Fast Anomaly Identification Based on Multiaspect Data Streams for Intelligent Intrusion Detection Toward Secure Industry 4.0

Various cyber attacks often occur in logistics network of the Industry 4.0, which poses a threat to Internet security. Intrusion detection can intelligently detect anomalous activities and secure the Internet with the help of anomaly detection algorithms. Different from static data, intrusion detection data are a dynamic data form and have the following characteristics. First, it is multiaspect. Second, it contains point anomalies and group anomalies. Third, there are correlations between different attributes. Nevertheless, these properties pose a challenge on existing anomaly detection approaches. Thus, a novel anomaly detection approach MDS_AD is proposed in this article to deal with the challenges. It combines locality-sensitive hashing (LSH), isolation forest, and PCA techniques. MDS_AD has the following properties. 1) The introduced LSH can operate on multiaspect data. 2) MDS_AD can effectively catch group anomalies from the experimental results. 3) The PCA is utilized to reduce dimensionality for correlations between different attributes. 4) MDS_AD is a streaming approach, which can perform model update and process data in constant memory and time. To confirm the performance of MDS_AD, multiple experiments are designed and implemented on UNSW-NB15 dataset. Experimental results show that MDS_AD outperforms state-of-the-art baselines.