Self-Supervised and Interpretable Anomaly Detection using Network Transformers

02/25/2022
by   Daniel L. Marino, et al.
0

Monitoring traffic in computer networks is one of the core approaches for defending critical infrastructure against cyber attacks. Machine Learning (ML) and Deep Neural Networks (DNNs) have been proposed in the past as a tool to identify anomalies in computer networks. Although detecting these anomalies provides an indication of an attack, just detecting an anomaly is not enough information for a user to understand the anomaly. The black-box nature of off-the-shelf ML models prevents extracting important information that is fundamental to isolate the source of the fault/attack and take corrective measures. In this paper, we introduce the Network Transformer (NeT), a DNN model for anomaly detection that incorporates the graph structure of the communication network in order to improve interpretability. The presented approach has the following advantages: 1) enhanced interpretability by incorporating the graph structure of computer networks; 2) provides a hierarchical set of features that enables analysis at different levels of granularity; 3) self-supervised training that does not require labeled data. The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System (ICS). The presented approach successfully identified anomalies, the devices affected, and the specific connections causing the anomalies, providing a data-driven hierarchical approach to analyze the behavior of a cyber network.

READ FULL TEXT

page 1

page 5

research
04/12/2022

Self-Supervised Losses for One-Class Textual Anomaly Detection

Current deep learning methods for anomaly detection in text rely on supe...
research
03/15/2019

GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection

This paper looks into the problem of detecting network anomalies by anal...
research
04/30/2023

SLSG: Industrial Image Anomaly Detection by Learning Better Feature Embeddings and One-Class Classification

Industrial image anomaly detection under the setting of one-class classi...
research
03/25/2021

Deep-RBF Networks for Anomaly Detection in Automotive Cyber-Physical Systems

Deep Neural Networks (DNNs) are popularly used for implementing autonomy...
research
05/11/2023

Anomaly Detection Dataset for Industrial Control Systems

Over the past few decades, Industrial Control Systems (ICSs) have been t...
research
10/16/2014

Multi-Level Anomaly Detection on Time-Varying Graph Data

This work presents a novel modeling and analysis framework for graph seq...
research
01/06/2022

Detecting Anomalies using Overlapping Electrical Measurements in Smart Power Grids

As cyber-attacks against critical infrastructure become more frequent, i...

Please sign up or login with your details

Forgot password? Click here to reset