based Methods[J]. Computers & Chemical Engineering, 2003, 27(3):293-311. doi: 10.1016/S0098-1354(02)00160-6
[5]	卿斯汉, 蒋建春, 马恒太, 等. 入侵检测技术研究综述[J]. 通信学报, 2004, 25(7):19-29.
	QING Sihan, JIANG Jianchun, MA Hengtai, et al. Research on Intrusion Detection Techniques:A Survey[J]. Journal on Communications, 2004, 25(7):19-29
[6]	张文安, 洪榛, 朱俊威, 等. 工业控制系统网络入侵检测方法综述[J]. 控制与决策, 2019, 34(11):2277-2288.
	ZHANG Wenan, HONG Zhen, ZHU Junwei, et al. A Survey of Network Intrusion Detection Methods for Industrial Control Systems[J]. Control and Decision, 2019, 34(11):2277-2288.
[7]	阎巧, 谢维信. 异常检测技术的研究与发展[J]. 西安电子科技大学学报, 2002, 29(1):128-132.
	YAN Qiao, XIE Weixin. Research on and Development of Anomaly Detection[J]. Journal of Xidian University, 2002, 29(1):128-132.
[8]	MITCHELL R, CHEN I R. A Survey of Intrusion Detection Techniques for Cyber-Physical Systems[J]. ACM Computing Surveys, 2014, 46(4):1-29.
[9]	朱斐, 吴文, 伏玉琛, 等. 基于双深度网络的安全深度强化学习方法[J]. 计算机学报, 2019, 42(8):1812-1826.
	ZHU Fei, WU Wen, FU Yuchen, et al. A Dual Deep Network Based Secure Deep Reinforcement Learning Method[J]. Chinese Journal of Computers, 2019, 42(8):1812-1826.
[10]	刘俊旭, 孟小峰. 机器学习的隐私保护研究综述[J]. 计算机研究与发展, 2020, 57(2):346-362.
	LIU Junxu, MENG Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2):346-362.
[11]	李佳, 云晓春, 李书豪, 等. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1):24-33. doi: 10.1111/j.1460-2466.1990.tb02248.x
	LI Jia, YUN Xiaochun, LI Shuhao, et al. HTTP Malicious Traffic Detection Method Based on Hybrid Structure Deep Neural Network[J]. Journal on Communications, 2019, 40(01):24-33. doi: 10.1111/j.1460-2466.1990.tb02248.x
[12]	HAN J, KAMBER M, PEI J. Data Mining:Concepts and Techniques[M]. Amsterdam:Elsevier, 2011.
[13]	GUO T, XU Z, YAO X, et al. Robust Online Time Series Prediction with Recurrent Neural Networks[C]// 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).Piscataway:IEEE, 2016:816-825.
[14]	TAYLOR A, LEBLANC S, JAPKOWICZ N. Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks[C]// 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).Piscataway:IEEE, 2016:130-139.
[15]	梁杰, 陈嘉豪, 张雪芹, 等. 基于独热编码和卷积神经网络的异常检测[J]. 清华大学学报(自然科学版), 2019, 59(7):523-529.
	LIANG Jie, CHEN Jiahao, ZHANG Xueqin, et al. One-Hot Encoding and Convolutional Neural Network Based Anomaly Detection[J]. Journal of Tsinghua University (Science and Technology), 2019, 59(7):523-529.
[16]	ZONG B, SONG Q, MIN M, et al. Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection[C]// International Conference on Learning Representations (ICLR). La Jolla: ICLR, 2018:1-19.
[17]	GOODFELLOW I, POUGET-ABADIE J, MIRZA M, et al. Generative Adversarial Nets[C]// Proceedings of the 27th International Conference on Neural Information Processing Systems. New York: ACM, 2014:2672-2680.
[18]	SCHLEGL T, SEEBÖCK P, WALDSTEIN S M, et al. Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery[C]// International Conference on Information Processing in Medical Imaging.Heidelberg:Springer, 2017:146-157.
[19]	LI D, CHEN D, JIN B, et al. MAD-GAN:Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks[C]// International Conference on Artificial Neural Networks.Heidelberg:Springer, 2019:703-716.
[20]	姜少彬, 杜春, 陈浩, 等. 一种硬盘故障预测的非监督对抗学习方法[J]. 西安电子科技大学学报, 2020, 47(2):118-125.
	JIANG Shaobin, DU Chun, CHEN Hao, et al. Unsupervised Adversarial Learning Method for Hard Disk Failure Prediction[J]. Journal of Xidian University, 2020, 47(2):118-125.
[21]	DONAHUE J, KRÄHENBÜHL P, DARRELL T. Adversarial Feature Learning(2016)[J/OL].[2016-05-31]. https://arxiv.org/pdf/1605.09782.pdf.
[22]	ZENATI H, FOO C S, LECOUAT B, et al. Efficient Gan-Based Anomaly Detection(2018)[J/OL]. [2018-02-17]. https://arxiv.org/pdf/1802.06222v2.pdf.
[23]	CHEN H, JIANG L. GAN-Based Method for Cyber-Intrusion Detection(2019)[J/OL].[2019-04-04]. https://arxiv.org/pdf/1904.02426v1.pdf.
[24]	AKCAY S, ATAPOUR-ABARGHOUEI A, BRECKONT P. GANomaly:Semi-Supervised Anomaly Detection via Adversarial Training[C]// Asian conference on computer vision.Heidelberg:Springer, 2018:622-637.
[25]	JIANG W, HONG Y, ZHOU B, et al. A GAN-Based Anomaly Detection Approach for Imbalanced Industrial Time Series[J]. IEEE Access, 2019, 7:143608-143619. doi: 10.1109/ACCESS.2019.2944689
[26]	HU J, SHEN L, ALBANIE S, et al. Squeeze-and-Excitation Networks[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2020, 42(8):2011-2023. doi: 10.1109/TPAMI.2019.2913372
[27]	ARJOVSKY M, CHINTALA S, BOTTOU L. Wasserstein GAN(2017)[J/OL].[2017-01-26]. https://arxiv.org/pdf/1701.07875.pdf.
[28]	SRIVASTAVA A, VALKOV L, RUSSELL C, et al. VEEGAN:Reducing Mode Collapse in GANs Using Implicit Variational Learning[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. New York: ACM, 2017:3310-3320.
[29]	MATHUR A, TIPPENHAUER N O. SWaT:A Water Treatment Testbed for Research and Training on ICS Security[C]// Proceedings of International Workshop on Cyber-Physical Systems for Smart Water Networks(CySWater).Piscataway:IEEE, 2016:31-36.
[30]	GOH J, ADEPU S, JUNEJO K N, et al. A Dataset to Support Research in the Design of Secure Water Treatment Systems[C]// International Conference on Critical Information Infrastructures Security.Heidelberg:Springer, 2016:88-99.
[31]	BIHKOWSKI M, SUTHERLAND D J, ARBEL M, et al. Demystifying MMD GANs (2018)[J/OL].[2018-01-04]. https://arxiv.org/pdf/1801.01401v5.pdf.

