Mining safety event in industrial control network based on the Long-Short Term Memory Networks

With the development of the Internet, there are more and more security incidents in the current industrial control network environment. These network security events are often stored in log, which play a significant role on early warning and mining loophole. The diversity of the industrial network make anomaly detection become more complicated. In the current research, few studies have been focused on the context information in the industrial network containing normal data as well as abnormal. When normal data contains abnormal pattern, there will be a higher reconstruction error causing higher false negative rate and higher false positive rate. In order to solve this problem, we propose a multilayer Long-Short Term Memory Networks (LSTM) is used to learn the representations of sequence logs from the context, which can take the past and the future into account and incorporate syntactical and semantical constraints. Firstly, an encoder LSTM try to get the fixed length representations of data. Secondly, a decoder LSTM is used to reconstruct the input sequence based on the fixed length features. Finally, a classification model called Linear Discriminant Analysis (LDA) can detect anomalies using those fixed length features. The experimental results show that sequence feature can effectively distinguish normal data and abnormal data, which can be applied in industrial system.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Lovekesh Vig,et al.  LSTM-based Encoder-Decoder for Multi-sensor Anomaly Detection , 2016, ArXiv.

[3]  John P. Huelsenbeck,et al.  MrBayes 3: Bayesian phylogenetic inference under mixed models , 2003, Bioinform..

[4]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[5]  Quoc V. Le,et al.  Unsupervised Pretraining for Sequence to Sequence Learning , 2016, EMNLP.

[6]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[7]  Daniel Jurafsky,et al.  A Hierarchical Neural Autoencoder for Paragraphs and Documents , 2015, ACL.

[8]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[9]  Lovekesh Vig,et al.  Anomaly detection in ECG time signals via deep long short-term memory networks , 2015, 2015 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[10]  Gunnar Rätsch,et al.  An introduction to kernel-based learning algorithms , 2001, IEEE Trans. Neural Networks.

[11]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.