Anomaly Detection using Clustered Deep One-Class Classification

Younghwan Kim, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Anomalies on Cyber-Physical System (CPS) can have a devastating effect on the entire system of complex CPS. Thus, it is important to detect anomalies quickly. Since CPS can collect sensor data in near real-time throughout the process, many attempts have been made to solve this problem from the perspective of data-driven security based on the collected data. However, since the CPS datasets are big data and most of the data are normal data, it has always been a great challenge to analyze the data and implement the anomaly detection model. In this paper, we propose and evaluate the Clustered Deep One-Class Classification (CD-OCC) model that combines the clustering algorithm and deep learning (DL) models using only a normal dataset for anomaly detection. We classify normal data into optimal cluster size using the K-means clustering algorithm. DL models train to classify each cluster based on clustered normal data, and we can obtain the softmax values in the process of predicting the cluster. We use the softmax values as a dataset with distilled knowledge of the DL model for anomaly detection. We transfer the softmax values to one-class classification (OCC) models to detect anomalies. As a result of the experiment, the F1-score of the proposed model shows performance close to 0.8 and performance improvement of about 0.5 compared to the encoded OCC model, which has reduced-dimensionality through auto-encoder as well as the basic OCC model.

Original languageEnglish
Title of host publicationProceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages151-157
Number of pages7
ISBN (Electronic)9781728199221
DOIs
Publication statusPublished - 2020 Aug
Event15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020 - Taipei, Taiwan, Province of China
Duration: 2020 Aug 202020 Aug 21

Publication series

NameProceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

Conference

Conference15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020
CountryTaiwan, Province of China
CityTaipei
Period20/8/2020/8/21

Keywords

  • anomaly detection
  • clustering
  • deep learning
  • knowledge distillation

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Anomaly Detection using Clustered Deep One-Class Classification'. Together they form a unique fingerprint.

Cite this