{"title":"Metric Learning with Neural Network for Modbus/TCP Anomaly Detection","authors":"Haicheng Qu, Jianzhong Zhou, Jitao Qin","doi":"10.1145/3411016.3411160","DOIUrl":null,"url":null,"abstract":"In cyber security field, anomaly detection is triggered when detected network data traffic behaves obviously differently from normal data traffic. Traditional approaches typically create or define the normal pattern for the data and compare the normal pattern with the detected object. When a significantly different object appears, it is regarded as abnormal data. This paper proposes a novel neural network structure for anomaly detection, called a metric learning network, which aims to directly learn the differences between abnormal and normal data rather than set up a normal pattern. The network comprises an auto-encoder, which is used to encode the abnormal and normal data, and a metric learning component, which is designed to understand the difference between abnormal and normal data via a comparison approach. A deviation score is produced by the metric learning component to recognize the detected object. Research based on the Modbus/Transmission Control Protocol (TCP) network demonstrates that this approach can not only learn the difference between normal data and outliers, but is suitable for anomaly detection tasks. Our method has greater overall detection rates than a baseline model.","PeriodicalId":251897,"journal":{"name":"Proceedings of the 2nd International Conference on Industrial Control Network And System Engineering Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2nd International Conference on Industrial Control Network And System Engineering Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3411016.3411160","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
In cyber security field, anomaly detection is triggered when detected network data traffic behaves obviously differently from normal data traffic. Traditional approaches typically create or define the normal pattern for the data and compare the normal pattern with the detected object. When a significantly different object appears, it is regarded as abnormal data. This paper proposes a novel neural network structure for anomaly detection, called a metric learning network, which aims to directly learn the differences between abnormal and normal data rather than set up a normal pattern. The network comprises an auto-encoder, which is used to encode the abnormal and normal data, and a metric learning component, which is designed to understand the difference between abnormal and normal data via a comparison approach. A deviation score is produced by the metric learning component to recognize the detected object. Research based on the Modbus/Transmission Control Protocol (TCP) network demonstrates that this approach can not only learn the difference between normal data and outliers, but is suitable for anomaly detection tasks. Our method has greater overall detection rates than a baseline model.
在网络安全领域,当检测到的网络数据流量行为与正常数据流量明显不同时,就会触发异常检测。传统方法通常为数据创建或定义正常模式,并将正常模式与检测到的对象进行比较。当出现明显不同的对象时,将其视为异常数据。本文提出了一种新的用于异常检测的神经网络结构,称为度量学习网络,其目的是直接学习异常和正常数据之间的差异,而不是建立正常模式。该网络包括一个自动编码器,用于对异常和正常数据进行编码,以及一个度量学习组件,旨在通过比较方法理解异常和正常数据之间的差异。度量学习组件产生偏差分数以识别检测到的对象。基于TCP (Modbus/Transmission Control Protocol)网络的研究表明,该方法不仅可以学习到正常数据和离群数据之间的区别,而且适用于异常检测任务。我们的方法比基线模型具有更高的总体检出率。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
