DAN: Neural network based on dual attention for anomaly detection in ICS

IF 7.5 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE Expert Systems with Applications Pub Date : 2024-11-14 DOI:10.1016/j.eswa.2024.125766

Lijuan Xu , Bailing Wang , Dawei Zhao , Xiaoming Wu

{"title":"DAN: Neural network based on dual attention for anomaly detection in ICS","authors":"Lijuan Xu , Bailing Wang , Dawei Zhao , Xiaoming Wu","doi":"10.1016/j.eswa.2024.125766","DOIUrl":null,"url":null,"abstract":"<div><div>In the interpretability research on anomalies of Industrial Control Systems (ICS) with Graph Convolutional Neural Networks (GCN), the causality between the equipment components is a non-negligible factor. Nonetheless, few existing interpretable anomaly detection methods keeps a good balance of detection and interpretation, because of inadequate insufficient learning of causality and improper representation of nodes in GCN. In this paper, we propose a Dual Attention Network (DAN) for a multivariate time series anomaly detection approach, in which temporal causality based on attention is used for representing the relationship of device components. With this condition, the performance of detection is hardly satisfactory. In addition, in the existing graph neural networks, hyperparameters are used to construct an adjacency matrix, so that the detection accuracy is greatly affected. To address the above problems, we introduce a graph neural network based on an attention mechanism to further learn the causal relationship between device components, and propose an adjacency matrix construction method based on the median, to break through the constraint of hyperparameters. In terms of interpretation and detection effect, the performed experiments using the SWaT and WADI datasets from highly simulated real water plants, demonstrate the validity and universality of the DAN.<span><span><sup>1</sup></span></span></div></div>","PeriodicalId":50461,"journal":{"name":"Expert Systems with Applications","volume":"263 ","pages":"Article 125766"},"PeriodicalIF":7.5000,"publicationDate":"2024-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems with Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0957417424026332","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

In the interpretability research on anomalies of Industrial Control Systems (ICS) with Graph Convolutional Neural Networks (GCN), the causality between the equipment components is a non-negligible factor. Nonetheless, few existing interpretable anomaly detection methods keeps a good balance of detection and interpretation, because of inadequate insufficient learning of causality and improper representation of nodes in GCN. In this paper, we propose a Dual Attention Network (DAN) for a multivariate time series anomaly detection approach, in which temporal causality based on attention is used for representing the relationship of device components. With this condition, the performance of detection is hardly satisfactory. In addition, in the existing graph neural networks, hyperparameters are used to construct an adjacency matrix, so that the detection accuracy is greatly affected. To address the above problems, we introduce a graph neural network based on an attention mechanism to further learn the causal relationship between device components, and propose an adjacency matrix construction method based on the median, to break through the constraint of hyperparameters. In terms of interpretation and detection effect, the performed experiments using the SWaT and WADI datasets from highly simulated real water plants, demonstrate the validity and universality of the DAN.¹

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

DAN：基于双重注意力的神经网络，用于综合监控系统中的异常检测

在利用图卷积神经网络（GCN）对工业控制系统（ICS）的异常情况进行可解释性研究时，设备组件之间的因果关系是一个不可忽视的因素。然而，由于对因果关系的学习不足以及 GCN 中节点的表示不当，现有的可解释异常检测方法很少能在检测和解释之间保持良好的平衡。在本文中，我们为多元时间序列异常检测方法提出了一种双注意力网络（DAN），其中基于注意力的时间因果关系被用于表示设备组件的关系。在这种情况下，检测性能很难令人满意。此外，在现有的图神经网络中，超参数用于构建邻接矩阵，因此检测精度受到很大影响。针对上述问题，我们引入了基于注意力机制的图神经网络，进一步学习设备组件之间的因果关系，并提出了基于中值的邻接矩阵构建方法，突破了超参数的限制。在解释和检测效果方面，利用高度模拟真实水厂的 SWaT 和 WADI 数据集进行的实验证明了 DAN 的有效性和普遍性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Expert Systems with Applications 工程技术-工程：电子与电气

CiteScore

13.80

自引率

10.60%

发文量

2045

审稿时长

8.7 months

期刊介绍： Expert Systems With Applications is an international journal dedicated to the exchange of information on expert and intelligent systems used globally in industry, government, and universities. The journal emphasizes original papers covering the design, development, testing, implementation, and management of these systems, offering practical guidelines. It spans various sectors such as finance, engineering, marketing, law, project management, information management, medicine, and more. The journal also welcomes papers on multi-agent systems, knowledge management, neural networks, knowledge discovery, data mining, and other related areas, excluding applications to military/defense systems.