A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA). Issue 129 (June 2023)
- Record Type:
- Journal Article
- Title:
- A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA). Issue 129 (June 2023)
- Main Title:
- A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA)
- Authors:
- Niu, Zequn
Guo, Wenjie
Xue, Jingfeng
Wang, Yong
Kong, Zixiao
Huang, Lu - Abstract:
- Highlights: ADESSA detects attacks in CPS when traffic is rare labeled, unbalanced and unknown attacks exist. ADESSA builds a balanced training set including high-information and low-information samples with limited budget. Adding low-information but correctly labeled samples is effective for training when the training data is insufficient. Abstract: As an industrial infrastructure, the safety and reliability of the Cyber-Physical System requires the effective anomaly detection. However, the existing detection methods have bottleneck in the face of insufficient training datasets. This work proposed and a novel anomaly detection approach based on ensemble semi-supervised active learning, which can effectively detect anomalous traffic when there is few labeled samples and the dataset is unbalanced. Specifically, this work proposed balanced sampling strategy, which combines the margin sampling and the democratic co-learning techniques, to construct a balanced training set that consists of manually labeled high-information samples and automatically labeled high-confidence samples, to effectively train the detection model on a limited budget. We also found adding correctly labeled high-confidence samples into training set improves the performance of detection model when the training samples are few and the label budget is limited. This work achieves a good balance between the effectiveness of model training and the cost of sample querying when the traffic data in CPS is rareHighlights: ADESSA detects attacks in CPS when traffic is rare labeled, unbalanced and unknown attacks exist. ADESSA builds a balanced training set including high-information and low-information samples with limited budget. Adding low-information but correctly labeled samples is effective for training when the training data is insufficient. Abstract: As an industrial infrastructure, the safety and reliability of the Cyber-Physical System requires the effective anomaly detection. However, the existing detection methods have bottleneck in the face of insufficient training datasets. This work proposed and a novel anomaly detection approach based on ensemble semi-supervised active learning, which can effectively detect anomalous traffic when there is few labeled samples and the dataset is unbalanced. Specifically, this work proposed balanced sampling strategy, which combines the margin sampling and the democratic co-learning techniques, to construct a balanced training set that consists of manually labeled high-information samples and automatically labeled high-confidence samples, to effectively train the detection model on a limited budget. We also found adding correctly labeled high-confidence samples into training set improves the performance of detection model when the training samples are few and the label budget is limited. This work achieves a good balance between the effectiveness of model training and the cost of sample querying when the traffic data in CPS is rare labeled and imbalanced. In addition, we designed five pairs of experiments with NSL-KDD and SWaT dataset, and the results demonstrate the capability and advancement of proposed approach. … (more)
- Is Part Of:
- Computers & security. Issue 129(2023)
- Journal:
- Computers & security
- Issue:
- Issue 129(2023)
- Issue Display:
- Volume 129, Issue 129 (2023)
- Year:
- 2023
- Volume:
- 129
- Issue:
- 129
- Issue Sort Value:
- 2023-0129-0129-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-06
- Subjects:
- Anomaly detection -- Active learning -- Semi-supervised learning -- Cyber-physical systems -- Ensemble learning
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2023.103190 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 27035.xml