Network Behavior Abnormal Detection for Electricity Management System Based on Long Short-Term Memory

In this paper, we propose a deep learning based algorithm to implement the network behavior abnormal detection for electricity management system. The framework is composed by three main parts: network behavior feature generation, behavior labeling system, and LSTM based audition model. In the feature generation module, the user log file can be converted into time series of vectors that represent the features of user operation. Then the user behavior is labeled as normal or abnormal by exporters or defined simple rules. Finally, a LSTM based deep learning model will be trained from the tagged user log features and will be used to automatically audit the user behavior. According to the experimental results on simulated user log, the proposed algorithm can effectively detect the multi-type abnormal behaviors defined by exporters in the Electricity management system. The overall accuracy in the test dataset is over 96% which can improve the existing system in large extent.

[1]  Jilles Vreeken,et al.  The Odd One Out: Identifying and Characterising Anomalies , 2011, SDM.

[2]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.

[3]  Eric J. Pauwels,et al.  One Class Classification for Anomaly Detection: Support Vector Data Description Revisited , 2011, ICDM.

[4]  Rayid Ghani,et al.  Data mining to predict and prevent errors in health insurance claims processing , 2010, KDD.

[5]  Vydunas Saltenis,et al.  Outlier Detection Based on the Distribution of Distances between Data Points , 2004, Informatica.

[6]  Paolo Milani Comparetti,et al.  EvilSeed: A Guided Approach to Finding Malicious Web Pages , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  Rainer Herpers,et al.  MetroSurv: detecting events in subway stations , 2010, Multimedia Tools and Applications.

[8]  Suman Nath,et al.  ThermoCast: a cyber-physical forecasting model for datacenters , 2011, KDD.

[9]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[10]  Christos Faloutsos,et al.  SNARE: a link analytic system for graph labeling and risk detection , 2009, KDD.

[11]  Andrew W. Senior,et al.  Long short-term memory recurrent neural network architectures for large scale acoustic modeling , 2014, INTERSPEECH.

[12]  Lovekesh Vig,et al.  LSTM-based Encoder-Decoder for Multi-sensor Anomaly Detection , 2016, ArXiv.

[13]  She-I Chang,et al.  Using data mining technique to enhance tax evasion detection performance , 2012, Expert Syst. Appl..

[14]  Brian Hutchinson,et al.  Predicting User Roles from Computer Logs Using Recurrent Neural Networks , 2017, AAAI.

[15]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD 2000.

[16]  Paul Barford,et al.  Intrusion as (anti)social communication: characterization and detection , 2012, KDD.

[17]  Shirish Tatikonda,et al.  Locality Sensitive Outlier Detection: A ranking driven approach , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[18]  Lovekesh Vig,et al.  Anomaly detection in ECG time signals via deep long short-term memory networks , 2015, 2015 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[19]  D. Hand,et al.  Unsupervised Profiling Methods for Fraud Detection , 2002 .

[20]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[21]  Kate Smith-Miles,et al.  A Comprehensive Survey of Data Mining-based Fraud Detection Research , 2010, ArXiv.