项目	SWaT数据集	WADI数据集
数据特征维数	51	103
训练集样本数(均为正常)	197 604	103 682
测试集样本数(含异常)	224 959	69 121
测试集异常样本比例/%	11.98	5.99

Latent feature reconstruction generative GAN model for ICS anomaly detection

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 31

Related Articles 15

Metrics

Comments

Recommended 10

[1]	GAO Jie,HUO Zhiyong. Algorithmfor image inpainting in generative adversarial networks based on gated convolution [J]. Journal of Xidian University, 2022, 49(1): 216-224.
[2]	YU Haoyang,YIN Liang,LI Shufang,LV Shun. Recognition algorithm for the little sample radar modulation signal based on the generative adversarial network [J]. Journal of Xidian University, 2021, 48(6): 96-104.
[3]	YANG Jingbo,ZHAO Qijun,LYU Zejun. Synthesis of the expression image and its application under the dimentional emotion model [J]. Journal of Xidian University, 2021, 48(5): 30-37.
[4]	WANG Junjun,SUN Yue,LI Ying. Cloud removal method for the remote sensing image based on the GAN [J]. Journal of Xidian University, 2021, 48(5): 23-29.
[5]	SUN Yanjing,WEI Li,ZHANG Nianlong,YUN Xiao,DONG Kaiwen,GE Min,CHENG Xiaozhou,HOU Xiaofeng. Person re-identification method combining the DD-GAN and Global feature in a coal mine [J]. Journal of Xidian University, 2021, 48(5): 201-211.
[6]	WEI Ziyu,YANG Xi,WANG Nannan,YANG Dong,GAO Xinbo. Reciprocal bi-directional generative adversarial network for cross-modal pedestrian re-identification [J]. Journal of Xidian University, 2021, 48(2): 205-212.
[7]	JIANG Shaobin,DU Chun,CHEN Hao,LI Jun,WU Jiangjiang. Unsupervised adversarial learning method for hard disk failure prediction [J]. Journal of Xidian University, 2020, 47(2): 118-125.
[8]	YANG Xiaoli,LIN Suzhen. Method for multi-band image feature-level fusion based on the attention mechanism [J]. Journal of Xidian University, 2020, 47(1): 120-127.
[9]	ZHANG Zhiyuan,DIAO Yinghua. Pedestrian trajectory prediction model with social features and attention [J]. Journal of Xidian University, 2020, 47(1): 10-17.
[10]	JIA Yufeng,MA Li. Self-attention generative adversarial network with the conditional constraint [J]. Journal of Xidian University, 2019, 46(6): 163-171.
[11]	HU Mengxiao,LU Wang,XU Can,LAI Jiazhe. Satellite RCS anomaly detection using the GRU model [J]. Journal of Xidian University, 2019, 46(6): 125-130.
[12]	SHEN Haijie,BIAN Qian,CHEN Xiaofan,WANG Zhenduo,TIAN Xinzhi. Video deblurring using the generative adversarial network [J]. Journal of Xidian University, 2019, 46(6): 112-117.
[13]	MO Jianwen,XU Kailiang,LIN Leping,OUYANG Ning. Text-to-image generation combined with mutual information maximization [J]. Journal of Xidian University, 2019, 46(5): 180-188.
[14]	CHEN Xiaofan,SHEN Haijie,BIAN Qian,WANG Zhenduo,TIAN Xinzhi. Face image super-resolution with an attention mechanism [J]. Journal of Xidian University, 2019, 46(3): 148-153.
[15]	TIAN Yuling. Dendritic cell algorithm for time series oriented anomaly detection [J]. J4, 2014, 41(4): 144-150.